Insider Threat Awareness Disseminate good user behaviour to protect against Insider Threats

Employees are arguably the greatest security risk to modern businesses. Whether maliciously or accidentally, your ‘extended staff’ are the most likely cause of a security breach.

Education is a starting point with mitigating the risk of insider threats, but often situations occur where technology can guide users even when they do understand the issues.

Password Sharing

One of the biggest internal security issues every business has to deal with is password sharing. IS Decisions found that 23% of employees say they’ve shared network passwords with others, 32% shared them with a supervisor/manager when requested to do so.

Despite the increased education, password sharing still remains prolific. The best way to combat the issue is to therefore make it impractical.

If you disable concurrent logins, users who have shared their password will not be able to login using their own credentials whilst the other user is logged in.

This provides a significant incentive not to do it as it makes it significantly less practical, but it also adds a layer of responsibility; you alone are responsible for your login credentials.

Password are like underwear
Change yours often.
Don’t share them with friends.
The longer, the better.
Be mysterious.
Don’t leave yours lying around.

Social Engineering & Compromised Credentials

Research published from CERT determined that many incidents initiated through phishing and other social engineering are carried out by acquiring and misusing the victim’s credentials to secured systems.

Once inside an organization, that is typically when attackers steal additional credentials and use them to move laterally throughout the corporate network, collecting more login details and sensitive data along the way.

A notification system that alerts users when their own network credentials are used, (successfully or not), empowers users themselves to protect the access (and resources) that are entrusted to them. Who better than the user to judge whether an access attempt is normal or part of a compromised attack?

Read more on how to mitigate against credentials based attacks from social engineering

Awareness of the Risk from Ex-Employees

This may seem obvious, but it is actually surprising how many businesses fail to shut down access for staff who have moved on, or at least fail to do it swiftly.

Insider Threat risk from ex-employees

Former employees are another kind of internal threat, naturally are more likely to have malicious intents and no incentive to adhere to company security policy. Yet they are often left with their network access open following the termination of employment, when they may be more motivated to access sensitive information.

Implementing a security policy and consistently remind users of them

Security policies should be clear and accessible to all employees. They also should be enforced. IS Decisions found that 29 percent of the respondents said they didn't have a security policy and only 41 percent said it was included in an employee handbook or manual.

It is great to have technical limitations on passwords and network access, but ensure you have a written policy too, as it is so important to put in writing what you are implementing.

Employees also have to be constantly reminded of the policies and why the restrictions are in place, despite the inconvenience they may cause. Only 12 percent of the participants in the survey used technology to provide daily security reminders to employees.

With UserLock it is possible to set up customisable alerts and prompts to ensure users are reminded of security policies in an effective way.

Working closely with HR and other departments

As we’ve mentioned, mitigating insider threats is not just a technological problem. Working closely with other departments may help with educating users on your security policy, HR could include it in the training schedule for instance. It also may help in identifying potential internal threats, as HR is much more likely to be aware of issues where employees may be disgruntled, as well as having a closer track on new starters and employee terminations.

Conclusion

Guiding employee behavior through education and technology encourages users to better protect their own network and helps avoid careless IT mistakes.

Next chapter An Insider Threat Program & Zero Trust Security

IS Decisions software offers organizations proven and effective solutions to help protect a Windows Network against Insider Threats.

UserLock
UserLock

Manage, control and secure network access for all authenticated users.

FileAudit
FileAudit

Secure and report on all access to files, folders and file shares that reside on Windows Systems and in the cloud.