Your employee has just resigned – over Zoom. This means they’re currently sitting with a laptop, a memory stick and login IDs for all your systems. They have insider access to every client relationship, every product, every policy… Do you feel threatened because you can’t physically control their access? If you do, your joiners, movers, leavers (JML) process isn’t up to dealing with remote working challenges. Find out how your business should respond to insider threats when they’re now working outside the office.
New starters and leavers procedures for a new world of work
The truth is, in our scenario above, while you’re just learning of the employee’s intent to leave at that moment, they’ve known for a while. And they’ve had access to your information assets all that time. Worrying about security once the proverbial horse has announced they’re bolting is a futile waste of time. You need to be proactive, not reactive.
Your business needs a JML process that’s built around remote and hybrid work and minimises the impact of insider threats
Research shows that home working has driven a 44% surge in insider threats (2022 Cost of Insider Threats Global Report). As a result, costs associated with insider threats have jumped 34% – and in today’s economic climate, more escalating costs aren’t exactly ideal.
The trouble is, insider threats tend not to manifest themselves until they have already done damage. This is likely because the attacker looks like a legitimate user, so their presence may go unnoticed—until, of course, it is too late.
As remote working becomes more popular, insider threats are increasingly enabled, in both malicious and accidental forms.
Types of unintentional insider threats
While malicious insider threats are the more obvious problem, accidental ones can be just as costly. For example, misuse or exposure of confidential information due to a remote worker’s family using a device.
Failure to ensure devices are properly secured or patched can lead to a breach of sensitive data. Likewise, the lack of adequate security policies can be an issue if remote workers are not made aware of the importance of these protocols. In fact, even when employees have been briefed on them, they may not be adhering to them properly without close supervision.
What about intentional threats?
Malicious intent accounts for 26% of insider threat incidents. It can be difficult to spot or predict, and it can include any kind of malicious attempt to gain access to sensitive information or data. This includes hacking into a company’s network, stealing passwords or login credentials and using them in an attempt to access data. It also includes attempts by employees to sell company secrets or trade on inside information that they have gained through their employment at the organisation.
Why does remote work exacerbate the problem?
Remote work makes it easier for employees to engage in malicious behaviour. Whereas previously a red flag for potentially malicious behaviour would be an employee frequently working late or in the office during off hours when few others are present, now many employees are never in the same physical space as their colleagues and have access to systems outside of regular business hours.
Similarly, there’s more potential for connecting outside technology or personal devices to organisational systems.
External malicious entities can also exploit opportunities resulting from JML failures; cybercriminals can gain access to data through insecure entry points created by failures of remote employees to secure their devices or accounts.
What can you do to ensure a robust JML process and secure your data assets in the age of hybrid and remote working?
Zero Trust
Network security investment is a critical first step. And Zero Trust Architecture (ZTA) should be top of the priority list to mitigate all network security risks, including cybersecurity and insider threats.
Stolen or misappropriated credentials are the most common route in for attackers. Unauthorised access attempts can never be stopped, so this risk must be mitigated.
ZTA is a holistic approach that assumes all access attempts to networks and assets might be malicious, and that all people and devices should be treated with suspicion.
It’s essential to put in place protocols for the management of identities and access controls, i including regular audits of employee access rights to sensitive data.
Updated Security Policies
When the network is everywhere, so must be the security policy. Security policies can only influence the behaviours of your employees if they’re up-to-date and communicated effectively. Your IT Security Policy needs to be updated for remote working to include clear directives surrounding your:
- Acceptable use policy
- Data breach policy
- Privacy policy
- Device policy – Bring Your Own Device (BYOD) has productivity benefits, but end-point security drawbacks.
- Device sharing policy
- Network protection policy – will you require employees to use a VPN when accessing corporate resources from outside the company’s network?
Security Awareness Training
Investment in network security includes not only the infrastructure but the culture of the organisation. A strong security awareness program is essential to ensuring that employees understand the risks, their responsibilities and how to mitigate them. To be effective, an awareness campaign should not only educate employees on the risks associated with a particular behaviour but also motivate them to change it.
Download our Email & Phishing Security Guidelines
Watertight offboarding Processes
It’s imperative you’re on top of issues like hardware inventory, logistics and reverse logistics to ensure smooth transitions.
You should also maintain meticulous offboarding processes, like managing access rights, reclaiming assets and cleaning up accounts.
An IT partner who sees the whole picture
Teaming up with an experienced, future-focused managed service provider can help you get on top of your insider threat management and on/offboarding processes. The cherry on the cake would be 24/7 IT Service Desk support to action new starter and leaver protocols.
Astro can offer all this, from network and infrastructure solutions that build security into every layer of your business, to implementing Zero Trust Architecture and insider threat monitoring powered by Azure.