The human body is amazing—all the various parts working together to live.  White blood cells have the responsibility of recognizing and defending the body against foreign invaders.  But what if the “invader” is something from within.  A recent survey of organizations with 250 or fewer employees revealed that 38% of them had experienced an internal IT security incident in the past year.

Just like your body, you must protect your computer network from threats and the fact is that we are most vulnerable from threats from within.  Why?  It’s simple, they already have access to your physical facilities and your computer systems.  So, what do you do?  The first step is match a person’s access with their need to know.  Many organizations have shared information storage areas.  Access to the information should be segregated and set to match a particular person’s need to do their job and nothing more.  This access should be identified and documented in your organization’s security policies.  Many organizations simply ignore this step for convenience.  The policy should clearly spell out who is authorized to have access to what information as well as the consequences of accessing information inappropriately.  Remember that least privilege needs to be managed on an ongoing basis.  Access and privileges should be updated whenever an employee gets promoted, transferred, or leaves the company altogether.

But the fact is that often people need access to information simply to perform their job.  So, how do you prevent an employee who is authorized to access confidential information from maliciously abusing their authority?  First, it helps to identify the typical motives which induce a person to abuse their access.  These motives include fraud, theft of intellectual property or confidential information or intentional business disruption from a disgruntled employee.  Quite often there are red flags that can help trigger the need for closer inspection or tighten security.

Your security program should look internally, in non-traditional ways, to help connect the dots.  For example, HR data about sickness, vacation, benefit changes (e.g., divorce, child custody), or poor performance reviews could raise alerts when combined with external public data (e.g., bankruptcies, arrests, legal issues, or social media), that may increase a person’s motivation to violate your security policies.

IT Radix recommends a strong backup of all critical data to help protect against intentional and unintentional acts that may result in business disruptions.  A strong backup protects the data from deletion or corruption.

If you want to take matters a step further, technology exists to monitor and alert when internal suspicious activity occurs.  We always encourage clients to ensure that employees are aware that such technology is in place and quite often, that knowledge is sufficient to stop most individuals.  However, in the event it’s not, the data loss prevention software can alert you if someone is accessing information in a suspicious way (e.g., downloading data to a USB key.)  It can also record all or select actions performed on a computer.

Just like the human body adapts to change, organizations must adapt to ensure their information security program accounts for both insider and external threats.  By analyzing all the information available, your organization will be able to identify network and behavioral anomalies and take action before any damage occurs.

First published in our February 2017 IT Radix Resource newsletter