We have talked at length about how your employees may be inadvertently opening the door to cyber attacks by clicking on links and opening attachments in email. But could your employees be actively and purposefully looking to sabotage your network and steal intellectual property, or financial assets over your own computer network. The FBI recently released information about insider threats and the effects on businesses. The report said:
A review of recent FBI cyber investigations revealed victim businesses incur significant costs ranging from $5,000 to $3 million due to cyber incidents involving disgruntled or former employees. Businesses reported various factors into their cost estimates, to include: calculating the value of stolen data, Information Technology (IT) services, the establishment of network countermeasures, legal fees, loss of revenue and/or customers, and the purchase of credit monitoring services for employees and customers affected by a data breach.
This sort of theft runs the gamut from a departing sales person taking customer records on a flash drive or uploading them to online services such as DropBox, to double scanning customer credit cards by service employees, and even embezzlement of company funds by the people in charge of your accounts payable, banking or payroll functions. In many cases they return after termination, and find that they are able to use their old sign-in credentials to access company information.
The FBI recommends that businesses defend themselves by creating and enforcing policies such as the following:
- Close accounts that employees no longer need to perform their jobs
- Terminate accounts when you terminate employees, or at least change out the passwords.
- Change all administrative passwords when terminating IT staff.
- Do not use the same log-in credentials for multiple employees. Use the same password for several employees makes account auditing or computer forensics impossible.
- Do not use the same credentials across different service or platforms.
- Do not use shared credentials for remote desktop protocol connections.
- Internet access should be monitored and filtered to permit access only to necessary web sites.
- Do not let employees install programs such as LogMeIn.
- Maintain daily backups of all servers and file shares.
- Create an enforce a meaningful password policy that requires defined levels of complexity and periodic changes.
This issue is often overlooked in smaller companies, where employees may have been employed for long periods, and have been give large amounts of trust and authority. If you think of your employees as “family,” then in all likelihood you are not monitoring this issue as you should. One of President Ronald Regan’s favorite sayings was “trust, but verify.” This should apply to employees at your business as well.
For more information please use the links below:
FBI and DHS Report: Increase in Insider Threat Cases Highlight Significant Risks to Business Networks and Proprietary Information
US CERT: Combating the Insider Threat
NOV
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com