Network Security Concern for Your Business (Part 3): Malicious Insiders

malicious insidersAlthough many companies have fears of shadowy hackers and dangerous viruses, the biggest threats often come from the inside. Insider attacks can potentially cause massive amounts of damage to a company.

However, there is plenty you can do to contain this threat. By becoming familiar with safeguards and IT management strategies, you can ensure that your employees are working for your business instead of against it.

And it’s never too late to get IT help if you need it. 

Understanding the Threat From Insiders:

There are plenty of examples that underline just how dangerous insider attacks are. Ashley Madison, a popular dating website, had the details of millions of users leaked by an alleged insider. Even high-security government agencies are not immune. Despite undergoing substantial background checks, Edward Snowden managed to take thousands of classified documents and release them to the public.

Some insider attacks are done simply to destroy. Roger Durino was found guilty and sentenced to 97 months in prison for planting a “logic bomb” that wreaked havoc on UBS PainWebber servers, the company he worked for. This attack halted trading and cost the company millions.

Terry Child was a system administrator for the city of San Francisco where he simply changed the network’s passwords and refused to provide them to the city. Although sentenced to 4 years in prison, the entire city government network was down for 12 days and it cost nearly a million dollars to regain access.

Furthermore, it is believed that many insider attacks are never even detected, which means any numbers about their prevalence are regularly underestimated. SpectorSoft indicated that 35 percent of IT respondents reported an attack in 2014. However, they also estimated that 75 percent of companies fail to notice insider attacks in the first place. For example, it’s often easy for an insider to simply insert a USB device into a computer, copy sensitive data, and then sell that data to a competitor without ever being detected.

Insiders have the potential to do a lot of damage because they know the systems they are trying to access. In the case of IT administrators, they might even have a privilege level that offers them near complete control of a network. Their attacks can be designed to seek revenge against employers, to impersonate other users or even to steal data with the intent to sell.

Preventing Insider Attacks:

To help prevent insider attacks, you need a smart security policy. Here are some actionable strategies you should implement for your own network that can prevent IT attacks.

1. Control Employee Devices:

Employees who are terminated are often a security threat. That’s why it’s important to store the data on their company phones and computers in the cloud rather than directly on the employee’s devices, as this will take control of the data out of the employee’s hands. You should also be able to remotely wipe an employee’s device so that they are unable to steal or access any data that they have.

2. Protect Sensitive Business Data:

An IT department should also keep any highly sensitive data behind extra layers of security. That means encrypting important data and putting tight restrictions on who can access that data. In addition, users should be monitored, which means implementing warning systems and audit trails to catch any suspicious activity. For example, you should consider maintaining a security log every time an important file or document is accessed and read.

3. Limit Physical Access to Devices:

Computers also need to be secured from external devices. Consider locking your company’s computer ports, ensuring an employee can’t bring a USB device to work, which they could use to steal sensitive data.

4. Watch for Warning Signs:

Sometimes monitoring human behavior is one of the most effective ways of preventing insider attacks. Require that your managers report any suspicious behavior or signs of a potentially disgruntled employee. You can also employ software that tracks suspicious activity. For example, an employee who expects to be terminated may send a work email exceeding a certain file size to an outside domain, which is just the type of email that might contain vital company data.

5. Get IT Help Quickly:

Insider attacks may not be as common as external attacks, but they have the potential to be far more damaging. That’s why it’s important to implement prevention measures throughout your system. Dobson Technologies understands the importance of protecting networks from both internal and external threats.  Get started with Dobson today by calling us at (405) 242-0171 or click here to schedule a meeting.