Posted in Time-Saving Tips

Three Ways to Avoid Employee Errors that Cause Insider Threats

Reading Time: 3 minutes

Welcome to the second edition of our monthly series, where we offer time-saving tips for security professionals. This month, we’re focusing on preventing accidental insider threats by helping employees avoid errors. According to the 2019 Verizon Data Breach Investigations Report (DBIR), 30 percent of all cybersecurity breaches were caused by employee errors or privilege misuse. Other recent insider threat statistics from Ponemon show that two out of three insider threat incidents are caused by employee or contractor mistakes. The good news is, many of these inadvertent incidents are avoidable with the right cybersecurity training.

Here are three ways to save time by helping employees avoid common errors.

1. Teach a Person to [Avoid the] Phish

This year’s Verizon DBIR shows a whopping 32 percent of breaches are caused by phishing. Although this tactic is as old as email itself, sophisticated social engineering attacks are still getting the best of users. Many of these attacks are moving up the chain and targeting C-level executives, or sending emails to employees masked as trusted execs so intruders can gain access to sensitive corporate servers.

To save time recuperating from data loss and other damages that come from phishing or social engineering attacks, many security teams use anti-phishing programs that send out fake phishing campaigns on an automated, random basis to employees to see if they’ll bite. After taking an inventory of who fell for it, security analysts can approach each employee one-on-one, or provide further training on avoiding these errors to the specific subset of employees who need it.

2.  Send In-The-Moment Alerts to Users

Many employees could sit through 10 or more training sessions and still make mistakes. In some cases, the most common, recurring mistakes have to do with a misunderstanding of the cybersecurity policy. To save time for employees and security teams alike, an insider threat management platform like ObserveIT can automatically send in-the-moment alerts to employees to inform them of potential policy violations in progress.

For example, if an employee is using an out-of-policy cloud storage platform to share documents with a contractor, they’ll receive an alert about their activity. The security analyst can then follow up to determine whether the employee has a specific need that permits an exception to the rule, or if a whitelisted solution can be used instead. Ultimately, these alerts are about identifying potentially harmful user activity, and educating the user to either avoid repeating these mistakes in the future, or collaborate with security to gain access to the programs they need to do their jobs.

3. Make Security a Part of Employee Onboarding

Many organizations mistakenly make security an afterthought, training employees after they’ve already been on the job for several weeks, months, or (gasp!) even years. However, educating employees on corporate policy and testing their knowledge should be an important part of the onboarding process for every employee and contractor.

For smaller organizations, embed the security team into the onboarding process for new “classes” of employees as they join the organization. Ensure that a segment of training is dedicated to explaining IT systems and reviewing policies, as well as providing some basics on application security best-practices. For larger or fast-growing organizations, a video training series that includes practical examples and a quiz at the end can help test the security know-how of incoming employees.

Giving a “face” to security on day one helps employees see that security is a top priority for the organization, and makes them all the more diligent in avoiding mistakes.

Get Dedicated to Insider Threats

With the three tips above, you can both save time by automating processes, and make cybersecurity awareness top-of-mind for employees.  In addition, a dedicated insider threat management platform can help catch many of the accidental insider threat indicators that may otherwise fall through the cracks.

What strategies have you found to help avoid employee mistakes?