3 ways to reduce insider attacks and user error

It feels like no matter how well you prep your systems, the biggest threat to security IT faces is always the same: people.

And those feelings are backed up by different annual breach reports, like those Verizon and IBM publish each year. Most of the breaches covered in these reports are made by accident – a user makes a mistake such as clicking a link in a phishing email or leaving data unsecured.

But the troubling statistic comes from an IBM breach report: 45% of breaches were due to malicious insiders, or users who intentionally leaked data.

So what can be done when the threat is from within your own ranks?

Narrowing your chances

  1. Don’t hire them in the first place. Make sure HR is properly vetting to ensure people who are on federal registries aren’t being put into critical security positions. While you can’t catch every bad egg from the start, and sometimes malicious users are made while they stay with a company, this first step is your best way to start off on the right foot.
  2. Properly lead staff and users. Make everyone aware of proper data usage policies by having them sign off on them. Then, review these policies as necessary and remind users of them frequently, so security is never far from their minds.
  3. Trust users and staff, but verify everything they do. Attackers often get away with malicious acts because the company or department didn’t have a proper system of checks and balances in place. This means there’s no way to catch them in time because there was a lack of oversight. That means no one person should be able to tip the scales out of balance.

As a benefit, these tips can also help improve overall staff performance – they don’t just apply to preventing insider attacks.