Skip to main content

5 Steps to Deterring Insider Data Theft

by Harriet Cohen on Tuesday April 7, 2015

Contact Us
Free Demo

The insider threat is something that every company must deal with, but effectively mitigating the risk of insider data theft can be difficult. Follow these 5 steps to drastically reduce the chances of insider theft at your company.

5 Steps to Deterring Insider Data Theft

With all of the press about cyber-attacks from China, hackers in cabals in Eastern Europe, and the prevalence of phishing attacks, it’s easy to lose sight of the fact that insiders remain a significant threat to your corporate crown jewels. The Experian 2015 Second Annual Data Breach Forecast predicts that employee mistakes will be a top threat to companies in 2015, and one that will fly under most companies' radars to boot. As they point out, insider data loss can either be malicious, with a disgruntled employee taking or selling sensitive corporate data, or inadvertent, through human error.

The least expensive means to deal with insider data loss is not to have it in the first place. While it’s impossible to avoid all insider data loss, here are 5 tips for deterring insiders from taking or losing data:

1. Establish an Acceptable Use Policy

Be clear about what is acceptable use of the company’s data and information and what is not. Be clear that the organization reserves the right to monitor all activity, whether personal or private, on company-provided equipment and on corporate networks. The SANS institute offers a sample Acceptable Use Policy that is available without copyright restrictions.

2. Train employees on the Acceptable Use Policy

Educate employees on the Acceptable Use Policy during the onboarding process, and require that they sign a statement saying they have received the policy. Provide ongoing training for all employees on the policy. The Acceptable Use Policy is the police car with a radar detector: it causes employees to slow down and consider their actions.

3. Remove temptation

Ensure that sensitive corporate information is protected appropriately with passwords or multi-factor authentication, and, for the most sensitive information, encryption. Operate on the principle on least privilege, in which employees have access to applications and data only as required by their position. Conduct regular reviews to ensure that employees least privilege is being appropriately maintained and terminate accounts that are not required for employee duties.

4. Provide a means for employees to conveniently report suspicious activities

Employees who maliciously steal corporate information often change their behavior. They complain more, are less cooperative, and are generally disgruntled. They may start taking proprietary material home, show interest in matters outside the scope of their responsibilities, or access the computer network while on vacation, on sick leave, or at odd hours of the night. Training employees to spot this behavior and giving them a means to report these changes in behavior or other suspicious activities is helpful in identifying employees who are a risk for stealing data.

5. Be especially vigilant when an employee leaves the company

Even if the parting is amicable – and often it is not – employees leaving the company may be tempted to take information with them to their next employer. When an employee leaves the company, immediately terminate all employee accounts. Remove employees from all access lists, and ensure they return all access tokens and any other means of access to secure accounts. Remind departing employees of their legal responsibilities for data confidentiality and provide them with a copy of any employee-signed confidentiality agreement.

Tags:  Insider Threat

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.