National Cybersecurity Awareness Month: Insider Threats In Your Digital Workplace
October marks the season of ghosts, goblins and ghouls—the creepy creatures of which we are both fascinated and terrified. It is fitting that in the United States, National Cybersecurity Awareness Month falls during this time.
Cybercrime is the Monster Lurking Behind Dark Monitors
Unlike many other types of offenses, cybercriminals use computers to hack, phish or spam another device. It carries a sinister reputation of having faceless, invasive and uncontrollable characteristics. Cybercrime hides in the shadows and enjoys a wide reach, impacting 1 in 4 Americans.
As a child, you might have checked under your bed or in your closet for stowed away monsters (real or imaginary). In the business world, data breaches and hacks are very real beasts that impose hefty litigation and reputation costs on its victims. In order to scare cyber-crime monsters from their shadowy hiding places, information security professionals need to constantly audit and manage cyber-risk in their enterprise.
Look for Risks and Chase the Monster Away
Think back the last scary movie you watched—there’s always a sign that the monster is hiding: a creaky door, the stench of its odor or drops of blood from its last victim. Often these signals are exactly what helps the hero outsmart, and defeat, the villain.
Audited appropriately, cyber-risks are the sneaky signs leading to the nearest hiding monster. There are many different types: lax password policies, ransomware and phishing. However, one of the most devious, slimy and underestimated of all cyber-risks is the insider threat.
Insider Threats Have a Sneaky Hiding Place: The Digital Workplace
Digital workplace communities are where employees go to get work done. They live on platforms like Workplace by Facebook, Slack, Yammer and Microsoft Teams. Public groups create space for widespread knowledge sharing and updates, while private groups allow teams to collaborate in real-time to make decisions and complete projects. Without proper management, the casual, chatty nature of these tools can also be a hotbed for insider cyber-risk.
Minimize Shadow IT in Your Digital Workplace
Widespread Bring Your Own Device (BYOD) programs make it easy to blur the lines between personal and professional communication methods. For example, someone can take to SMS texting on a personal device and quickly switch over onto their professional email application. In an always-connected digital age, it is also easy for employees to spin up new instances of the latest digital offering outside their IT’s purview—commonly known as shadow IT.
Shadow IT can create a significant gap in coverage in a company’s security portfolio. Companies can reduce risk if employees collaborate on a company-endorsed digital community where you can monitor employee communications for risky behavior.
– Matt Huber, CoFounder & Information Security Architect, Aware
Choose enterprise collaboration solutions that work for your employees and invest in widespread employee adoption. New solutions and training will require upfront investment across your organization, so have a plan to educate colleagues that the price is nominal compared to the potential risk of a breach in a shadow environment—an expense that adds up to a staggering average of $3,920,000 in 2019.
Audit Your Digital Workspace Security Gaps
Make sure that you include your enterprise collaboration technology stack in your internal risk audit. Ask questions about how negligent or malicious workers might share or expose sensitive information in digital spaces.
Tools like Workplace by Facebook, Yammer and Slack invest heavily in infrastructure that protects them from external breach, however that doesn’t always prevent employees from sharing sensitive data in the private or public areas of the tool. Without the right safeguards, one post or message can give several colleagues unneeded or even risky information access.
Close Your Digital Workspace Security Gaps
Once you understand how and where employees might share sensitive information in a tool like Workplace by Facebook, Yammer or Slack; it’s time to manage that risk.
The best solution for mitigating insider threat risk is using a configurable, rules-based monitoring tool, like Aware. These solutions automatically scan private and public communication areas and surface risky shared content, along with the corresponding context. Once surfaced, your security team can follow the appropriate protocol to control the risk.
Without the right measures in place; every click, share, send, and post employees make in the digital workplace builds an exploitation-ready digital trail. Protect yourself from a face-to-face encounter with a devilish cybercrime monster when you understand, secure, and maintain your digital workplace.