Minimizing Insider Threats: The Rogue Employee

Posted by Amanuel Tsighe on Oct 8, 2013 1:48:00 PM

No company wants to believe they may have a rogue employee on their payroll.  However, Edward Snowden's leaking of top-secret NSA documents has raised awareness of internal threats in organizations worldwide. It’s not easy to detect an insider threat, and it’s nearly impossible to stop a determined rogue employee. Companies can however enforce effective security controls to minimize such threats.

The more recent in-house breaches at Vodafone and Holy Cross Hospital are a testament to the flaws of many internal security systems. Merely passing compliance requirements isn’t helping IT professionals sleep any better at night, and even the strongest firewall won’t prevent a legitimate employee from sharing documents outside of the organization.

So what are the common security mistakes that could enable a rogue employee in your organization?

The Rogue Employee

    • Overly-generous document access policies. Too often we see companies offer their employees unnecessarily privileged access to sensitive documents and data. And with greater access comes greater risk, of course. Enforcing a “need to know” policy, in which employees are limited to the least number of documents required to do their job, can great reduce the threat of an insider breach. Pinpoint which documents are in most need of protection, then limit access.
    • Decentralized storage of sensitive documents.  Organizations may minimize the amount of access an employee has to sensitive information by following the vault paradigm of document security. Offer employees the option to request document access and require a reason for access.
    • Allowing legacy access to documents. In the wake of the NSA scandal, we are seeing organizations adopt DRM solutions that enable administrators to revoke user access to a document anytime, anywhere. Using FileOpen’s RightsManager solution, for example, if an employee no longer needs access to a particular document to effectively do her job, system administrators may simply revoke her access to said document. If she later requests access to the document, but her task only requires limited access, system administrators can enforce a policy that limits her access to select portions of the document.
    • Allowing unfettered access on take-home devices (BYOD). With the profusion of tablets and smartphones comes the heightened risk of employees using company documents on their personal devices. To manage such activities, administrators should enforce a machine limit on more sensitive documents. For example, FileOpen RightsManager enables setting a machine limit of “1” to ensure that an employee may only access the document from her office workstation.
    • Trusting high-level employees with too much. Limiting document access to lower-level employees is important, but what about executives? Granting exceptions for higher-level employees can put companies at risk. According to a 2013 Data Protection Trends Research study, among companies with secure programs in place, 24% allow exceptions for executive-level employees. This poses an especially dangerous threat as executive-level employees are often granted access to the most sensitive information at a firm. Realizing impregnable document security requires you enforce a “need to know” policy across the board. Limit the number of documents to which your “superusers” have access, and consistently monitor their access. Snowden, of course, was a system admin who was permitted access to an NSA file sharing location on the NSA intranet to transfer sensitive information. Enacting a “two-person” rule to accessing highly sensitive documents can further thwart lone-wolves. Additionally, before a system administrator is handed the keys to the kingdom, be sure to conduct a thorough background check.
    • Failing to monitor document usage. No security program is bulletproof without a system of quickly identifying and containing a data breach. Applying a document monitoring solution (track number of times opened, location of access, etc) can help your IT department quickly identify and stop any unusual activities.  Document tracking is highly effective in identifying both rogue employees and former employees. For instance, after an employee leaves your company, your legal department will be empowered to request a list of documents the employee accessed to more effectively monitor any leaked trade secrets to a competitor. Stay tuned for the official release announcement of FileOpen’s document tracking solution.

Encrypt, limit access, monitor access, educate, and iterate. Reaching the promised land of security doesn’t need to be elusive.  

Topics: document encryption drm document security insider threat