July 05, 2018

How to Stop Insider Threats: They're Worse Than You Think


Employee negligence
is causing so many security headaches in the workplace. A recent study by Ponemon showed that it was the root-cause of almost two-thirds of insider threat incidents last year.

In the 2018 Cost of Insider Threats study, 64% of global organizations blamed careless employees or contractors for most of their insider threat incidents while 23% of incidents were related to criminal or malicious insiders and 13% were related to user credential theft.

Since 2016, the average number of insider threat incidents involving negligence increased by 26%. Criminal and malicious insider incidents increased by 53% while the credential theft incidents increased by 170%.

The average cost of insider threats was $8.76 million over the past 12 months. If negligence was involved, each incident averaged $283,281. If the incident involved credential theft, the average cost more than doubled to $648,845. Criminal and malicious insiders cost organizations an average of $607,745 per incident.

How to Reduce Insider Threats to Data Security

1. Implement Security Policies

Champion data security with a culture of security from the top down, and comprehensive security policies that address everything from social media to mobile devices. Communicate policies in different ways including on-going training, regular correspondence, and special events such as lunch-and-learn sessions.

2. Develop a Data Breach Response Plan

Put together a comprehensive incident response plan that will contain the problem and resolve issues quickly. Data shows the longer an insider threat lingers, the most costly it gets.

3. Take Advantage of Technology

Equip all computers and mobile devices with the latest safeguarding and monitoring software. To help stop leakage of sensitive data, patch regularly, use several layers of security including passwords, multi-factor authentication, and encryption for confidential data in motion and rest, and monitor email traffic between business networks and personal addresses.   

4. Know Your Employees

Use monitoring solutions, and ask employees about on-the-job concerns. Most employees don’t plan to make security mistakes. Incidents often happen because they are careless with data and work habits. The 2018 State of the Industry Report by Shred-it showed that one-third of working adults in the U.S. admit to potentially risky behavior at work. For example, they send sensitive files to their personal email addresses so they can work on them at home, or they click on links in phishing emails because they’re in a hurry. Also, unhappy employees are more likely to pose insider threats.

5. Control Access to Confidential Data

Implement a system so that all employees are only authorized for the privileges and resources that they need to do their jobs. Since insider threat attacks often happen during a termination, there should be a timely removal of network access and collection of physical laptops and removable media too.

6. Embed Security Processes 

Embed processes that protect confidential information so that employees protect data as part of their job. For example, implement a Clean Desk Policy. Partner with a document destruction expert so that secure shredding is standard for all documents that are no longer needed (physical data is still a major cause of data breaches especially in the health sector). Introduce new employees to these processes, and provide on-going education.

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.