fbpx

How To Mitigate Insider Data Theft

7 Ways to fight a growing cyber threat in the new remote employee culture

Insider data theft is a sobering thought. As a business owner, you can install specialized antivirus software, train your employees on how to spot a phishing email, and invest in a company that provides superior network monitoring, but none of that will do any good if your enemy is already within your walls.

Now don’t misunderstand. You need to be doing all of those things; I’m not advocating that you skip any of those steps in securing your business (Buzz Cybersecurity offers a free audit to help ensure you’ve got the basics covered), but with an unprecedented number of employees working from home due to the current Covid-19 situation, you need to entertain the possibility that someone in your organization may be willing to steal from you at some point in the future. Or already is. If you have a smaller organization, that can feel like a personal betrayal. Some may not even want to entertain the thought. But the majority of your employees are good, trustworthy people and will thank you for taking these steps because data theft puts their jobs at risk, too.

For the purposes of what we’re discussing in this blog, we’re excluding data breaches that occur accidentally via authorized viewing of data where no information is shared, lost or stolen devices, or malicious attacks coming from outside your company. While costly, they are a separate conversation. If you’d like more information on ransomware attacks, click here. This article is only going to deal with those employees who, for reasons ranging from selfish financial gain to righting a perceived wrong done to them by your company, have made an intentional decision to break the law and shares confidential data with others for the intent of causing harm to an individual or company.

What Can I Do?

  1. Evaluate and classify all sensitive data. Most people don’t think like criminals, but for this to work, you have to take a step back and look at your assets objectively. What do you have in your possession that is most valuable if leaked and therefore more likely to be the target of theft? Make a list of what systems hold this information and create a security governance policy to make it harder to access this type of data. Revisit your list at least twice a year to make sure it’s current.
  2. Limit the number of people you trust with access to sensitive data, and limit the amount of access they have. In 2018, Tesla learned this the hard way. According to CEO Elon Musk, a disgruntled employee was responsible for making “direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.” The electric car company decided to forgo limiting the privileged access it allowed it’s employees to have, and according to CNBC, it cost the company a staggering $167 million dollars in damages. And while it’s common sense that no company will ever be 100% safe against these types of attacks, this particular incident is considered unfortunate because it could have been avoided.
  3. Give people overlapping shares of trust. This is basically a system of checks and balances. It ensures that no one person has a singular Osterhagen Key that allows them to take out your company. You don’t want to give one person the ability to launch the nuclear warheads, and most employees will appreciate not being put in a position to wield such responsibility or to yield to temptation.
  4. Monitor employee activity. No one likes to be Big Brother, but sensible employees will understand the benefits of working from home—namely less money spent on gas, eating out, work attire, not to mention more time to sleep and spend with family—far outweigh the need for companies to monitor for safety. Plus, anything they need to do on a personal level that they don’t want you to be privy to can be done on their PC or phone. Take a proactive approach to detect suspicious behavior when it occurs, rather than waiting for a breach.
  5. Establish an acceptable use policy and then educate your employees about it. Having an official corporate policy about what is and what is not acceptable when it comes to using your company’s data. Then make sure all employees go through training that makes them accountable for what they’ve learned. Don’t assume that it’s common sense. And make sure employees know the legal consequences that will be taken should they be caught stealing company information.
  6. Establish an anonymous tip line. Peers will often be the first to notice a co-worker’s suspicious behavior. Giving them a means to report unusual or erratic behavior will encourage your employees to come forward, especially if they are assured that they will not be subject to any retaliation because they can remain anonymous. Some may feel that this makes them a snitch, so it’s your job to help themselves realize that they’re actually being a hero, because not only could they be saving your company from financial ruin, but in the process, they’re helping to save their own jobs and the jobs of their friends.
  7. Pay attention when an employee leaves your company, even when it’s on good terms. Don’t delay when it comes to terminating all employee accounts. Make sure any access to get back into your facility is revoked, and remove the employee from all access lists. You may be tempted to only do this when an employee is “disgruntled,” but making this a standard operating practice when a person departs your company will ensure that no one slips in through a door that should have never been left open.

Ready to take the next step in protecting your company and your livelihood?

Reach out to us today for a free consultation!

Ransomware Attacks

NOTE: if you have already been the victim of a ransomware attack, please contact us immediately.

While you’re running your business, there are evil people thinking up new ways every day to steal your hard-earned dollars. It seems like they never sleep. You’ve taken steps to ensure that you won’t be an easy target like installing good alarm systems, running background checks on potential employees, and hiring security guards (or you yourself carry). And that’s great for threats you can see, but what about the virtual bad guys? How do you fight them? Sadly, many companies never think about this until it’s too late. Kudos to you for taking the time to research cybersecurity threats and how to protect your assets. Ransomware has become one of the most costly types of malware in the last decade. At Buzz Cybersecurity, we have seen this happen and it’s never pretty. You’re probably wondering how to prevent ransomware. Let’s take a more in-depth look at it and how you can avoid becoming a victim.

What is ransomware?

In layman’s terms, ransomware is a type of malware that gets its name from the fact that the attackers gain access to data and hold it hostage for a ransom. This is known as cryptoviral extortion. Cybercriminals can block the company’s access, or if its particularly sensitive data, threaten to make it public if the demands are not met. Such attacks are becoming more frequent and more brazen. Earlier this month Variety reported that a group known as REvil claimed to have dirt on President Donald Trump and threatened New York law firm Grubman Shire Meiselas & Sachs with a data dump if they did not receive $42 million within 7 days, doubling their fee after the firm made an offer of $365,000. To show they meant business, and as a possible punishment for what they considered an insulting offer, REvil published a 2.4 GB document containing another client’s info: Lady Gaga’s contracts for concerts, TV appearances, and merchandising. Since payment is typically demanded in Bitcoin or some other cryptocurrency, tracing the ransom and making arrests are still very difficult. Research shows that 70% of those infected with ransomware have paid to get their data back, even when advised not to by law enforcement, so there seems to be little incentive for these cyber-terrorists to stop anytime soon.

How do ransomware attacks work?

Most ransomware attacks begin with an unsuspecting employee opening an email attachment that has a trojan disguised as a legitimate file. (Although it should be noted that much is still unknown about how some attacks were able to take place; in 2017 computers using Microsoft Windows were the target of the “WannaCry Worm,” which traveled between computers without user interaction) Once released, the malware is able to encrypt the user’s data, usually by tricking him or her into giving it admin access. However, if a company has significant security holes, aggressive malware may not need to trick the recipient. A message is then sent to the victim with instructions on how to pay the ransom electronically. Once received, a mathematic key is sent to the company so the files can be unlocked.

What’s at stake?

In 2019, ransomware is estimated to have caused organizations global damage to the sum of $11.5 billion dollars. The average amount a company would pay last year was $41,000. But according to an article in Forbes Magazine, that number has more than doubled in 2020 to over $84,000. That includes lost revenue, hardware replacement, and repair costs, but the damage to a company’s brand is harder to gauge. And while 98% of those who paid did get an encryption tool, on average they still lost 3% of their files. That may not sound like much, but remember, there is no guarantee that you will be one of the lucky ones that are dealing with a thief who intends to honor their word in the first place and give you anything. And you should also expect your normal IT duties to take a backseat during recovery. It can take many, many hours to get things back to where they need to be.

Who’s at risk?

You might think that because you’re a small business, hackers will bypass you in favor of larger corporations who will be able to pay a larger ransom. And that’s what they are counting on. While it’s true that government agencies, big law firms, and medical facilities make tempting targets because they are more likely to pay up quickly, often times targets are chosen because of ease of opportunity: smaller businesses don’t always have the security measures in place that keep the bad guys from finding the weak link in the fence. According to an article by CNBC published late last year, 43% of small businesses are targeted, but only 14% are prepared to defend themselves. And as we like to say here at Buzz, the best defense is a good offense.

Steps you can take starting now

The truth is that no organization is immune to ransomware, but there are some things you can do to ensure that you are less of a target and mitigate the damage if you are attacked.

  1. Take stock of your current situation. This is a step you cannot afford to skip. By keeping your operating system patched and up-to-date, you make it harder for cyber thieves to exploit you. If you’re not sure what to look for, Buzz Cybersecurity has a free audit that you can take advantage of to ensure you don’t have “open doors” that are inviting an attack.
  2. Back up your files- frequently! While this won’t stop a ransomware attack, it at least ensures that you have a disaster plan recovery (DPR) in place that will make the damage much less significant.
  3. Invest in anti-virus software. Again, nothing is foolproof, but a good system will detect malware programs and may prevent ransomware from successfully getting access to your data. Don’t assume though that the software that was included with your PC is going to meet your needs. We can help you look at the variables that you need to consider when choosing the right software that will protect your most valuable data.
  4. Educate yourself and your employees. It’s not enough for you to know what to do to prevent an attack. You should look to bring your entire team on board so everyone can work together. We offer a program called Lunch & Learn that’s free for your company, and we cover things like the basics of malware, how to spot and avoid a potential phishing email, protecting credentials, and what to do if an employee suspects there has been a breach.
  5. Network monitoring. You can’t be everywhere at once, so we recommend having an added safety net in place. There are some free tools available out there, but again, like anti-virus software, it may be missing key features that you need. Because of the many drawbacks such as not being able to upgrade and most not offering any support should you need it, many in upper management are not comfortable using these tools and we can’t say we blame them. The fact is these products will not give you the same stability or reliability as a paid commercial tool. We started off talking about threats you can see- and in the same way that a good home security system protects your loved ones and gives you peace of mind, Buzz Cybersecurity specializes in actively monitoring your “cyber-home” during an attempted break in.

These steps are not all-inclusive, but some basics to get you started. We’re happy to talk IT shop with you if you want to take the next step. Or sign up to get our emails and stay in the loop on the constantly evolving world of cybersecurity. You’ve put your blood, sweat, and prayers into your business. Don’t let some punk who’s never worked an honest day in their life swoop in and take it from you.

Image by Pete Linforth from Pixabay