We always hear about hackers stealing data and personal information. However, a big chunk of breaches occur from business insiders and staff.
Verizon released the 2014 Data Breach Investigations Report last month, which looked at statistics compiled by 50 major international organizations. The report said in 2013, 18% of breaches were conducted by “insider misuse”. Numerically, that means for the 63,437 detected last year by these organizations, 11,418 data leaks were made by staff members.
Verizon’s recommended controls to reduce and avoid internal breaches are:
1. Know your data and who has access to it. From this, you can build protection controls to make the data harder to leak.
2. Review user accounts. Once you know who has access to sensitive data, you can review account activity, especially as soon as an employee gives notice or has been released from a company.
3. Watch for data exfiltration. Data loss prevention products allow you to set up controls that will disallow data theft through common activity.
4. Publish audit results. Deter bad behaviour by releasing anonymized internal audits ensuring employees understand the consequences.