Who are the insiders?
In 2012, over 50% of all organizations reported a cybercrime incident originating as an insider threat. Often these data losses are accidental; the well-meaning employee who misplaces a thumb drive containing patient records while working from home or the busy executive who accidentally adds the wrong recipient on a vital M&A email. Insider theft can also be quantified in terms of lost, or idle, time and resources caused by employees conducting personal business during work hours or getting too caught up in an online shopping spree.
In the modern business world, working remotely has become increasingly popular among organizations of every industry. These employees could be contractors, “field” employees, work-at-home employees, or entire satellite offices across the globe. Even if your organization has no formal work-from-home program, over 83% of employees report in a recent study that they completed at least a portion of their work from their home during 2012. This raises issues regarding how to securely transmit data between locations, how to protect data when the endpoint is not connected to a network, how to ensure time is used efficiently while offsite, and how to track which files users access when they connect remotely. Unfortunately, offsite team members usually use their own mobile devices or personal computers to work from offsite, which leaves a gateway open for data theft since they’re no longer protected under the umbrella of their company’s installed security measures and protocols.
Inherently, every organization faces the problem of data allocation, having to make both the crucial decision which team members should be given access to specific information and pathways, while also dealing with the compromise of keeping each data sharing scenario safe and secure. There are also numerous reasons that any organization should be making monitoring of their high privileged users a mandatory practice. By definition, comprehensive data breach security should always be inclusive of all users – especially those with the greatest access and number of protocols. Possible security and forensic auditing that may one day be necessary is also made easier when every member of an organization’s team is accounted for. And there is always the principle issue: keeping regulatory compliance in check is at its most beneficial when no team members – particularly those with the high privileges – are excluded. The larger the institution and number of high privileged account members, the tougher the decision becomes.
In the worst-case scenario, your organization may be deliberately targeted by a malicious perpetrator looking to hit your data-web where it hurts. Often, this form of cyber theft is conducted by a disgruntled staffer or a contractor on their way to a new position. Many cases involve disgruntled employees who believe that the organization has wronged them and is merely seeking revenge. In this instance, that perpetrator is in a unique position to know the data-web well, making for easier infiltration and theft. Their malicious activity usually occurs in four steps: First, gaining the necessary entry to the network, familiarizing themselves with the nature of the data-web system in order to learn its vulnerable points and, finally, setting up a remote workstation from which their malicious activity can take place.
Intelligent ID recognizes each step in a such an insider threat and includes multiple functionalities to address them all.
The Intelligent ID Solution:
Intelligent ID protects your organization against insider threat by monitoring file and user activity across multiple channels and alerting administrators to abnormal or risky behavior on your endpoints. Our team has researched hundreds of real world insider threat incidents in order to produce a robust feature set geared toward protecting your organization’s employees, data and resources.
For example, Intelligent ID can:
- Identify usual levels of file transfers of files over a given period of time
- Alert you when sensitive data is being moved to cloud storage such as Dropbox
- Monitor files exported from your SAP system
- Alert you of sensitive documents printed, even if they are printed offsite or from a non-company printer
- Send alerts on risky keywords such as violent or sexual terms, current M&A names, administrator passwords being used by non-admins, or company-specific terms
- Identify files moved to external media with the option of automatic encryption
- Monitor files accessed, modified, or deleted from directories containing sensitive data
- Alert administrators when a user logs into a web-based application using credentials that do not match their own
By focusing on your network’s endpoint (both a design and philosophy unique to our solution) and maintaining the broadest possible spectrum of monitoring, intelligent ID has your data security covered in the most comprehensive way available.
Let IID’s innovative security features truly work for you, not only providing the comprehensive internal monitoring solutions to successfully locate preexisting compliance breaches, but also in educating you and your team how to properly move forward in combating the insider threat.