A data breach can be catastrophic to your organization. By recognizing common causes of them, you can learn strategies to help mitigate them.
A data breach is one of the many ways an insider threat can compromise your systems. The aftermath of a corporate data breach can be devastating – the economic consequences alone should be reason enough to make insider risk management and mitigation a high priority within your organization. Data breaches can stem from several different causes – here are some of the most common that we’ve seen.
System Exploits
In many situations, a piece of hardware or a system is left open to potential attacks for an extended period of time by accident due to a vulnerability hidden within the coding. It’s a common occurrence, and most of the time the manufacturer catches these bugs quickly and distributes a patch for them. However, this is not always the case, and if you determine that a bug fix for hardware or software that your organization uses is not coming for some time, you need to take action right away to protect your data. Both outside and inside malicious actors will use any system vulnerabilities to their advantage.
Email Attacks
Email remains the largest threat vector for organizations and takes several forms including the negligent emailing to unintended recipients, falling victim to phishing attacks, or deliberately sending sensitive files as attachments to unauthorized individuals. While the threat increases, solutions to mitigate remain elusive. Organizations are turning to a layered approach that incorporates a secure email platform and a data loss prevention strategy that incorporates tagging and classifying data to alert and block sensitive information from leaving the firewall.
Poor Password Practices
Weak and reused passwords also present prime opportunities for malicious actors to gain access to company data. Your organization needs to have a strong password policy in place to mitigate this threat. Changing passwords regularly, requiring the use of special characters, and mandating character lengths are all good first steps. You’ll also need to educate employees on the hazards of using company email addresses to register for various services, even ones they need to access to do their jobs. If that service is compromised, it could put your own organization at risk too.
Poorly Managed Access Rights
For most organizations, granting access rights to various company resources is a normal part of onboarding new employees. But your team needs to be careful when doing so. Giving employees too much access could put your organization at higher risk for a data breach. And it is very easy to become complacent and give new hires access rights modeled from an existing employee, even if those rights are overprovisioned. The best advice here is to model your policies off the “principle of least privilege”, which states that all users should have the minimum amount of access to internal resources necessary to perform their job functions.
Failing to Remove Credentials and Accesses Upon Termination
Access removal procedures are generally effective when terminations are handled by HR, such as when employees are removed for cause (e.g. violence, theft of IP, etc.). Procedures are less effective, however, when HR is not involved, e.g. when an employee voluntarily leaves. In these situations, access removal processes are less clear and not uniformly or efficiently employed. Improving access removal procedures for all insiders (employees and contractors), whether they are voluntarily or involuntarily separated, should be a critical priority.
Contact ITMG to Develop Strategies and Protocols Designed to Help Your Company Mitigate Your Insider Risk
ITMG is an industry leader in helping organizations throughout the United States strengthen their insider risk management programs and secure sensitive data and intellectual property. Our team of bona fide experts has the real-world experience necessary to plan out and create holistic security solutions tailored to the special needs and risks in your industry. Contact ITMG today to learn more about how we can help! You can also visit our Facebook, Twitter, and LinkedIn pages for more updates and insights into the world of insider risk management.