There has been a significant amount of change across all industries over the last year or so. Among the most notable is the adoption of remote working practices. While most companies were forced to change due to the need for social distancing, many businesses and their employees have since recognized the benefits of adopting remote work for the long haul. It offers a notable productivity increase and a better work-life balance. There is also mitigation of the industrial consumption of fossil fuels, a reduction of greenhouse emissions, and even less commuter pollution – making it a more sustainable approach to work overall.
However, as is often the case, these benefits aren’t without their risks. Taking workers and their systems away from a strictly controlled commercial environment expands the potential for vulnerability. There have been concerted efforts between businesses and cybersecurity experts to help close these gaps. However, one of the underexplored areas of remote working is the potential for insider threats to cause disruption and damage.
With more businesses seeking to make the most out of remote operations, now is an excellent time to review how you can minimize the impact of negative insider influence.
What Are Insider Threats?
Before looking at the potential solutions, it’s important to gain a better understanding of the problem. When the term “insider threat” is used, it can be all too easy to have a kind of paranoid reaction that sees you treating your staff with disproportionate suspicion. The truth is, insider threats to cybersecurity in remote situations cover a few different areas.
Some of the more prevalent include:
- Worker or Contractor Malice – The majority of cybersecurity issues from within are unlikely to be malicious, but it is still a possibility. This may take the form of financial incentive to steal from the company – either directly through electronic embezzlement or theft of assets such as consumer or business data. It can also involve contractors working with your systems who may have ulterior motives to steal, or simply disrupt operations. In remote scenarios, this risk is exacerbated due to greater worker autonomy and less supervision.
- Worker Pawns – Your remote workers may not be directly intending to harm your business, but other bad actors may use them as a tool. This can take the form of a cybercriminal sending them an email attachment that infects the system, or even posing as a member of the support team and requesting they undertake actions that give a criminal access to the network. In remote scenarios, it could even be workers leaving their laptops unattended in a public place in a way that allows others to take advantage.
- Insecure Behavior – There are a lot of unknowns in cybersecurity, but we do know that employee behavior is the most common form of insider threat that businesses face. It involves taking actions that leave the company exposed to data leaks, infection, or unauthorized access. In remote operations, this threat is particularly prevalent as employees are in less formal surroundings and often using their own devices or software.
Embrace Cybersecurity Education
Education is one of the most important tools in preventing insider threats to your company. It helps to tackle a wide range of the issues you face and empowers everybody to be safer.
Your approach here must include:
One of the reasons that insider threats are so damaging is that employees and management don’t always recognize when it is happening. This means that by the time issues are noticed, there has already been significant disruption. Work with your information technology (IT) department or a cybersecurity consultant to understand the early signs of threats. Provide all employees with training on how to spot these and how to act.
As the workplace is changing, now is an excellent time to review the level of threat risk that your remote employees and contractors present to your business. This doesn’t mean acting invasively or with undue suspicion. Rather, create a persona analysis that establishes risks by role, environment, department, and such. This then allows you to have information about the current risk level of each employee and what preventative measures need to be implemented to suit their situation.
You need to commit to providing regular training that mitigates the potential for employee behavior to be the source of insider threats. This shouldn’t just be dictatorial, but rather to help them to understand how their actions can affect operations. Focus on practical steps such as keeping their computers safe through the selection of strong passwords, updating software and operating systems, and using firewalls. Provide them with tools such as virtual private networks (VPNs) that they can use away from the office, and guidance on why these work. Don’t make this a one-and-done situation, either. By making it a continual aspect of their development, you reinforce what is expected of them. Apply Vigilance Keeping safe from insider threats is often best applied by creating a framework of constant vigilance. These are tools and processes which are in place to prevent, catch, and respond to issues before they get too unwieldy. This framework should take into account:
- Policies – Your policies may seem like a simple matter, but they also play a role in ensuring that required security actions are documented and followed through. Ensure that there are specific behavioral, equipment, and network guidelines that are provided to all staff at the onset of their employment. Provide updated versions when their roles or the situation – such as shifting to remote work – change. Make these part of employee performance reviews, too, to cement their importance.
- Hiring Practices – Vigilance must be applied to who you bring into your organization. One of the key insider threats comes from the insider-as-a-service model, which is when bad actors are part of an organized recruitment network with the goal of infiltrating companies and sharing sensitive data. Each time a candidate is considered for a role or for a promotion that changes their risk persona, there must be efforts to make a fair assessment of their background, their connections, and how this impacts their risk.
- Network Controls – Since the network is how bad actors access sensitive company data, there must be vigilance concerning access. Where possible, avoid giving direct network access to files. Particularly if employees are working from home or using mobile devices, adopting secure cloud platforms to store and share project work can be an effective solution. This also tracks when files have been accessed or altered by certain employee accounts.