How To Protect Your Business Against Insider Attacks

Dakota Murphey

When most people think of cybersecurity risks to businesses, they incorrectly assume they originate from external sources. Threats that come from the inside are more common than most people realize. Staff members leaking data and inadvertently compromising security by committing errors and falling afoul of phishing attacks are increasingly common scenarios that could occur easily within most organizations.

The number of data breaches caused by insider attacks is rising. According to the Ponemon Institute, the average number of incidents involving employee or contractor negligence has increased from 10.5 to 13.4 per organization since 2016.

However, there are some things every business can do to mitigate insider threats, whether they stem from negligence or malice. Here are four strategies to consider.

Closely manage accounts and privileges

Managing employee accounts and privileges is an important way to reduce the risk of insider threats. There are a number of reasons for this. First, it helps restrict the amount of data accessible to employees who may wish to carry out a malicious attack against the business.

Additionally, it means that if cybercriminals gain access to an employee’s account (through phishing or other means), they will not have the permissions needed to access all areas of the company’s network.

Businesses should ensure that employees working remotely, third-party vendors, and subcontractors are included in administration policies. It is also important for organizations to implement a “movers and leavers” policy to ensure that user privileges are regularly reviewed and quickly revoked when an individual leaves the business.

Implement a policy for personal devices

Staff members using their own devices to access company networks and data are increasingly common. While this practice can be extremely beneficial and convenient for employees, it can be a serious headache for IT and security managers. Unsecured devices connected to an organization’s networks can leave data and assets exposed.

Ensuring that networks are segregated and all personal devices have endpoint security software installed can help mitigate some of the risks. However, you may wish to weigh the pros and cons of allowing staff to use their personal devices for business at all.

Conduct proactive network monitoring

Businesses should closely monitor their on-premises and cloud environments to understand what constitutes typical behavior and what’s an aberration. Proactive network security monitoring can help organizations improve awareness of employee actions, such as whether users are attempting to download an application or access specific files. An employee connecting to the network from an unknown location out of hours could be a sign of a compromise. 24/7 network monitoring can help to swiftly identify events like this and whether they require a response.

Provide regular staff training

No matter what kind of security technology organizations invest in, there is often no way to mitigate the risk of human mistakes and errors. People are still widely regarded as a weak link in the cybersecurity chain. That’s why it is important to provide high-quality training and guidance to employees.

Train staff to understand the difference between weak and strong passwords, and provide advice about spotting phishing emails and using personal devices in the office. Note that this sort of training must be provided to any new hires.

Remember that any business – large or small – can suffer an attack from the inside. And these attacks are not necessarily going to be a deliberate act of sabotage by the individual responsible. It has never been more important for companies to invest in the proper tools and expertise to keep their systems and data safe and secure.

For more insight, listen to the Digitalist Flash Briefing on “Ten Ways Small And Midsize Companies Can Strengthen Information Security.”


About Dakota Murphey

Dakota Murphey is a tech writer specialising in cybersecurity, working with Redscan on this and a number of other GDPR, MDR, and ethical hacking projects.