No one likes to think about trusted insiders such as employees, vendors and contractors, stealing sensitive data, but the unfortunate truth is that it happens more often than you’d expect.
According to Accenture, 69% of organizations have experienced an insider threat incident in the last 12 months. The rise of Shadow IT (Cisco estimates that 80% of employees are using unsanctioned software), paired with other trends including BYOD and remote working opens up organizations to even more risk. While creating an atmosphere resembling something out of George Orwell’s 1984 isn’t the answer, it’s important to know the top behaviors that cause insider data loss.
10 Common Ways Users Leak Data
We’re breaking down the most common ways users exfiltrate or leak data (from both technical and non-technical users), along with suggestions for how to give people the tools they want and still minimize the risk of an insider threat incident.
1. Removable Media
Removable media is a common way for data to leave an organization.
These days, business users can simply take the files they want and go. Sophisticated technical users can intentionally introduce malware onto company machines using removable media (Mr. Robot-style).
To prevent this type of insider threat-based data breach, organizations can:
- Lock down USB ports
- Monitor user activity
- Leverage endpoint protection tools
- Enforce company policies
- Educate employees on acceptable use
2. Hard Copies
While it may not seem as commonplace as it used to be before laptops, tablets, and smartphones — physical data is still a major cause of data exfiltration. Whether users print out sensitive data to work remotely or write it down, keeping track of hard copies of sensitive or critical company data can become a major problem.
In fact, paper records are the most common cause of data loss in the healthcare sector, resulting in 65% of data breaches. Organizations should monitor what is being printed, and how frequently printers are used, lockdown sensitive physical records, and shred sensitive documents before disposal.
3. Cloud Storage
Team usage of cloud storage services like Dropbox and Google Drive is on the rise. Often, these services are used by both employees and outside contractors without IT or security team involvement, making it difficult to secure their usage.
Instead of imposing restrictive policies, organizations can allow these services in moderation, carefully monitoring who is accessing documents and whether documents are being shared with unauthorized users—and put a stop to this behavior in the event it breaches policy.
4. Personal Email
Personal email accounts are often accessed by insiders to intentionally bypass corporate systems and exfiltrate data. While this use is not always malicious (remote work being a primary factor), unauthorized personal email use can be a costly risk.
To prevent data loss via non-business email accounts, carefully monitor email traffic between business networks and personal addresses to stop the leakage of sensitive information in its tracks. Also, be sure to educate employees regarding appropriate use of personal email in the workplace or using company property.
5. Mobile Devices
Mobile devices are a reality of every organization today — not to mention a major boon to employee productivity for remote workers and the mobile workforce. However, they also pose a threat to organizations’ data because of their multi-purpose use as recording devices, cameras and storage devices.
Having a solid, carefully enforced policy around mobile device usage and access (whether business or personal) is table stakes, as well as a way to monitor and control endpoint access for any business-owned devices.
6. Cloud Applications
The use of cloud applications (such as Salesforce, SharePoint, and other business apps from home devices) is a major source of data exfiltration. These applications often contain sensitive documents and information, including customer accounts, deal information, and sales pipelines.
Some users may also access “Shadow IT” applications that are outside of corporate policy. For example, sites like WeTransfer allow users to easily send data externally, but can cause a major security concern. It’s incredibly important to monitor user access and activity on all cloud apps, enforce policies on acceptable use, and immediately discontinue access after an employee or contractor has left the company to prevent data loss.
7. Social Media
Unauthorized use of social media is a key concern for security teams, since it’s relatively easy for an employee to post leaks of sensitive corporate data — whether it’s done intentionally or unintentionally. As with cloud applications, security teams should be diligent about monitoring user activity and enforcing social media policies at work.
8. Developer Tools
Technical users often access web-based hosting sites like GitHub for version control of code, or sites that store code snippets in plain text, like Pastebin. These sites make it easier for developers to collaborate on projects, but on the flip side, can be a major conduit for leaked intellectual property and proprietary source code.
It’s critical that organizations establish a data policy for code repositories as well as monitor usage to ensure code is locked down for authorized users only.
9. Screen Clipping or Screen Sharing
Many users try to find ways around IT policies with unapproved software or applications. Unauthorized screen clipping and screen sharing services like Snagit can easily be used to exfiltrate data. If users are regularly accessing these sites (or other unauthorized software), it could be an indicator of a potential insider threat.
10. FTP Sharing Sites
Many organizations also prohibit the use of FTP sharing sites, but because of their ease of use, they’re prime points of data exfiltration.
It’s important to implement end-to-end file activity monitoring, along with real-time alerting for data exfiltration attempts to FTP web applications.
How to Prevent Data Exfiltration
In order to prevent data leakage at scale, start with user education. Ongoing training and “lunch-and-learns” can be great ways to recommend policy best practices for both technical and non-technical users.
Admittedly, enforcing rules isn’t always fun, so try to make a game of it by rewarding people for good behavior, or combine trainings with valuable information that people need in their lives outside of work (for example, teach people how to protect their kids online at home, with a side of training for acceptable online behavior at work).
Ultimately, providing people more freedom and flexibility when it comes to their own tools and web access is better for the bottom line. Overly restrictive policies are difficult to enforce — not to mention they could be a major turnoff when it comes to employee satisfaction and retention.
With insider threat management tools like those we offer at ObserveIT, organizations can monitor and detect data exfiltration attempts, and investigate suspicious user activity in minutes.