How to Bounce Back after a Security Breach
After the initial scurry of companies trying to figure out how to stay operational with a remote workforce, the attention of a lot of companies turned toward how to ensure they stayed safe from external threats while their employees used improperly secured networks and collaboration technologies.
However, some companies missed an important link to their security strategy: protecting themselves from internal threats. According to a recent Malwarebytes report, 20% of respondents surveyed said they faced a security breach as a result of a remote worker. Data breaches and fraud caused by employees can be just as costly if not more so than external threats. The recent Twitter attack aided by one of their own employees that affected high profile accounts followed by millions of people, is a clear indicator that employees are capable of serious threats to unprotected or unprepared companies. But how do these companies bounce back after a breach? What are some steps they can take to mitigate the risk?
One crucial step to protecting companies from both internal and external threats and reducing risks is employee training. Most employees may not even be aware of the potential damage or risks internal systems can cause. Employees should be working with the same level of security protocols and procedures that they did in an office setting. However, with home distractions such as children or pets, it can be easy to forego a security measure in the name of time. Giving employees an up to date training with the new way of working considered is a low-cost way to reduce potential risks but also give employees a friendly reminder before an accidental breach occurs. In fact, now is a perfect time to reflect and update security protocols, policies and solutions given the rapid changes made as a result of the pandemic.
Implementing a zero-trust policy in the organization can also help mitigate risks from internal threats. This policy should encompass all employees from entry level to C-level executives. A zero-trust policy does not mean operating without trust between colleagues, it simply means that you can’t assume every employee will act ethically and morally in regard to respecting or safeguarding company assets. Financial pressures, both personal and organizational, stemming from the recession due to the coronavirus pandemic could cause any employee to rationalize fraudulent actions for personal gain.
Lastly, companies who have gone through a breach and are implementing a new way of working that protects them from internal threats need to leverage technology to their advantage. Zero trust policies require thoughtful oversight and governance of who has access to what. Segregation of Duties (SoD) and access control tools can help companies spot and mitigate risk in real time. There are many solutions available, and there are on premises and cloud tools that can be used. Cloud solutions do not require constant upgrades, consultant fees and are more cost-effective while allowing for monitoring regardless of where employees are working. We strongly recommend against manual controls which are extremely prone to errors and take up valuable time and resources from IT and security personnel that could be put to better use.
Additionally, companies need to keep audit work on track and be sure they are analyzing risks continuously, as well as conducting more frequent user access reviews. That may sound like more work, especially if there has been any reduction of audit and compliance employees, but with the right tools, those tasks can be quite streamlined and easy.
By no means is this an exhaustive play-by-play of what companies should implement after an insider incident; however, these suggestions can be taken as a baseline of what any company, whether affected by a breach or not, can take to mitigate their risk, now and in the future.