Why It's Still a Good Time to Identify and Manage Data Risk and Insider Threats
COVID-19 turned our world upside down. While work from home wasn’t on most organizations’ priority lists before March 2020, what started as a health crisis quickly became the ultimate test in enterprise resilience and agility. Many organizations’ risk posture changed significantly with this transition to a remote workforce. Not many were set up to make this shift from a technology, data security and visibility perspective.
In an effort to keep business moving forward, we witnessed IT teams adopt and then reactively deploy sanctioned cloud applications, in many cases, for the first time. Collaboration tools like Zoom, Slack and Microsoft Teams have since become workforce essentials. While IT was in the midst of rapidly deploying these technologies, some employees took the path of least resistance in the absence of sanctioned collaboration tools. They downloaded freeware or shadow IT solutions to fill tool gaps that were preventing them from getting their work done. With new risks being introduced to the organization’s sensitive data, terms like “Zoombombing” emerged; opportunistic hackers monetized the tragedy by targeting home networks; and new phishing scams were launched, masked as COVID-19 updates or financial resources.
Security teams quickly found themselves in the hot seat to secure their organization’s new virtual work environment, including the new technologies that are now integral to keeping employees productive, connected and engaged. While no one could have predicted the rapid progression of current events and what quickly became our “next normal,” it’s clear now that cloud collaboration technologies are here to stay. Having visibility into data moving across those apps and tools while employees are working from home off the corporate network, is more important than ever before. While these cloud-based technologies are critical to keeping business functioning, they also open companies up to a greater risk of insider threat.
Insider threat programs are critical — and they don’t need to be expensive
When it comes to adopting security practices to manage data risk and insider threats, start simple, then iterate. Many security and business leaders think implementing a new program is synonymous with increased costs, resources and overhead, but when it comes to insider threat risk management, you can leverage some existing processes and functions. For example, communication and security awareness training can go a long way to help reiterate key information and practices. Keep in mind that most employees are not malicious insiders, so if you are just getting started, stick to the basics:
- Communicate known insider threat risks and best practices for remote workers, such as phishing scams or resources on how to better secure home routers
- Incorporate real world and timely insider threat scenarios into security awareness trainings
- Be transparent with employees about acceptable use of corporate devices and software
If your organization already has some level of an insider threat program in place today, beware that a larger remote workforce can introduce a new set of challenges. People tend to let their guards down when they’re at home juggling both work and family life. Work devices often are used more freely for streaming services, videoconferencing with friends and family, or to help children with schoolwork. This leads to an uptick in unintentional data movement and puts collaborative technologies to the test — shining a spotlight on glaring security gaps. As a security leader, you must understand what insider threat risks are unique to your organization and what data is important, where it resides and who has access to it. This can be done by conducting a risk and impact assessment. Having a better understanding of your security landscape can help you secure executive and stakeholder buy-in.
Virtual workforce changes
With the events related to COVID-19, leadership teams were faced with tough decisions to ensure the long-term health of their business. Virtual workforces and headcount reductions mark new territory for many organizations. Therefore, it’s important for security leaders to establish stakeholder partnerships with HR, legal and front-line managers to ensure the organization is protected from both external and insider threats as these changes continue.
As with any workforce change, but particularly in a remote setting, having a plan that incorporates people, processes and technology is key. In addition to your standard employee off-boarding checklist, be sure to take the following into account:
- What systems, applications or data do impacted employees have access to?
- How will you collect impacted employees’ devices and other company assets?
- Can you disable access remotely?
Impacted individuals are more likely to take data when they are notified or if they are planning to leave. Elevated emotions, especially during times of uncertainty, may cause employees to behave differently than they might normally. Your goal as a security leader is to protect the organization, ensuring critical or sensitive data doesn’t leave with the employee.
Secure your collaboration culture for the long-term
While COVID-19 pushed organizations to adopt cloud technologies quickly, any new technology that was recently deployed should still support a company’s long-term strategy. Organizations are embracing cloud technology to collaborate and drive efficiency. Even those that have been reticent to adopt these tools have done so out of a need to adjust to the challenges of larger remote workforces. As your organization embraces the cloud, you must ask the following questions:
- Do I have the right security tools in place to show what’s going on both on- and off-network?
- Do I have visibility into where data is moving, who is accessing it and what’s happening to the data?
- Do I have the ability to detect and respond to data exfiltration across devices, cloud and email?
Lastly, as organizations begin to manage the transition back to the office, it’s important to note that remote work habits and some semblance of long-term remote work will likely remain. In general, security leaders should expect cloud-based collaboration tool usage, including email, videoconferencing, Slack or Teams, to continue. They also should be prepared, in some cases, for more use of freeware or other shadow IT that employees have now embraced to get their jobs done. All are vectors that increase the data risk footprint. How organizations react now will undoubtedly have an impact on how they empower employees to drive results and value in the future.