Why All Departments Are Now Cyber Security Departments
The game has changed: We’ve entered the age of open collaboration
We’re in a new era of work. What used to be locked down tightly is now free-floating, collaborative and accessible everywhere. We’ve gone from using on-premise, off-a-disk software to using cloud everything.
You’ve felt it – this change is powerful. It’s a force of business that’s allowing for previously-unseen levels of digital agility, collaboration and rapid innovation. A “new era” isn’t overselling it.
However, the rise of the digital collaboration culture comes with its own unique risks. We need to consider the threats that come with having our most valuable data so unhindered, so freely available, so easily accessible. Your files are out there — and so are the people looking to use them for personal gain. We need to protect this new workplace ecology with a new cyber security paradigm — one that involves HR, IT and legal. Let’s break it down.
Despite the essential need to be on the cusp of novelty, most modern data security stacks are currently unequipped to deal with a whole new subset of threat: the insider threat.
Insider threat has three main forms:
- The departing employee: A soon-to-be-ex-employee who takes valuable data or IP with them on their way out.
- The policy-breaker: An employee who is sticking around the organization – but has self-serving plans for your company’s digital assets.
- The mistake-maker: An innocent, well-meaning employee who inadvertently lets your data leak, making for a costly mistake.
Internal data leaks aren’t necessarily one-and-done isolated incidents. They can also look like patterns of activity that occur over time. For example, someone exporting your entire customer list over a few weeks is a lot less obvious than someone downloading a 500GB ZIP file – and it’s just as damaging to your company. These leaks can easily slip by unnoticed for months if your security team isn’t ready and equipped to detect and respond immediately.
This type of data loss is becoming increasingly common. 94% of the top ASX-listed companies and government bodies have been exposed to an internal data leakage in the last year.
The old ways alone aren’t enough. Traditional DLP tools were made for a world where files stayed put. Today, they fly in and out of your door every time your staff comes in and leaves for the day. Or an even easier option to avoid any prying eyes – moving files while working remotely. The digital collaborative era needs collaborative efforts to protect it.
This only works if the people of your company help defend it. So – what can you do to help protect your customers, employees and investors?
Let’s take a look at the impact your department can have on protecting against the new angles of threat that come with our new way of working. HR, IT and legal each have unique ways they can contribute to protecting their company against insider threat, and don’t worry — most of these build on things you’re already doing.
Interweaving HR and data security
HR is hugely important to data security in the new era of work. Your position at the front lines gives you an essential role in protecting collaboration and you have the power to significantly mitigate internal threats. Even though insider threats stem from your employees, it’s important to not let a few bad apples spoil the bunch. The last thing you want is a witch-hunt atmosphere. This is about preserving the good in your company, not just about nabbing shifty-eyed Jim from the elevator.
We know you’re busy. Thankfully, helping out doesn’t require clearing your schedule. Here are a few quick, effective, security-oriented tweaks that can go a long way in securing your company’s work.
- Ensure proper screenings for prospective employees: Checking to see who you’re letting into your business has always been important – but now that your data is cloud-based and more easily accessible, the stakes have been raised.
- Be transparent in your data security measures when onboarding: Ensure that your cyber security policy is both comprehensive and comprehensible to new hires. Review it in simple language and show that you understand it and prioritize it. Make it clear that workplace materials and property (laptops, etc) are subject to monitoring. This alone can act as a deterrent.
- Train and educate your staff about insider threats: This can help foster an atmosphere of shared security. Plus, educating your employees about the potential for insider threat doesn’t need to be adversarial – it can be collectively empowering. Illustrate it to them on a personal level. Take the nebulous concept of “security” and make it real.
“You’ve seen your friend Tim from Product Development work overtime every night for 2 months. You can help protect his novel source code from slipping out the door. Be aware of insider threat indicators like sudden isolation from other coworkers, sending or receiving unusually large attachments, or coworkers insisting on being the sole administrator of a system.”
52% of surveyed organizations believe that the critical factor enabling insider threat attacks is a lack of employee training and awareness (with lack of suitable technology being a close second). This is where you can step up and make a serious dent towards the mitigation process.
- Notify IT of employee status changes throughout all stages of the employee lifecycle: Communication is key. The most effective way to keep data safe is to have all of your teams aligned.
Want to learn more? You know that turnover is costly, no surprise there – but there’s an even bigger issue beneath that. Check out our eBook on the real hidden cost of leavers and what you can do about it.
The IT factor
IT and cyber security have an increasingly overlapping relationship. After all, data loss almost always happens in IT’s court. For someone looking to steal valuable data — where there’s volume, there’s opportunity. This is why cloud collaboration apps, databases and file servers are the most likely sources of value to be ransacked in an insider threat incident.
Even though the IT team and security team have always been close, the new paradigm requires them to get even closer. Theft of business-critical data or IP such as product designs, source code, trade secrets, etc. are becoming more and more common.
But less than half of IT professionals (45%) consider insider threat to be the main source of risk for data loss. There’s a hefty gap there. What’s more, IT is usually among the first to take blame in the case of data loss.
So, how to protect your crucial files in a sharing-heavy world? Standard practices like privilege management aren’t enough on their own, as highly-privileged users can be the most dangerous form of internal threat. On top of that, over-exercising privileges can block collaboration and stifle the open, fluid work environment we’re seeking to safeguard.
Here are a few things you can do to help ensure a collective, cohesive security environment for your company’s best digital assets.
- Evaluate your toolset: First and foremost, make sure to focus on the fundamentals. If those security tools aren’t solid, then the rest will crumble in times of uncertainty. In addition, the latest and greatest security software won’t necessarily save your data from grabby hands inside your organization. Your security tech stack should include software specifically designed to protect from internal threats, with a focus on consolidated visibility (hey, that’s Code42 Incydr).
- Review your departing employee process: Ensure that all hardware is returned and the appropriate accesses are revoked. With the number of cloud apps your organization is probably using, keeping track of logins can easily get messy. One illicit login could be the difference-maker.
- Make your voice heard: Talk it out with security and make sure you are on the same page. Is upper management aware of the potential threat? They should be.
Legal’s unique role in data security
For the legal team, an insider threat incident results in a swirling mix of issues, all of which require clear and deft navigation. We’re talking about dealing with privacy laws, compliance laws, IP laws, criminal law, employment law, and more.
Expect to be consulted on matters of proper disclosure in the event of an internal data breach. Things like: What does the timeline look like? Have we notified authorities within GDPR’s required 72-hour window? Through which channels will we be communicating to our shareholders and the public?
It’s safe to say legal has a vested interest in keeping the impact of insider threats to a minimum (that is to say, not imploding from the amount of work).
However, despite the potential for a legal minefield, the legal team is uniquely capable of protecting their company, investors and employees through policy-setting.
So, what can you do?
- Ensure you’re notified of the incident ASAP: You’ll want to be asking the right questions immediately after an incident – as you’ll likely have a metric ton of questions aimed at you. You’ll need to know the facts and be able to determine what actions to take.
- Reach out to department heads: It really does take a team. Talk with department heads to ensure you have a unified, comprehensive and up-to-date internal policy set to mitigate internal theft. Security, HR and IT could probably use your assistance when it comes to navigating documentation surrounding monitoring consent or user data.
- Ensure that new hires have no ambiguity when it comes to security policies: No “I didn’t know”s. No holes of the loop variety.
Digital collaborative work needs a collaborative effort to protect it
The ownership of data security no longer belongs to just the security department – it belongs to everybody. Every department head, every employee can help in safeguarding company data.
Yes, everyone’s already got a full plate, but it’s necessary to do more for data security because now, there’s more to protect. Most of these anti-insider threat measures are relatively easy to implement and practice. This new paradigm is absolutely worth it.
Code42 Incydr™ helps you implement a cyber security strategy that focuses on a consolidated, highly-detailed viewscape of your file activity. Become alerted to suspicious behavior as it happens and be prepared to take immediate action – your data depends on it.
Don’t wait for an important breach. Make sure your company is equipped to monitor, detect and respond to insider threat incidents ASAP.