Four Tips to Help Clients Guard Against Insider Threats
An organization’s most vital and secured systems are placed into the hands of a third party (very often an MSP) to manage and maintain.
It is an MSP’s responsibility to keep the comprehensive IT operations – from the network to applications and systems – of an organization secure.
As an MSP, offering an organization the added security of protecting against insider threats for data breaches and compromised sensitive data can be the difference between scoring or losing a customer.
This has become such a prevalent worry among enterprises that, according to a Vormetric Insider Threat Report, 91 percent of C-level executives confirmed that their organizations were being left vulnerable to insider threats.
So what exactly is an insider threat and how can an MSP become an expert at preventing it?
According to Digital Guardian, “an insider threat is most simply defined as a security threat that originates from within the organization being attacked or targeted, often an employee or officer of an organization or enterprise.”
Understanding insider threats all comes down to the ability to help a client company identify their sensitive company information, monitor users that have access to the information, and being a part of the training and restricting process for employees.
As knowledge of insider threats continues to grow, so does the demand for experts on the subject, and solutions to company challenges.
How can an MSP help clients develop insider threat programs and provide a solution?
- Identify sensitive company information and monitor users that have access – MSPs need to work together with organizations to help them identify and mark their most sensitive data. This allows an MSP to implement an approach that makes user behavior the focal point of the process of helping companies identify high-risk employees and carefully monitoring behavior. Many organizations are under the false impression that providing employees with login credentials and passwords, as well as limiting security and access permissions will ensure data protection. But without a monitoring and tracking system in place, unauthorized internal data access can easily occur through a colleague’s computer, and employees can share classified materials without being detected.
- Always encrypt any data you’re responsible for and encourage the company to encrypt its own data – Encryption can now be counted amongst the key layers of internal defense necessary to protecting data, both internally and externally. Organizations can maintain document security, even if their data has already been breached internally, if the files have been effectively encrypted. MSPs need to make sure that their clients have these precautions in place in the event that data is exfiltrated.
- Training, restricting and defense is a must – While in this day and age it seems like an obvious assumption that organizations need to take precautions by banning the use of personal and external devices on site – USB sticks, unauthorized web apps, and cameras – it’s in an MSP’s best interests to use and recommend a system or software that can monitor and block these types of activities. This may also include limiting access to certain websites, setting bandwidth restrictions, limiting file sharing permissions and more. It’s also very important for an MSP to have good communication with the IT manager and help with education about safe IT security practices.
- Be aware of other third parties – As an MSP, you have to be aware that other companies may have access to sensitive systems and data within the company you’re managing. Make sure to extend and implement the same rules, protocols, and monitoring systems for third party vendors that you will need to work with. It’s important to communicate these protocols to management in order to make sure all sides are covered. Consider this case in point: among 874 incidents, as reported by companies to the Ponemon Institute for its recent 2016 Cost of Data Breach Study, 568 were caused by employee or contractor negligence. As an MSP, make sure you’ve communicated the need to monitor third party vendors to your client and have protected yourself.
At the end of the day, the most important concept to keep in mind is that the best offense is a good defense.
Every MSP should make this clear to their client.
While establishing these critical layers of defense may seem somewhat tedious and time consuming, it is insignificant in comparison with the average detection time, damage incurred and epic cost attributed to recovering from an internal breach.
Isaac Kohen is founder and CEO of Teramind, an employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior. He can be reached at firstname.lastname@example.org.