Four Tips to Help Clients Guard Against Insider Threats

Identify sensitive company information and monitor users that have access – MSPs need to work together with organizations to help them identify and mark their most sensitive data. This allows an MSP to implement an approach that makes user behavior the focal point of the process of helping companies identify high-risk employees and carefully monitoring behavior. Many organizations are under the false impression that providing employees with login credentials and passwords, as well as limiting security and access permissions will ensure data protection. But without a monitoring and tracking system in place, unauthorized internal data access can easily occur through a colleague’s computer, and employees can share classified materials without being detected.

Always encrypt any data you’re responsible for and encourage the company to encrypt its own data – Encryption can now be counted amongst the key layers of internal defense necessary to protecting data, both internally and externally. Organizations can maintain document security, even if their data has already been breached internally, if the files have been effectively encrypted. MSPs need to make sure that their clients have these precautions in place in the event that data is exfiltrated.

Training, restricting and defense is a must – While in this day and age it seems like an obvious assumption that organizations need to take precautions by banning the use of personal and external devices on site – USB sticks, unauthorized web apps, and cameras – it’s in an MSP’s best interests to use and recommend a system or software that can monitor and block these types of activities. This may also include limiting access to certain websites, setting bandwidth restrictions, limiting file sharing permissions and more. It’s also very important for an MSP to have good communication with the IT manager and help with education about safe IT security practices.

Be aware of other third parties – As an MSP, you have to be aware that other companies may have access to sensitive systems and data within the company you’re managing. Make sure to extend and implement the same rules, protocols, and monitoring systems for third party vendors that you will need to work with. It’s important to communicate these protocols to management in order to make sure all sides are covered. Consider this case in point: among 874 incidents, as reported by companies to the Ponemon Institute for its recent 2016 Cost of Data Breach Study, 568 were caused by employee or contractor negligence. As an MSP, make sure you’ve communicated the need to monitor third party vendors to your client and have protected yourself.