The Ascertus Security Thought Leadership Series
Minimising Risk of Inadvertent Insider Threat
Digital transformation today is a no brainer for organisations, but research shows that such initiatives are putting their sensitive data at risk. This is caused – mostly inadvertently – by the ease of access to information, enabled by modern technology adoption, that in turn is driven primarily by the need to enhance employee productivity and time efficiency.
An evolved approach to data security to support progressive programmes, such as digital transformation, is needed. As part of the Ascertus Security Thought Leadership Series, a previous guest blog offered advice on measures that organisations can take to mitigate insider threat. With document and email management being fundamental to digital transformation, here are some practical, best practice measures that law firms can take at user-level to ensure the safety of their confidential and sensitive data:
1. Locking down data without impacting employee productivity
We’ve all done it – sent out attachments to individuals accidently or given colleagues sight of documents that they might not otherwise have seen and only because they’ve along the way, been included in an email trail. Instead of sending copies via attachments internally, a better approach is to send links to documents within emails. This ensures that only authorised individuals can access the data. With data residing in the document management system, it is possible to set access rights to information based on a ‘need to know’. So, while an individual might click on the link, they may or may not be able to view the information, based on their level of authorisation.
This approach can facilitate secure collaboration. Users can set up collaborative workspaces and grant access rights to select employees to collaboratively work on documents, all the while supported by an audit trail, giving individuals full visibility of the changes being made and by whom. This in fact stops employees from taking unnecessary risks with sensitive data too – for example downloading a highly confidential document for ease of use but storing it in an unsecure location.
Furthermore, organisations must leverage the functionality in their document management system to segment data in order to minimise the impact of a security breach. It helps lock down access to data. In the physical world, in the instance of a fire, the affected sections of the property are instantly cordoned off to contain the impact. In the online world, the same concept applies.
2. Embedding automatic email checks
The ‘recent people’ feature in Outlook where you enter the first letter of an individual’s name and the full email automatically appears is a convenience and productivity blessing – most of the time! It saves us from having to go into our long list of contacts to pick the email id of the individual we want to correspond with.
At the same time, a common slip up is to enter the email id of another person with a similar name. In such instances, the risk of a data breach becomes very high – especially if sensitive information reaches external parties.
It’s advisable to deploy ‘recipient checking’ technology to safeguard against such errors. When the sender clicks ‘send’ in Outlook, the technology automatically assesses the list of recipients for risk (e.g. blacklisted domain) – and colour codes the email for risk (red, amber, green) based on rules instituted by organisation. Additionally, the sender is asked to confirm the names of the intended recipients before the email is sent, especially if the correspondence is to personal email addresses such as Gmail or Hotmail.
3. Monitoring behaviour patterns of employees
Based on analysis of data breach reports triaged by the Information Commissioner’s Office (ICO), on average it is taking organisations two months to detect that they’ve been breached. With the document management systems being the central repository of data in organisations, instituting technology-led processes that facilitate proactive threat detection utilising techniques such as machine learning and behavioural modelling, is a must.
It helps detect unusual activity and document access behaviour that is not the norm for employees, to surface potential malicious pursuits by cyber criminals who may be using the identity of an employee to steal sensitive information. For instance, if a fee earner is suddenly accessing documents on a case they aren’t involved in or one that is outside of their practice remit, the technology would instantly alert the IT department to investigate the activity and take the necessary action, in the event that it is a breach.
With the risk of insider threat increasingly exponentially, organisations need to take measures to not only protect confidential data, but also their employees. Often, the employees are mere pawns in the hands of cyber criminals. Duty of Care towards employees is an important obligation.
If you are looking for assistance with best practice processes for insider threat, get in touch with us via firstname.lastname@example.org. We are working with a number of organisations already to deliver tailored solutions to meet the individual requirements of firms.