COVID-19 continues to wreak havoc across the globe. Unemployment remains rampant and the global economy is still struggling.
Beyond the obvious issues posed by an economic downturn, the insider threat to sensitive data remains a serious challenge that all industries need to contend with. Unfortunately, layoffs are still increasing which means that the insider threat continues to rise as well.
Many companies do not realize the seriousness of this threat. Read on to find out more about the insider threat and how your company can navigate it, especially during these difficult times.
Taking The Insider Threat Seriously
The first step towards dealing with this problem is understanding its scope. Unfortunately, the insider threat is often not taken as seriously as it needs to be. There is ample research showing that over a third of data breaches occur at the hands of an insider – both by mistake and maliciously. That means that we need to be worried about the people who rightfully have access to our data in addition to external malicious hackers and ransomware actors.
As a further indication of the seriousness of the threat, a recent report found that 53% of companies have their sensitive files and data accessible to every employee in the company while only 5% of folders were sufficiently protected.
So data within most companies is not as departmentalized and protected as it should be. Almost anyone can access anything, and with WFH in place, this data can be sitting on a multitude of machines and accounts.
As we mentioned, the COVID-19 pandemic is still causing mass layoffs all over the world. Aside from the tragedy of mass unemployment, this also increases the insider threat by a large degree. Research has shown that 87% of employees leaving their jobs tend to take corporate data – or at least data access – with them when they leave.
Why Do They Do It?
An employee – or ex-employee – represents a potential for data loss for a number of reasons. For starters, there’s negligence. As the research above shows, many companies have their permissions set to allow anyone in the company to access data. That can result in employees using personal devices (especially if they’re working from home) and data can then spread beyond the company’s control.
But there are also employees who might feel resentful of being laid off and want to hurt the company in response. Alternatively, they may want to take sensitive company data to a competitor to help them secure a job there. Lastly, they might feel like they are entitled to the sensitive data, especially if it was for a project that they were working on. Whatever the case may be, the fact remains that the insider threat is a serious one, and needs to be addressed.
So, What Can Be Done?
The decision to lay off employees is extremely tragic but companies around the world are forced to make it nonetheless. Despite the pain of letting people go, companies still need to ensure that their data infrastructure is secured. With that in mind, one of the best ways companies can protect their data is by setting up a DLP solution that is equipped for the challenge.
ITsMine’s Beyond DLP™ features are uniquely positioned to help companies deal with insider threats during these uncertain times:
- Beyond Access Rights: This pertains to Employee Awareness – companies need to ‘close the door’ on data that employees have access to on a regular basis. This should be done daily, not once every 6 months – and here, automation and employee involvement are key. It should be made clear to employees not to take company data before they leave the company, and that the company’s security team is watching and will be alerted if they do
- Beyond Forensics: Obtains hard evidence (beyond logs) against rogue employees that have intentionally taken company data
- Beyond Boundaries: Protects company data even beyond company boundaries – even after data exfiltration. Organizations need to be able to know about the potential data breach and protect the most important assets. With Softwaremines™️ in place, the company’s security department will be informed that the ex-employee took data in the first place, and how much data they took. Additionally, with File-GPS, the company could make the most sensitive files unavailable to the ex-employee
ITsMine is your comprehensive partner in keeping your data protected. To schedule a demo, reach out here.