Malicious insiders exist among us, and sometimes, we hire them. Like a demon in disguise, they trick us into trusting them. Then, they treat themselves to confidential company data. As a trusted employee, it’s unnerving to know that something evil might be lurking in the cubicle next to you. What is more spine-chilling is that the insider threat can be anyone… even you! So, read on, and learn how to protect yourself from becoming an unintentional insider threat.
Unintentional Insider Threats are Just as Spooky as malicious Insiders
Ignorance isn’t bliss when it comes to protecting your organizations most precious assets. Ignorance is RISK. So, even if there is no malicious intent, like losing your smart phone with your e-mail automatically signed in, you’re a cyber security risk. Maybe it’s stolen (but let’s hope it is not) and ends up in the hands of a criminal. The fact that they can now communicate as you from your business e-mail account (thus stealing your identity) is a problem for you and your company.
As a result, you are an insider threat – even if it is accidental.
Ghoulishly Good Ways to Avoid Becoming an Accidental Insider Risk
Unintentional actions, such as carelessness, can cost your organization lots of money. Similarly, it can cost you your job. Want to remain ahead of the hocus pocus? Then implement these witchcraft-proof workplace insider threat best practices:
Practice Cyber Safety on Social Media
In todays digital age, it’s inevitable that your employees are going to be active on social media. Most likely, your company has a presence on social networking sites like Twitter, Facebook, and/or LinkedIn. It’s a great way to connect with friends, spread awareness for your brand, and gather the latest news. However, it’s also a great way for others to gather information about you.
Those that use their social media accounts for both work and personal life, should be very mindful the personal information they share. For example, your company CEO uses LinkedIn to promote the business and connect with industry professionals. They post a photograph of a cruise ship with the caption “Bon Voyage! Be back in two weeks!” Now, 5,000+ people know that the company CEO is on vacation and the duration they will be gone for. This information might seem innocent, but it poses a risk for CEO fraud.
Beware of E-mail Phishing Scams
Social engineering is making it easier for criminals to carry out successful phishing attacks. By leveraging the art of communications, familiarity, and deception, phishers trick unaware employees. Some of these e-mails use company lingo, logos, and might even come from what looks like a company e-mail address.
“People are susceptible to phishing because these attacks exploit basic human nature, like curiosity and pride. Organizations would be wise to ensure that their users know about the potential dangers of clicking links and opening attachments in e-mails,” says Craig Cooper, Gurucul COO.
Clicking a link with malware, or giving away company information to a hacker, makes you an unintentional insider threat. Be aware of behavior before performing an action. Is it common for the company CEO to e-mail you at 10 pm asking you to send over customer information? If you suspect something unusual, or phishy (no pun intended) going on, wait until you can speak to someone directly. It’s always better to be safe than sorry in these situations.
Carelessness Can Result in a Compromised Account
Waiting for a delayed flight at the airport may sound like a great time to knock out some emails. However, these are the types of places where cyber criminals prey on unsuspecting and naïve business travelers. Refrain from using public wifi networks, if you can, or opt for the hot spot on your phone instead. In addition, be aware of who is around while filling out login and password information. A career criminal knows how to discretely gather information without you even knowing.
Change Passwords Frequently
Change passwords often, and keep them unique, for each digital platform and online service that requires log in username and passwords. This can be done monthly, quarterly, or as frequently as you’d like. This ensures that the only people signing into your accounts are those that are supposed to. Maintain unique usernames and passwords for each. So, if one account is compromised, it doesn’t result in the hacker using the same credentials to hack others.
Be Consistent and Patient
A reliable insider threat program uses behavior monitoring technology to detect unusual activity between users and entities. If the technology picks up that you sign on to the network every Monday through Friday around 9 AM, then a login on a Saturday evening might trigger an alert. It is not unusual to have a project, or task, that requires your attention outside of traditional working hours. However, do not be surprised if you need a system administrator to grant you permission to proceed. It’s just the threat detection technology preventing a security breach!
Predict, Detect, and Prevent Insider Threats with Gurucul
It’s neither witchcraft, nor black magic – it’s machine learning on big data! Gurucul’s technology monitors user and entity activity to find patterns in behavior. Then it creates a risk score based on the data collected over time. Any deviation from normal behavior indicates a potential threat – or a poltergeist. (And if that’s case, we will call upon the Ghostbusters).
Are you ready to mitigate threat incidents, data breaches and security risks before they wreak havoc? Visit our Insider Threat solution page for details. We can help!