The law, of course, protects your business from theft of trade secrets, but it does it after the fact, when the money is finally lost, and the reputation can no longer be saved. The experts at the University of New Mexico's cybersecurity laboratory divide the insider attacks into two types: situational, that is, single information leaks that occurred due to negligence or due to a system failure and planned. In other words, one way or another having a malicious intent. Anyone can be a “mole”: your “right hand” or another economist whose name you don’t even remember.
According to the December report of Secure Automatic Technologies, 99% of European organizations at least three times in the history of their existence experienced financial losses resulting from insider activity. 53% of the surveyed respondent companies have experienced at least one insider attack in the past 12 months. The report of the American Association Insider Threat 2019 says that today 61% of bankruptcies in the United States are caused by insiders, and the threat becomes especially acute during the conclusion of large contracts.
In November, experts of the Russian audit and consulting agency EY in an interview with newspaper “Kommersant” said that “almost every fourth Russian employee steals data one way or another” and journalists found the real names of the famous “Salisberet tourists” Petrov and Boshirov, merged by their colleagues from the GDS (General Directorate of the General Staff), quote: “not from a good life”.
An “Insider” is one of the organization’s employees who has access to information that is closed to the general public. It can use the available information both to the detriment of business, and for its own enrichment.
Anyone can become an insider (that is, anyone at all), however, behavioral psychology and personnel profiling can calculate the mole at the interview stage or prevent data theft in the already existing team. Personnel psychologists distinguish six types of insiders, these are: negligent, manipulated, offended, disloyal, “moonlighting” and implemented employees. It is very situational who can be considered the least dangerous link in this scale. “Negligent” employees may allow information leakage due to negligence (and it may turn out to be irreparable), while the activities of “introduced” gentlemen are aimed directly at undermining your business.
If you divide employees into those who are already over and who can still be saved, the Falcongaze HR group recommends that your HR department pay close attention to “negligent” and “manipulated” employees. Perhaps they simply lack a skill of information security. They do not realize the harm that their thoughtless gesture can do to your business, while you should get rid of “offended”, “disloyal” and “introduced” as soon as possible. To a greater extent - from the “offended” - you will never have any benefits from them.
Install the DLP system. The software will create a powerful secure digital circuit around your organization’s internal network and will signal all attempts to transfer sensitive information outside the enterprise. The system provides filtering and analysis of traffic according to statistical and semantic meaning, which makes the search for disloyal employees, in fact mishandled by insiders and employees, undermining the economic security of your business automatic. Acting within the framework of the set security policy, DLP will notify authorized personnel of violation of established protocols, whether it is an email of dubious content or sending confidential documents for printing.
Keep an eye on outdated accounts. Often, the cause of information leakage is retiring employees with still valid credentials to enter the corporate network. However, sometimes they are far from committing a violation - logins and passwords can fall into the hands of existing employees who commit illegal actions from within the organization and avert suspicions from themselves. To identify such persons, use the bait and pay attention to the “traces” of their work. Conscious insiders tend to delete large volumes of files in an attempt to disguise their activities.
A common method for identifying insiders is fishing for live bait. An attacker is constantly “scouring” the corporate network for critical information. You can “leave” in the public domain an array of extremely valuable files and see who sends the archive to USB, to the cloud or to print.
In addition to the functionality of DLP systems in itself, it is possible to recognize an insider even at the interview stage; for this, similar universal tools are applicable - interviews and experiments. An interview means a survey processed using the method of sociometry. The same methods can be applied in the already existing team. Samsung HR-Service analyzes the corporate personnel for risks using a simple oral questionnaire: “Who would you not take on a business trip from your employees” or “Who would you share a new creative idea with”. For the reliability of the information, you can conduct repeated polls, but use other questions. By observing an individual’s choices, one can study his typology of social behavior in a group. Carrying out a sociometric technique does not require more than 15 minutes.
The experiment consists in the intentional creation of special conditions for the observed, in order to determine from his actions in certain situations:
how self-centered he is, whether he can empathize with other people. By hiring a person for a probationary period, you can agree in advance with an old trusted employee to provoke a newcomer by offering additional income in an unfair and unlawful way.
In conclusion: it should be understood that insider activity does not threaten your business only if you are an individual entrepreneur. Remember that confidential information in the conditions of wide access, like an ice cube - at each stage of ice everything is less and your hands are in water. Install the DLP system, invest in security services and HR, regularly conduct trainings and seminars on information security and do not worry that “moles” have rummaged through your business garden.