Curbing Insider Threats Today Requires a Holistic Approach 

October is Cybersecurity Awareness Month. It’s important to exercise sound cybersecurity best practices to protect your organization’s sensitive and valuable information against outside hackers and…

Wendy Cole profile picture

Wendy Cole

October 19, 20225 minutes read

Descriptive text explaining the contents of the image.

October is Cybersecurity Awareness Month. It’s important to exercise sound cybersecurity best practices to protect your organization’s sensitive and valuable information against outside hackers and cybercriminals that are always identifying new ways to get to your data. 

However, the biggest threats to your organization are often within your organization, not outside. While they are often not the primary focus of cybersecurity awareness, insider threats are a major cause of data breaches and cyber incidents within organizations today. Curbing those insider threats takes a holistic approach that protects your sensitive and valuable data up front, while also responding quickly to threats that are suspected or have been identified. 

Challenges to Protecting Your Organization’s Sensitive Data 

Protecting your sensitive and valuable data has never been more challenging, especially in a time with so many remote workers and The Great Resignation causing a reshuffling among workforces. Here are a few stats* to illustrate the challenges to protecting your organization’s sensitive and valuable data: 

  • 83% of former employees said they continued accessing accounts from their previous employer after leaving the company. 
  • 56% of former employees said they had used their continued digital access to harm their former employer. 
  • 71% of IT decision makers in the US and UK said the Great Resignation has increased security risks at their companies. 
  • 40% of American employees say they had taken data with them with they left their old jobs. 
  • 74% of employers said they have been negatively impacted by an employee breaching their digital security. 

One of the risks associated with insider threats is the potential for employees to access and steal your organization’s intellectual property.   Even if the organization seeks and is granted relief by a court, the costs to litigate can be considerable. 

A Holistic Approach to Curbing Insider Threats 

Addressing insider threats today requires a combination of up-front measures to protect your data plus investigative best practices to quickly find the answers to determine what was exposed and what to do about it. Here are some best practices to protect your organization against insider threats: 

Virtual Desktop Infrastructure 

One of the biggest threats to the security of your data and documents is data proliferation – which has accelerated since the pandemic increased the number of remote workers in organizations. The best way to address that threat is the implementation of a virtual desktop infrastructure that controls access to the virtual desktop and prohibits storage of data and documents within remote endpoints, maintaining that data on enterprise servers instead. 

Policies for Remote Device Use 

The increased use of mobile devices may boost productivity, but it also increases risks to threats – both internal and external. Many organizations support the use of BYOD (bring your own device) mobile devices, but many of them don’t establish clear policies that set usage guidelines and clearly communicate the organization’s rights and interests in protecting their information. Those rights and interests may extend to the use of Internet of Things (IoT) devices such as Amazon’s Alexa when working at home, so it’s important to establish policies for the use of mobile and IoT devices that support your investigative rights to those devices if malfeasance is suspected. 

Enterprise Content Management Security 

The use of enterprise content management (ECM) systems to manage and protect your organization’s data is one of the best measures you can take to prevent insider attacks. ECM system security measures that protect your data can include: 

  • Two-Factor Authentication: An extra layer of security if login credentials are compromised. 
  • Document Level Authorization: Security to manage rights at the document level and ensure access to your most sensitive and valuable documents is limited to authorized personnel. 
  • Encryption At Rest: Encrypting files at rest protects documents if the system is bypassed. 
  • Intrusion Detection: ECM activity monitoring can provide notifications if authorized users attempt to access documents without authorization. 

Proven Investigative Workflows 

Conducting internal investigations discreetly, quickly and comprehensively is a task for experienced investigators with the right qualifications and certifications. An experienced investigations team understands how to leverage technology and proven investigative workflows to conduct the investigation quickly and effectively. 

Internal investigations follow their own unique eDiscovery workflow that involves 1) custodian and data identification, 2) collecting potentially responsive data in a forensically sound manner, 3) applying advanced review and analytics techniques and technology to identify important evidence quickly, 4) quality assurance (QA) to ensure any data contradictory to the findings is identified and addressed, and 5) preparing a clear and concise report of the findings. 

Time is of the essence when you’re looking to minimize the risk and damage associated with insider bad acts. Proven investigative workflows that effectively leverage technology position your organization to reduce or eliminate litigation expenses downstream while preparing your organization for downstream litigation if it is necessary. 

Conclusion 

Insider threats are often the forgotten threats to your organization’s sensitive and valuable information, but they are no less important, and the risks are just as great as they are with outside threats. There is no single measure that can address insider threats, but a holistic approach to address them which includes a virtual desktop infrastructure to centralize data for protection, policies for remote device use, implementation of an ECM system to maximize security measures for your data – plus the use of experienced investigators utilizing proven investigative workflows when insider bad acts are expected – will provide maximum protection for your organization against insider threats. 

For more information on OpenText™ Recon Investigations Services, click here

*Stats Sourced From eDiscovery Today 

Share this post

Share this post to x. Share to linkedin. Mail to
Wendy Cole avatar image

Wendy Cole

Wendy is a long-time legal technology and eDiscovery enthusiast. Having participated in many facets of the legal and legal technology industries, her broad range of experience spans from being on the front-line of eDiscovery projects as a civil litigator and eDiscovery counsel, to managing and marketing legal technology software and services for global organizations.

See all posts

More from the author

What the old adage “time is money” means to legal review teams 

What the old adage “time is money” means to legal review teams 

There are a number of ways to understand the “cost” of something, and most definitions of the term begin with money as the chief factor….

August 23, 2023 4 minutes read
Are DACH Organizations Prepared for Internal and Regulatory Investigations?

Are DACH Organizations Prepared for Internal and Regulatory Investigations?

Modern investigations are intensely demanding in every sense of the word. Whether driven by whistleblower allegations, regulatory compliance, or HR issues, the potential fallout for…

April 21, 2023 5 minutes read
Sometimes in eDiscovery more is better

Sometimes in eDiscovery more is better

With the proliferation of electronic data, the vast majority of business communication is now in electronic format.  It is not surprising that the use cases…

February 8, 2023 6 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.