Before the recent pandemic, many executives began appreciating the risks and opportunities associated with cybersecurity. A 2019 survey on cybersecurity priorities from Optiv Security found that 96% of CISOs are taking “a more strategic approach to cybersecurity,” and many were even willing to slow business development to account for cybersecurity-related risks.
This was great news as the costs and consequences of a data breach continued to grow. Unfortunately, the pandemic made their job much more difficult and forced companies to execute these priorities in an entirely novel environment.
For many, a distributed hybrid workforce is the new normal, vastly expanding their threat landscape and making it more challenging to secure data and IT infrastructure. In this environment, companies need to pivot their defensive capacity, ensuring that they are prepared to meet the moment (i.e., the threats).
Understanding insider threats
When considering cybersecurity threats, we often think of shady cybercriminals or nation-states hacking company networks. After all, when these incidents occur, they make worldwide news headlines.
For most companies, however, external bad actors aren’t the most critical risk. A company’s employees often pose a more prominent and – luckily – a more manageable cybersecurity threat.
IBM estimates that human error causes nearly a quarter of all data breaches. Additionally, employees commonly and inadvertently compromise company data through poor password hygiene, accidental data sharing, improper technology use, phishing scams, and more.
Some employees will also act maliciously, intentionally stealing company data for profit, retribution, or fun. The market for sensitive data is so prolific that some cybersecurity experts predict the emergence of insiders-as-a-service as bad actors capitalize on remote work trends to infiltrate companies.
Defensive best practices
While insider threats pose a serious threat to data security, they are also the most manageable risk. By embracing defensive best practices, every organization can significantly reduce the risk of a data breach.
1. Deploy employee monitoring software
Especially when securing a remote workforce, highly capable employing monitoring software can provide critical insights and defensive capacity. Specifically, employee monitoring initiatives can:
- Analyze behavior patterns to identify threats before they emerge
- Restrict access to sensitive data
- Prevent data exfiltration
- Provide digital forensics for investigation and analysis
For years, companies have spent significant sums to secure their on-site IT infrastructure. The emergence of hybrid work as a long-term workplace trend makes off-site investment a priority and a necessity for companies that want to remain cyber-secure.
2. Establish and enforce data management policies
A staggering number of organizations rely on employees using their personal devices for work. Nearly 60% of all organizations allow personal devices to access company networks and data, a practice that puts data at risk.
Company-issued technology for accessing data and networks is a better and more holistic approach to data management. Monitoring services can support this effort by providing meaningful insights into the way workers use their company-issued devices, ensuring that sensitive data is protected in the best way possible.
3. Secure accounts
It’s likely that more than a third of your workforce never update their account passwords. Since billions of login credentials have been compromised in the past several years, this is an obvious vulnerability with an easy solution.
Prompting employees to regularly update account passwords can keep bad actors out, and simple on-screen prompts reduces risk in a meaningful way.
At the same time, enabling readily available security features such as two-factor authentication can prevent threat actors from accessing data even when armed with the correct login information.
4. Train everyone to secure data
Most people want to be a part of the data security solution. Training all employees to manage data effectively, identify phishing scams, and protect their accounts turns your entire workforce into a defensive asset rather than an extensive liability.
Conclusion
Even before the pandemic disrupted many businesses’ operational structure, cybersecurity threats were both pervasive and expensive.
The number of data breaches has increased ever year since 2015 compromising billions of records and costing companies millions of dollars. When coupled with increasing regulatory scrutiny, it’s clear that cybersecurity is an issue that companies need to prioritize at every level.
Because of the rise in remote work, insider threats now pose a heightened risk to data security, and organizations must take action. Effective cybersecurity strategies will serve as a firm foundation for organizations to build upon in the year ahead.
By Isaac Kohen