A few years ago, when I first started writing about data security, I had a conversation with a security expert about insider threats. The expert turned the tables a bit and asked me a question: Have you ever left a job but still had access to the former employer’s network? It didn’t take me more than a few seconds to think of specific examples of just that. In one job, I was able to get into my old office’s financial records for months after I left. Another allowed me access to sensitive data for four years after I left one department to go to another, totally unrelated department.
Insider threats to data security seem to be discussed in hushed tones, like no one wants to think that someone they hired and trusted would do something harmful to the network. But as an Algosec survey from earlier this year showed, IT security folks do worry about insiders:
As serious as threats may be from hackers and malware, only one out of five respondents see external threats as their #1 risk. IT Security and Operations departments are more focused on gaining visibility into their applications and networks, improving processes that are time-consuming and error-prone, and defending against internal threats.
However, research from Imperva takes concerns about the insider threat one step further, saying that companies must pay more attention to the employees who are leaving or have left. In a new white paper, it pointed to a survey that found that the vast majority of companies don’t have a data removal policy for employees, while at the same time more than a quarter of employees plan on taking intellectual property or other corporate data with them when they leave. And then we can’t forget all of the data that is now stored on employees’ personal devices — what happens to that data when the employee leaves?
The time has come (it probably came a long time ago) for companies to take steps to mitigate the insider threat, and with its white paper, Imperva has come up with a methodology that creates a set of best practices to reduce the insider threat and improve data security measures. From a sample of 1,000 organizations, Imperva identified 40 companies that were most successful at preventing insider threats and conducted in-depth interviews to identify the policies and practices these organizations share. In at least 50 percent of all case studies, Imperva identified the following best practices:
- Making a case for business security.
- Organizing for security.
- Control access with checks and balances.
Bottom line: Companies that are successful at thwarting insider threats are companies that make not only security a priority, but also focus on the company-employee relationship:
The atypical companies in our study find innovative ways to partner with their internal customers and earn their seat at the table. The practices in this section describe how these InfoSec teams have built partnerships throughout the organization. One interviewee explained: “Information Security enables the business to grow, but grow securely.”