The Home Workforce And Insider Threats

The Home Workforce And Insider Threats

For years now, companies have been making the move towards sustaining a remote workforce. Between 2005 and 2017, the number of remote workers in the United States rose by roughly 160%. This was, in part, a response to the demands of talented applicants who considered the option to work remotely one of the top priorities in making a job decision. 

But recently, companies across the world began to have their entire workforces work from home. This, along with the economic downturn and widespread feelings of insecurity and unease, can contribute to considerable threats rising from within company ranks. 

In this article, we’ll discuss data risks that companies face – including the insider threat – and how those risks are considerably amplified by a struggling economy and a decentralized workforce.

Threats To Your Data

Protecting company data is by no means a simple task. There are many different kinds of threats that face data protection and although some are more malicious than others, all need to be addressed.

In any of its three stages – at rest, in motion, or in use – data can be susceptible to damage in the following ways:

  • Data Loss
  • Data Leak
  • Data Exfiltration (breach)

Data Loss: Data loss is generally accidental or negligent. It often occurs when whoever is handling the data does something to misplace it or otherwise render it inaccessible. Examples of data loss are accidental deletion or drive damage. Ransomware attacks that encrypt company data.

Data Leak: A data leak is usually also accidental or negligent, but the result is quite different. It occurs when data is mishandled due to protocols either not being in place or not being followed. This results in the data finding its way into unauthorized hands. Examples of data leaks are employees sending sensitive data over private emails, copying data to a private storage device, or even forgetting a physical data storage device on the bus. 

Data Exfiltration: A data exfiltration, also known as a data breach, occurs when a malicious party intentionally accesses sensitive data without authorization. This can be done either to cripple the company, supply a competitor with an advantage, or even infect the company servers with ransomware. 

The Insider Threat

In today’s remote workforce – especially with all the tension and anxiety that many people are feeling – insider negligence resulting in data loss and leaks can increase. When people are worried about keeping their jobs – and families – safe, they can be understandably less careful about handling sensitive data.

But while data loss and leaks generally come from within the company, the threat of a data breach is both external and internal. Internal breach threats can be particularly difficult for companies to prevent or even predict. A Verizon Data Breach Investigations Report found that over a third of all data breaches occur at the hands of an insider. 

With the recent economic downturn, job security is relatively low across the globe. Companies may find themselves having to make the choice to lay off some percentage of their staff. A disgruntled ex-employee can pose an even larger threat to company data. 

A study from Carnegie Mellon University reported an example of a credit union’s system administrator who was terminated. That very night, he found that his replacement had neglected to disable his access through the company firewall. Although his actual account had been disabled, the replacement had failed to change the password of the system administrator account. The ex-insider used that account to crash the organization’s primary server. It took the credit union three days to bring the server back online; during which time none of its customers were able to access any of their accounts. 

In addition to illustrating the necessity of thoroughly disabling access, this case is an example of the threat insiders – and ex-insiders – can pose to an organization.. 

What Can Be Done

First, do not lose visibility, especially when the risk increases. Additionally, make sure you do not harm employee productivity while getting the needed visibility. Companies must know about the use of critical data or the misuse of data at all times, everywhere. When employees work from unmanaged devices at home, and the data is now in the cloud, the risk is heightened and the regular company policy for working at the office does not necessarily fit. 

Second, adjust the company policy according to the use of the company data by employees – understand the need for the use of the critical data by looking at the users’ behaviors and help them work with the data in a more secure way.  

Third, increase the capability to deal with threats posed by the remote workforce, whether malicious or negligent. One measure that can be implemented is user activity monitoring (UAM), a form of employee surveillance that captures screenshots and video feeds of employee activity. This can help determine the source of insider security threats. While helpful, UAM may harm employee privacy and therefore should only be used according to the risk and the need, rather than all the time.

In addition, it can only really be of service after the fact, and it’s certainly not great for employee morale. In order to actively prevent data loss, leaks, and breaches, a more preemptive and comprehensive measure must be implemented. The action that is taken should be correlated with the vector of attack (external attacker – immediately block/rouge employee – obtain enough evidence with comprehensive UAM/employee that made a mistake – educate about the right way to handle critical data and help avoid making future mistakes) and the risk level. If the risk level is low, employee privacy should not be harmed.

ITsMine’s revolutionary Beyond DLP™ solution protects company data against insider threats. One way it does this is by automatically planting thousands of SoftwareMines™ throughout your data, both on-premise and in the cloud. When a SoftwareMine™ gets opened outside of the organization, or by a user without the necessary credentials, the system administrator immediately receives critical forensic information about the breach in real-time. 

In securing data when it comes to a decentralized workforce and combating insider threats – both malicious and negligent – ITsMine is your solution to keep your data protected.

To schedule a demo, reach out here

Close Menu