Protecting Your Organization from Insider Threats
Most organizations know that they need cyber security to protect from outside threats, but what they don’t account for is the growing number of insider threats. Insider threats come from trusted employees, which is something most employers don’t consider. It’s hard to imagine that a trusted employee could be the one to cost you millions in stolen data, but it’s a rising threat for organizations that store sensitive data and don’t have proper security.
The Typical Insider Threat
One goal of an attacker is shielding his identity. For someone who already has access to your network, this means phishing for another employee’s information. It’s suspicious for one employee to ask another for their credentials, so many times the employee waits for a user to walk away from their machine. The attacker then goes to the physical machine and quickly sends data using the logged in employee’s information. This gives the attacker free reign to network data, and it shields them from being logged as the person who stole your data.
Most organizations have some kind of “lock” policy in place. When a user leaves their desktop, they should lock the computer so that any other user can’t access the desktop without credentials. The policy works if everyone remembers to lock their computer. But in reality many employees forget to lock their desktop and leave it wide open to an attacker.
Not only does an unlocked computer leave your network open to insider threats, but you also risk allowing outside attackers access to the machine. “Piggybacking” or “tailgating” is common when attackers want to gain access to your premises. They follow an employee through a secure door with the employee’s official badge. The employee thinks they are being polite, but in reality they allow an attacker access to physical machines.
What You Can Do to Protect Desktops and Ultimately Your Data
Before you think this is a rare attack, Tripwire reports that insider threats are the biggest cyber-security concern in 2017. It comes after Google filed suit against a former engineer who allegedly stole 14,000 files from Google and took them directly to his new employer Uber. This is just one example of a large-scale insider threat, but it can happen to a business of any size. The main hurdle is that most employers must allow their employees enough access to be productive while still limiting access to only files and applications necessary to do their job.
You can either rely on users to lock their desktops or take a proactive approach that doesn’t interfere with their work. IT admins will place a lockout policy on the machines, but usually it’s at least 10 minutes before the desktop locks, which leaves plenty of time for someone to access the physical machine and transfer files from the user account.
The alternative is to have a device that auto-locks the desktop when the user walks away, and then unlocks when the user is close. The automotive already uses this technology to auto-lock cars when the owner walks away, and you can do the same with your office computers.
Use an Access Management Solution like GateKeeper
Gatekeeper provides you with a way to auto-lock the desktop. With our new hardware version – the Halberd, the user has a wireless key that they can attach to their keychain or anything else that they carry on their person. When they walk away, the desktop locks, and when they move in range, Gatekeeper technology automatically unlocks it. You can set the range, so the user must be anywhere from inches in proximity to the machine to 30 feet away.
This technology protects you from outsider threats from tailgating and any malicious attacker who can access the physical machine. Your IT admins can still set auto-lockouts on the computers, but Gatekeeper accounts for human error, which can cause immeasurable damage.
With Gatekeeper, you don’t interfere with user productivity because they can access their desktop whenever they are in close proximity. You still need other security logs and procedures in place, but Gatekeeper stops the threat of unauthorized data theft based on someone accessing an unsupervised machine.