When it comes to data security, the people that work for you ─ and with you ─ may be among your worst enemies.
Data loss resulting from employees, contractors and other “insiders” poses an extensive threat. In fact, a global study commissioned by Cisco revealed that 39 percent of IT professionals worldwide were more concerned about the threat from their own employees than from outside hackers.
Handling these threats doesn’t appear to be getting any easier. The 2013 Vormetric Insider Threat Report, a collaborative research project conducted by Vormetric and the Enterprise Strategy Group (ESG), reported that of 707 IT professionals surveyed, more than half (54%) believed that insider threats are more difficult to detect/prevent today than they were in 2011.
The growing BYOD trend isn’t helping. Employees and contractors now can and do access company data from a multitude of devices and a wide range of locations. In the hands of disgruntled, uninformed or negligent individuals, every device that accesses a corporate network or stores company data presents a risk.
All Together Now
So what can be done to minimize and manage insider threats? The first step is to recognize that this is just not an IT problem. It’s a business-wide challenge. Employees at all levels of responsibility and across all disciplines must work together to protect critical data assets.
Next, develop and implement a comprehensive approach that focuses on education and accountability. It should enable you to:
- Foster a culture in which data security is a normal and expected part of every employee’s job, rather than “someone else’s responsibility.”
- Create and communicate security policies. Simplify enforcement with easy-to-understand policies that are integrated with business processes and aligned with job requirements.
- Promote executive commitment and visibility, so employees understand that company leaders are also accountable.
- Equip employees with the tools and knowledge needed to keep data secure. This should start with new-hire training and continue with frequent updates, reminders and continuing education.
- Understand and evaluate employee behavior and the associated risks. Use this intelligence to develop security training and processes.
- Continuously analyze the risks of every interaction between users and networks, endpoints, applications, data and even other users so you can maintain an awareness of potential threats.
Preparation – Your Best Defense
Next, embed security into your infrastructure so that it provides you with the visibility and clarity to respond effectively to issues in a timely manner.
Research third-party solutions that integrate user identity, access policy and enforcement across the network for consistent end-to-end protection. You may also want to consider using solutions such as cloud-delivered desktops that focus on protecting data rather than the device.
Be prepared for when a breach does happen. Have a tested disaster recovery plan in place is essential.
Address insider threats with the same energy as you would those from outside sources. It’s not a matter of not trusting the people you work with ─ but rather a matter of being vigilant about protecting your data.
Source information contributed by Cisco, a Peak 10 technology partner.