As we made an almost overnight move to remote work as a result of the pandemic, we have increased data security risks and new risks for data exfiltration. The result of this is inevitable security gaps in data and intellectual property (IP).
How has data security changed from Insider Threat?
A new strategy needs to be developed for employees working from home. We have tried to address the insider risk in several different ways, primarily through data loss protection technology; but that has not really worked.
When working in the office, users can feel like people are watching. When working remotely, they do not always feel that way. People can feel a little bit more entitled to pull information off their work machine or share things in unsecure ways. You need to know when certain files move and where they go, and then react as quickly as possible if there is a potential problem.
In a recent report published by Code42, research found that 66% of data breaches over the past year were linked to inside jobs. Most companies spend 10% or less of their security budgets to address insider threats, their excuse being that they only hire trustworthy people. This needs to change because the market is changing. With the increase in contract workers in our environment, combined with talent moving from one company to another; intellectual property and data can be at a heightened risk.
How has data risk changed since COVID-19 and more work from home?
Organizations that have already moved to cloud based SaaS solutions are pushing more operations into the cloud and those who had not yet made those moves are rushing to do so. Since the move of the majority to work remotely, we have seen an increase in phishing and other adversarial activity. Your organization needs to determine new risks and create an action plan for each.
It is not the job of the Corporate IT department to secure employee’s home networks, but all of those home setups have now put your company at risk. You need to develop protocols and guidelines to help secure remote workers. Consider making your Help Desk available to assist employees if needed.
An example of a red flag to look for, should be when users request access to systems they may not need. Manager access review is important to ensure employees have the correct rights and access.
How do you prevent employee theft of IP amid remote work and downsizing?
Intellectual Property (IP) theft has always been a problem, whether employees are working remotely or not. How do you protect and secure data from those people that have access to it? Company policies need to make it very clear that 'thou shalt not steal our IP.'
You might think this is overkill, but in order to take legal action against an employee who has stolen IP or may have stolen IP, you have to lay out expectations. You must have clearly stated access privileges and access rights that employees are aware of. One of your tools for protection of company IP, is the Computer Fraud and Abuse Act, which is a federal law. This law can be applied in all 50 states, plus D.C.
In order to use this, you will need to show that the employee exceeded their authorized access to a protected computer system, which means they purposely did something they knew they shouldn’t have. The risk of IP theft can be reduced by implementing certain controls such as:
- Do not allow local printing, unless there is a need for it.
- USB ports that are open should be locked down.
- Consider additional monitoring on the endpoint, especially around email.
- Carefully monitor those giving notice or being let go; this creates a situation where people may take data they should not be taking.
- Most companies have everything logged, but active monitoring needs to be in place.
Share with your employees that you have Insider Threat monitoring in place for the protection of everyone. This communicates and level sets with everyone, that stolen IP will result in consequences.
Which controls help most as you go from network-centric to data-centric security?
We have found that a combination of technologies, tools, strategies, and education is most effective. For those information assets sitting on a clearly defined network, a more traditional information security approach is fine. When we're talking about integration of external services, software as a service, any type of cloud-based or off-site implementation; a more stringent approach is recommended. Either a fully implemented single sign-on service or a Zero-Trust model is recommended when it comes to securing this type of information.
How do you address data security and third-party vendor risk?
Your organization needs to make sure that third-party vendor access restrictions are appropriately in place. Verifying that any third-party is doing their due diligence for their information security is also necessary. Allowing others access to your information may compromise that information, based upon their data security protocols. A virus, malware or even a hacker could use a third-party connection to move from their network to yours. You need a robust third-party management plan that addresses their vendors also.
How can Velta Technology help?
Velta Technology is here to help protect your IT and OT Systems from cyberattacks. We provide continuous cybersecurity threat detection that identifies and alerts to changes and vulnerabilities in your network. Velta Technology is an expert at detecting and preventing cyber-attacks.
We are here to help you and your organization, no matter how big or how small. Our team of experts draw on extensive knowledge and experience across key areas including risk management, operations, and human factors. This helps ensure that all testing and mitigation measures are tailored to the specific needs of your organization.
At Velta Technology, we believe in preventing cyber-attacks before they happen.