Everyone's worried about anonymous hackers, but the smartest IT Security teams also keep a sharp eye out for internal data security threats such as leaks from disgruntled employees, paid spies, or even trusted workers who are susceptible to human error. While you cannot guarantee total information security, at any price, there are some cost-effective strategies and techniques to cut down on the likelihood your organization's important data will be compromised by insiders.
You may not be worried about the danger of internal data leaks, but you should be. A 2013 study by Symantec and the Ponemon Institute found that data security breaches result in losses, on average, of more than $5 million each. Perhaps worse, most such breaches significantly damage the victimized organization's reputation with both customers and future prospects.
To help stop such data leaks before they begin in your organization, consider taking the following steps:
1) Pay attention to early warning signs
Many internal data security leaks are signaled by anomalous behavior, often with enough lead time to stop them.
Suppose one user typically connects with a dozen other computers and servers on the network, transfers about 100 MB, or accesses 30 or 40 database records per day. If that computer begins connecting with significantly more nodes, transferring five or ten times as much data, or accessing hundreds or thousands of database records, you'll want to begin digging into logs, reviewing user activity, and asking pointed questions.
Insiders who compromise data security tend to be disgruntled, slated for upcoming layoffs, or outbound to a new job. Intentional leakers often download company data to their own computer during their last 30 days of employment, and then transfer it off-site via email, FTP, web-based file sharing, CD/DVD, or flash drive.
2) Deploy your strongest defenses to protect your most valuable data
You might put a cheap padlock on your garden shed, but you'd be foolish to do the same with your jewelry and valuable papers. Because data thieves willingly put in extra time and resources to tap your most valuable data, it's wise to deploy your strongest defenses to protect your richest targets.
Begin by identifying your most important, valuable, and sensitive data, such as Social Security numbers, health records, and credit card data, along with proprietary information, treasured formulas, and other business secrets.
Secure this "prime value" data with rigorous user permissions schemes, as well as the usual file and folder auditing, central logging, and event management.
3) Supplement perimeter defenses with interior defenses
Hardening the network perimeter against external attacks can leave vulnerabilities open for those legitimately allowed inside. Today, it's necessary to defend both sides of the perimeter—so hackers can't easily get in, and data can't easily get out.
Security systems should inspect inbound traffic for spam and malware, and outbound traffic for sensitive information, files that shouldn't leave the corporate network, and for specific data types such as credit card and Social Security numbers.
Such transfers should alert the security team, and can even be blocked automatically.
4) Defend hosts with encryption and access controls
Hosts of all types, including user laptops and tablets, can be protected against insider data security breaches with encryption and steps to defeat removable media.
Data encryption, strong password protocols, and technology can block the use of flash drives. Software can remotely erase secure data from any devices that escape from trusted custody.
5) Apply security to users
Data security not only depends on hardware and software, but also on winning daily compliance from insiders.
Create security policies people will follow. Train them on safe data security practices. Then monitor user activity.
Because insider data breaches are often opportunistic crimes, even something as simple as physical security—to the point of monitoring sensitive data as well as its locations, and appropriately limiting insiders' access—can go a long way toward preventing insider data breaches.
If these steps are followed, your organization's data will be far less susceptible to both internal and external security threats.