More than a year and a half after the COVID-19 pandemic began, countless workers are still doing their jobs remotely rather than from their offices. While there are many positives to working from home, there can also be some negatives at play like nefarious actors taking advantage of the tools and connections that employees use in work from home environments.
Insider threats, a security risk that comes from within the organisation, are posing a major security problem for businesses. This is partially due to the widespread use of social media, encrypted communication platforms, and other tools. Now more than ever insider threats need to be identified, thwarted, and prevented.
Social distancing policies
When social distancing policies and mandates began keeping people apart, many turned to social media to stay connected. While social networking tools have provided a positive outlet and a way for people to feel more connected, these platforms have also become a hotspot for insider targeting because they provide a way to propagate disinformation and target individuals likely to be receptive to it.
The ideal mark for an insider threat is someone who is active on social media
Even more so, they have provided a means to develop relationships with organisational insiders and socialise with them. The ideal mark for an insider threat is someone who is active on social media, has sufficient access to sensitive information, lacks supervision in their day-to-day work, and works remotely. As the relationship develops, through the process of grooming, an employee can become more likely to disregard company policies and commitments.
Disregarding company policies
One reason insiders might act against their own organisation involves monetary gain. The pressures of the pandemic have led to record levels of unemployment and financial strain for millions of Americans. Financial issues can include struggling to pay for childcare, supporting family obligations, paying rent and more. Those who find themselves in a financial bind might not just act against their own company but could also more easily fall victim to a threat.
Another reason that insiders act is that they may be disgruntled. Insiders may hold a grudge because they were passed over for promotion, were given an unsatisfactory performance rating, or they may be facing termination. While just one of these factors may not be a trigger to involve the company’s security team, any combination of these factors along with a change in the employee’s demeanour or behaviour should serve as a red flag to pay closer attention to the situation.
Potentially malicious insiders
Sending confidential information to an unsecured location in the cloud exposes the organisation to risk
Another challenge employers face directly relates to the somewhat limited supervision of employees who work remotely. In this situation, identifying potentially malicious insiders is more difficult, largely because face-to-face interactions are limited. When the pandemic began, many companies shifted their primary areas of focus to keeping the business viable, which is understandable. However, with this shift of focus, less attention may have been paid to security issues.
The proactive company will have ensured their employees are aware of the following:
- Steps they should take to ensure their devices -- both company-issued and personal -- are secured at all times.
- Sending confidential information to an unsecured location in the cloud exposes the organisation to risk.
- Breaking security policies to simplify tasks is prohibited.
- Ensuring their devices are updated with the latest security patches.
A failure in any of these areas can produce an environment ripe for malicious insider activity.
Cyber security teams
This multidisciplinary group can lead the initiatives that are paramount to keeping the company secure
The insider threat is an organisational threat and so it is most effectively addressed from a holistic perspective. Stakeholders from different parts of the organisation need to be at the table to understand and address such threats. An effective team includes personnel from the legal, human resources, communications, and physical and cyber security teams.
This multidisciplinary group can lead the initiatives that are paramount to keeping the company and its employees secure.
- Conduct a risk assessment of the company’s security processes or a threat assessment to the company’s people or assets. No organisation is without some level of vulnerability, so identify the most critical assets, information, and systems; identify those who have access to these critical assets; and build controls around them to provide extra security.
Delivering refresher training
- Build a training program to help employees and management identify concerning behaviours. Educate staff about insider threat indicators and provide instructions for how to report concerns. Require employees to complete training and deliver refresher training and updates throughout the year. Training on this matter is not a one-and-done situation.
- Ensure there is an impartial and confidential process in place for employees to report possible insider threats. Employees need to trust that if they report concerns about behaviours or actions on the part of a fellow employee, their information will be handled discreetly and if warranted, acted upon.
- Write a communications strategy clearly defining the process for relaying insider threat incidents. An effective plan lays out what information and when this information should be shared with specific individuals and to the broader community, who has authority to communicate sensitive information, and how the information should be disseminated.
Remote working challenges
- Establish a check-in process for managers and their direct reports to enable a means for employees to share concerns and for managers to identify challenges or opportunities to assist employees working in the virtual environment.
- Make an EAP (employee assistance program) readily available to employees. Ensure they understand how to access their EAP and assure them that contacting the EAP will not have a negative impact on their career or growth potential. Providing venues for employees to share their concerns and talk with trained staff can greatly help organisations navigate insider threats and general remote working challenges.
Security risk environment
The virtual workplace has created a serious security risk environment for companies in which employees who would not normally engage in insider threats become more vulnerable to them. Through new technologies and possibly due to new financial hardships, those looking to harm an organisation are out there, searching for opportunities to strike.
It is leadership’s responsibility to take proactive action to ensure their employees are aware of the possibility of insider threats, the seriousness with which management views them, and the resources available should someone fall victim. It is everyone’s responsibility to remain vigilant.