The damage that trusted insiders can cause is extraordinary. According to the 2020 Ponemon Institute Cost of Insider Threats report the average cost per insider incident was a staggering $11.5 million in 2020.
Follow these insider data theft prevention tips to protect your company’s sensitive data, misuse, and loss from malicious and negligent insider threats.
FREE WHITE PAPER
How to Keep Data Safe
When Offboarding Employees
Concerned about the damage a terminated employee could cause with access to sensitive corporate information, account passwords, and other data?
Click the button down below to learn the best practices for managing insider threat risks & gain access to a checklist of key items you must include in your offboarding process.
This tip may sound strange. Surely you want to secure all of your data…right?
That makes perfect sense, but it’s not at all realistic. The data your company possesses is going to be constantly expanding, moving, and changing. There simply isn’t a resource-efficient way to protect everything equally.
Besides, unnecessarily rigid access controls for non-sensitive data are just going to frustrate your end-users, cause unnecessary negative effects on their productivity, and tempt them to bypass your security controls.
To help you start prioritizing what data to protect, consider the classes of data your company interacts with.
From a data theft prevention perspective you can expect that insider threats are going to be the most interested in confidential and restricted data.
If you’re not certain how to prioritize the data your company interacts with, you can start by referring to a risk matrix. A risk matrix will help you focus your initial efforts as you refine your data loss prevention strategy.
Encryption protects sensitive data by obfuscating it. The one way to properly view the data is to decrypt it with a decryption key. Encryption can be applied to entire data storage drives (full disk encryption), emails, and specific files.
The encryption process is reversible, so the original data is still intact. Those who have the matching decryption keys can view the data normally – anyone without the necessary decryption keys will only see the obfuscated data.
Best practices for encryption:
Limiting who has access to the decryption keys to an as-needed basis will improve the efficacy of this tip. It will be less effective against insider threats that are trusted with the decryption keys.
The less data that your business has to protect, the better it can allocate its existing resources to protecting what matters. As a best practice you should limit data collection as much as possible and delete any existing data that is no longer relevant to your business.
Periodically culling data that is no longer relevant reduces risk by minimizing the amount of data that would be leaked following a data breach. Retaining data that is no longer relevant to the business may also violate data security/privacy compliance requirements.
Data access controls are absolutely essential for protecting sensitive data against theft by employees. The classes of data that your Human Resources department requires for their roles will be far different than that of your Finance department. For this reason, you should limit which employees can access sensitive data based on the needs of their role.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
Need to protect sensitive data from USB portable storage devices? Get started today with a free trial of AccessPatrol, CurrentWare’s USB device control software.
You need to keep a careful eye on how your employees are interacting with data. Anomalous behavior could be an indicator of a malicious insider or an account that has been compromised by an external threat. This tip is especially relevant when it comes to employees that are leaving the company or being dismissed.
Thanks for checking out the latest CurrentWare Video. In this video, we’re going to cover the reasons why you should monitor employee computer activity.
If you like this or other videos we’ve produced, hit the subscribe button below. Stay tuned to the end to learn how to get a free trial of all of the software I demo today.
Employee monitoring involves understanding how your employees are using company provided technology during work hours. There are five main benefits and considerations to employee monitoring that we will cover today:
So let’s start off with how monitoring can help employee productivity.
44% of employees admit to being distracted by the internet at work, and employees in the US have admitted to wasting 1-2 hours a day browsing the internet.
Employees that know they’re being monitored will avoid excessive personal usage of the internet and computer applications. In addition, in the event an employee is underperforming, employee monitoring reports on their computer activity can be used to help the employee understand their actions and enhance their productivity.
The second important reason to monitor activity is to address inappropriate internet usage & avoid legal liability.
As compliance requirements increase for various businesses, industries & jurisdictions, employers have a responsibility to ensure their employees are complying with regulations such as HIPAA, CCPA, CIPAA and GDPR.
By enabling computer monitoring, you can ensure that your staff are complying with these requirements. In addition, by monitoring & setting alerts, you can instantly be notified if employees are visiting inappropriate websites such as pornography, adult or other websites.
The third reason to monitor computer activity is for cybersecurity purposes & to prevent data loss.
By knowing which websites an employee is visiting, which files are being downloaded or shared, and which external devices and endpoints are being used, company administrators can manage cyber security risks and data loss prevention efforts.
Data breaches and associated risks can cost businesses millions of dollars in damages along with reputational risk, so being aware of these risks and monitoring them can provide significant benefits for every organization. In addition, by using alerts, and setting up risk profiles for users, you can audit activities and groups for questionable employee behavior.
Due to Covid-19, the year 2020 has seen a significant shift to remote work for various companies and organizations. This brings us to our 4th reason to monitor an employee’s computer usage: remote workforce management.
52% of CIOs surveyed suspect that one or more of their mobile workers have been hacked or caused a mobile security issue in the last 12 months. Employee monitoring software can be used to monitor for high-risk activity and verify that employee activity on company networks is legitimate.
The final reason to monitor employees is for bandwidth management purposes. With CurrentWare’s BrowseReporter tool, you can determine who is hogging bandwidth by streaming videos and uploading/downloading excessively large files.
Employees who are hogging bandwidth can slow down the entire network, negatively affecting the productivity of other employees and reducing the performance of business critical operations.
That’s it for this video. If you have any thoughts on this video or other reasons why computers should be monitored, feel free to comment below.
If you’d like to give any of CurrentWare’s computer and device monitoring solutions a try, please check out our free trial at currentware.com/download or get in touch with us and we’d be happy to help!
Note: The above video showcases a legacy user interface for BrowseReporter. To see the most up-to-date features and interface please visit the BrowseReporter product page
A data egress point is any area that allows data to leave your network. These parts of your network should be carefully monitored and managed to reduce the risk of data loss.
Examples of Data Egress Points:
High-risk applications such as peer-to-peer (P2P) file sharing programs, personal instant messaging apps, and cloud storage apps should be blacklisted from your network to prevent files from being sent through them. This can be accomplished using an application blocker.
An MDM provides greater visibility and control over mobile devices such as laptops and smartphones. Should an employee’s device be lost or stolen the data that is stored on the device can be remotely wiped and the device’s location can be tracked.
An MDM can also protect against malicious insiders. If a mobile device has not been returned following an employee’s dismissal or resignation the device can be readily wiped and located to minimize the potential for sensitive data to be retrieved by the ex-employee.
Software and hardware developers regularly release security updates for their products. Be certain to keep operating systems, software, firmware, and other systems up-to-date to protect your endpoints against the latest known threats.
While the modern workforce is largely digital, there are some industries that rely on paper documents. Paper-based methods may also be reserved as a failsafe in the event that digital means become inaccessible.
Restricting and monitoring physical access to company assets will reduce opportunities for servers, computers, hard drives, and portable storage mediums to be stolen.
Examples of anti-theft measures
Reused passwords are an absolute nightmare for data security, yet a shocking 59% of users surveyed in the LastPass Psychology of Passwords Report admit to reusing passwords.
If a previously used password is made public through a data breach, any accounts that the password was used on are now vulnerable. Using unique passwords for each account limits the amount of damage that can happen when an account is compromised, but it’s tedious to remember hundreds of unique passwords.
Implementing a secure password manager will ensure that your employee’s passwords are unique and easily accessible. All they will need to remember is a single unique and strong master password that they will use to access the password manager.
How to make a strong master password:
MFA requires users to combine their password with an additional authentication measure such as an SMS, fingerprint scan, authentication app, or a one-time password. This will better protect user accounts should an insider threat attempt to use a coworker’s account in their attack.
Do not allow employees to store or access corporate data using their personal accounts or devices. The amount of monitoring and control that is available for personal devices is limited; a departing employee could accidentally or maliciously retain company data on their devices after their employment has concluded.
Privileged accounts such as admin and superuser accounts have fewer (or no) restrictions on what they can do in your network. These accounts need to be closely monitored and controlled to ensure that they are not being abused by insider threats or other bad actors.
Tips for securing privileged accounts
Admin-level control of accounts should not be given to individual employees. Instead, applications and services that are needed by your business should be managed by your IT personnel. This helps to ensure that company accounts are adequately secured, backed up, and not lost to disgruntled employees.
The employee offboarding process presents significant data security risks. Employees have intimate access to corporate data, insider knowledge of the organization’s systems, and a level of trust that can allow them to steal data undetected.
These vulnerabilities need to be addressed as part of any insider threat management program. Click here to learn the best practices for protecting data during a termination and gain access to a downloadable IT offboarding checklist.
It is absolutely critical that your organization is protected against insider data theft. There is no shortage of opportunities for malicious or accidental insiders to steal sensitive company data.
To best prevent data theft by employees you need to control where it will be stored, limit access to an as-needed basis, monitor employees for suspicious activity, and implement a layered security approach that addresses as many potential vulnerabilities as possible.
Get started today with a free trial of CurrentWare’s user activity monitoring and data loss prevention software solutions.
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |