Preventing Insider Data Breaches

By Ian Reynolds - August 19, 2019

A data breach is a company’s or organization’s worst nightmare and has the potential to expose a significant amount of your business’, customers’ and employees’ confidential and private information. Additionally, a fine assessed for breach of GDPR could cripple your business. 

Many data breaches involve hackers using sophisticated tools to breach security and steal data, but actions of people who are already inside your network represent a major threat as well. 

Often, these insider threats - employees, contractors, ex-employees or social engineers - cause data breaches through accidental leaks or negligence that is exploited by an external threat and can be countered by best security practices. 

Different insider threats include:

  • Accidental insiders - This group includes employees or ex-employees who accidentally cause a data breach through an honest mistake. This includes opening an email that contains malware, using weak passwords, losing a laptop with credentials or data, or sending sensitive data to the wrong person. While these are accidental breaches, the damage is still significant and it is important you try and protect your data from these insider threats. 
  • Malicious insiders - These insiders intentionally use legitimate access to your network to cause a data breach intended to harm your business or profit from the leak. These employees or former employees can leak credentials or access to a hacker to exploit or intentionally expose your network to malware. 
  • Third-party consultants or contractors - Third parties represent a threat to your sensitive data because they have network access to facilitate their work. This access could be used intentionally or unintentionally to cause a data breach, from a contractor seeing private data they have no permission to see, or leaking data to the malicious insider. 
  • Weak and stolen credentials -  An opportunistic hacker can gain access to your network, physically on-site or remotely, using stolen credentials. Additionally, employees who re-use passwords can be exploited to gain access to emails, bank details and websites. 
  • Social Engineers - This security threat comes from external sources but is aided - often unwittingly - by employees and other insiders. Social Engineers use social interaction with employees to attempt to manipulate them into providing sensitive information, credentials or access. 

How to protect yourself from insider threats?

All these insider threats could cause a data breach and expose your organization’s sensitive data. However, there are ways to prevent that through accountability and best security practices, including:

  1. Identifying your confidential data - The first step in protecting your confidential data is to identify it,  as well as who in your organization has access to it and why. Identifying all the private information enables you to secure it by creating a data protection policy. 
  2. Creating a data protection policy - This is a great way to prevent accidental insider data breaches. By developing privacy and cybersecurity policies and explaining how employees should handle private data you are much less likely to fall victim to social engineers or have accidental insider data breaches. 
  3. Culture of accountability - Your data protection policy should also cover the consequences of an employee breaching the policy. This fosters a culture of accountability. Managers are aware of their responsibilities in ensuring data protection and employees are aware of their responsibilities in handling sensitive data.
  4. Strong credentials and access restrictions -  Restricting access to your network from remote locations, preventing concurrent logins, routinely changing login details and randomly generating passwords all prevent opportunistic hackers from exploiting weak or stolen credentials. Stronger credentials also help to prevent brute-force attacks from gaining access to your network by guessing passwords.
  5. Reviewing user access - Your organization should routinely review access to confidential information and your network to be sure it is sufficiently protected. Former employees can cause a data breach by using old credentials to access private information they no longer have a right to see. By reviewing, removing or deleting access to your private data you are reinforcing your protection. 

Conclusion

Assume that your business or organization will be attacked by cybercriminals and prepare for that attack. With a plan in place to deal with insider threats, you are in a position to handle any problems that might arise or prevent an incident from becoming a full-blown data breach that could result in financial loss and damage to your reputation.  

--

Ian Reynolds is Director of SecureTeam

SecureTeam are cybersecurity consultants who specialise in helping businesses and organisations protect themselves from data breaches and cybersecurity threats. They have used their knowledge and experience to write this guide to help you protect your data from insider threats.