BETA
This is a BETA experience. You may opt-out by clicking here
Edit Story

Security 2.0: Protecting Your Small Business From Insider Threats

CenturyLink

As if small businesses don’t have enough to worry about when it comes to keeping their data safe from hackers, now they have to guard against internal threats to their networks as well.

Insider threats can vary, from individuals who take deliberate, malicious actions against a network to those who do things accidentally that put an organization and its data at risk. Security lapses don’t always involve IT staff or employees with valid user credentials. They can also include business partners, suppliers and contractors with inappropriate access rights, as well as third-party service providers with excessive administrative privileges.

The good news is, businesses are paying attention.

Nightingale, an electronic health records provider, requires privacy and security training for all employees. “We are data custodians, protecting personal health information,” said Ijaaz Ullah, the company’s vice president of IT and privacy officer. “There are staff members who potentially have access to all of this data for a significant amount of users.”

As a result, he said, they have segmented their network into “multiple pods or islands of access.” Each pod has restrictions based on user roles. Access is more restrictive where patient data is stored, meaning that privileges are extended only to administrators, he said.

All other access is provided via interfaces that have a significant amount of auditing and logging to track access. On top of the physical restrictions IT has placed on access controls, Ullah said they also perform penetration scans, conduct active file integrity monitoring and regularly conduct privacy impact assessments and threat risk analyses.

“By physically segmenting the network and assigning users roles on an as-needed basis, it reduces the potential for unauthorized access,” said Ullah.

Warning Signs

Several software offerings now monitor user activity for insider threats. Software designed by Dtex Systems identified six people who were getting ready to leave a financial exchange with plans to take sensitive data with them, said Dtex CEO Mohan Koo. With the software, the company was able to track things the employees hadn’t done before as part of their jobs.

“We’re baselining normal behavior and identifying people that stick out from their peer group,” Koo explained. The Dtex software accomplishes this by running behavioral analytics to understand when behaviors change in a way that companies should know about.

For example, a user who transfers 1,000 files onto a personal device, when he usually transfers 100, would trigger an alert.

“If they actually rename those files before sending them out, that would trigger a higher level of warning,” Koo said. “It indicates they’re trying to cover their tracks.”

If an employee deletes files after the transfer, that would create an even higher warning, he said, because they’re trying to hide what they’re stealing.

Employees who work after hours when they typically don’t, or start logging into the network later in the day, might also suggest to the software that something is amiss.

“It’s when they’re disengaging [from] the business and searching for files they’ve never searched for before that is a very big red flag,” Koo said. “The times we’ve seen that more often than not have resulted in an investigation where we’ve caught somebody.”

Remain Offensive

While you can’t prevent all breaches, companies should be on the offense and try to detect and contain them as quickly as possible. At the very least, take basic steps like authenticating users and deploying software that provides encryption.

Finally, identify the data you care about the most, make sure it’s backed up, and keep your eyes and ears open to who is accessing that data. These steps will go a long way toward safeguarding your intellectual property.