Protect Against Costly Insider Threats
Enterprises Are Not Doing Enough to Protect Against Costly Insider Threats
Visitor management and access control systems do an excellent job of screening visitors before they’re allowed to enter a business, thus keeping undesirable visitors out. While almost all enterprises have become vigilant about securing their doors and lobbies against outsiders who pose a threat to their enterprise, employee access has become a growing security risk.
Protecting against the risk of insider threats – both intentional and unintentional – is often neglected when it comes to enterprise security best practices. The problem is only exacerbated due to ineffective hiring practices, and poor monitoring of employee access to enterprise facilities, information, property and data.
Even the most trusted employees who are familiar with their employers’ vulnerabilities could find ways to exploit them. They may abuse legitimate access credentials or take advantage of loose controls to gain unauthorized access. Illegal activities may take place after considerable planning or during the ‘spur of the moment’ when the opportunity arises.
Information obtained from an unintentional insider is often the result of a lack of security awareness or a failure to follow security protocols. Often, an unintentional insider acts in breach of their duty to their employer, inadvertently assisting an external party in gaining access to assets or information.
Technology has broadened access to information and increased the ease with which sensitive information can be aggregated, removed and disseminated. The growing number of employees exploiting employers – costing enterprises billions of dollars each year – highlights the importance of establishing and maintaining strong personnel security measures. No enterprise is immune to the risk of criminal insider activity. Avoiding potential damage from such activity requires a collaborative and well-planned effort.
Employee Motivations for Breaching Security
Visitor management systems and access credentials can be compromised by an employee. Enterprises often fail to do proper background checks on individuals working for them, both before employees are hired and periodically throughout their employment. Studies show that 88 percent of illegal employee activities are carried out by permanent staff, and 60 percent of cases reported involved individuals who had worked at the organization for less than five years. A large number of insider acts are opportunistic (76 percent) rather than being the planned act of a deliberate infiltrator (6 percent).
Those that “slip through the cracks” may be intent on taking advantage of employer vulnerabilities for any number of reasons: financial gain, divided loyalties, revenge, compulsive or destructive behavior, negligence or discontent.
A solid visitor management system and a secure access control system can avert the threat by efficiently preventing employees from access to buildings and sensitive areas of an enterprise – such as data storage rooms, warehouses with valuable inventory, and executive offices.
Preventing Insider Threats
Security measures that will effectively combat insider threats require a detailed plan, which includes identifying vulnerabilities and establishing them before they can be exploited.
When employees take work home – or executives who travel frequently with sensitive company information on their laptops – there is a risk that data will be susceptible to leakage on the company network. Providing executives and employees who travel frequently with a sandboxed workplace that is segregated from the host PC can significantly reduce losses.
Maintaining up-to-date network system logs is also extremely important. Enterprises with large volumes of information being passed back and forth internally and externally are at an increased risk of information breaches. If network logs are enabled, make sure they are maintained, auditable, and not overwritten; make sure you’re not left with only the last few weeks of information available when an audit becomes necessary.
Training staff and security personnel to identify significant changes in an employee’s personal circumstances can go a long way. It should be noted when an employee appears to be under considerable stress leads them to make poor choices, thus you should support and engage with employees during periods of stress.
Monitor employees with after-hours access to your facilities, and determine whether frequent after-hours access is warranted. Make sure employee access cards are cancelled in your visitor management and access security systems immediately after termination or resignation to prevent unauthorized access after they have left the company. Be scrupulous about granting access security levels to employees to be sure no one can acquire information that isn’t required to perform their job functions. Create security protocols that all employees are required to comply with.
Even the most trusted employees could be complicit in criminal activity, or may be duped or coerced into assisting criminals in illegal activities. Employers need to provide the first level of security when it comes to preventing employee crimes in the workplace. Without a comprehensive preventative plan and system established and diligently utilized, your enterprise is vulnerable to insider threats.