Protect Against Internal Data Security Threats: Specific Strategies and Techniques

Posted on by Robert Moskowitz

Everyone's worried about anonymous hackers, but the smartest IT Security teams also keep a sharp eye out for internal data security threats such as leaks from disgruntled employees, paid spies, or even trusted workers who are susceptible to human error. While you cannot guarantee total information security, at any price, there are some cost-effective strategies and techniques to cut down on the likelihood your organization's important data will be compromised by insiders.


You may not be worried about the danger of internal data leaks, but you should be. A 2013 study by Symantec and the Ponemon Institute found that data security breaches result in losses, on average, of more than $5 million each. Perhaps worse, most such breaches significantly damage the victimized organization's reputation with both customers and future prospects.

To help stop such data leaks before they begin in your organization, consider taking the following steps:

1) Pay attention to early warning signs

Many internal data security leaks are signaled by anomalous behavior, often with enough lead time to stop them.

Suppose one user typically connects with a dozen other computers and servers on the network, transfers about 100 MB, or accesses 30 or 40 database records per day. If that computer begins connecting with significantly more nodes, transferring five or ten times as much data, or accessing hundreds or thousands of database records, you'll want to begin digging into logs, reviewing user activity, and asking pointed questions.

Insiders who compromise data security tend to be disgruntled, slated for upcoming layoffs, or outbound to a new job. Intentional leakers often download company data to their own computer during their last 30 days of employment, and then transfer it off-site via email, FTP, web-based file sharing, CD/DVD, or flash drive.

2) Deploy your strongest defenses to protect your most valuable data

You might put a cheap padlock on your garden shed, but you'd be foolish to do the same with your jewelry and valuable papers. Because data thieves willingly put in extra time and resources to tap your most valuable data, it's wise to deploy your strongest defenses to protect your richest targets.

Begin by identifying your most important, valuable, and sensitive data, such as Social Security numbers, health records, and credit card data, along with proprietary information, treasured formulas, and other business secrets.

Secure this "prime value" data with rigorous user permissions schemes, as well as the usual file and folder auditing, central logging, and event management.

3) Supplement perimeter defenses with interior defenses

Hardening the network perimeter against external attacks can leave vulnerabilities open for those legitimately allowed inside. Today, it's necessary to defend both sides of the perimeter—so hackers can't easily get in, and data can't easily get out.

Security systems should inspect inbound traffic for spam and malware, and outbound traffic for sensitive information, files that shouldn't leave the corporate network, and for specific data types such as credit card and Social Security numbers.

Such transfers should alert the security team, and can even be blocked automatically.

4) Defend hosts with encryption and access controls

Hosts of all types, including user laptops and tablets, can be protected against insider data security breaches with encryption and steps to defeat removable media.

Data encryption, strong password protocols, and technology can block the use of flash drives. Software can remotely erase secure data from any devices that escape from trusted custody.

5) Apply security to users

Data security not only depends on hardware and software, but also on winning daily compliance from insiders.

Create security policies people will follow. Train them on safe data security practices. Then monitor user activity.

Because insider data breaches are often opportunistic crimes, even something as simple as physical security—to the point of monitoring sensitive data as well as its locations, and appropriately limiting insiders' access—can go a long way toward preventing insider data breaches.

If these steps are followed, your organization's data will be far less susceptible to both internal and external security threats.

Robert Moskowitz

, New Mobility Partnerships

data security

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs