With ransomware, trojans and malware in the news, companies often think hackers are the biggest security risk. But it’s not always external attackers who exploit vulnerabilities in the company network. Your own staff may be able to use their extensive access permissions for data misuse – and without much effort. It’s rare for organisations to be as well equipped with tools to prevent internal attacks compared to those coming from outside.
Here are five tips to help you protect your company effectively against data losses caused by internal perpetrators.
1. Introduce differentiated access rights
To protect your sensitive data, you can grant staff from different departments the appropriate access rights for their work. In doing so, you’re achieving the goal of the need-to-know principle. In other words, your employees don’t get access to documents and data sets unless they need it specifically for a task. You can use different security levels to set up what’s known as “Chinese walls” within the company. These prevent data being shared between various departments and will limit the extent of any data loss.
2. Use high-security two-factor authentication
To keep the risk level as low as possible, you would be well advised to use authentication in two steps as a second protection measure. For example, users aren’t only asked to enter their password, but also the security code from the Authenticator app on their smartphone. The code is only valid for a single session. So even if an internal perpetrator steals a password, they can’t get access to sensitive information and data.
3. Shield your information
Another way to protect your data is with shielding. System and service providers should never have access to your files and documents. And shielding also lets you limit the access rights of your administrators to the information relevant to their job.
4. Implement Information Rights Management
Information Rights Management technologies enable you to monitor sensitive documents and protect them against unauthorised downloading. IRM gives you effective control over documents, even when users are authorised to access them. In addition, dynamically-embedded watermarks prevent screenshots too. That way, your data stays in its protected environment and can’t fall into the wrong hands or be accessed by unauthorised users.
5. Use a tamper-proof history log
It’s a good idea to log all activities in a tamper-proof history to prevent data theft by insiders – or uncover who did what after a theft. That gives you end-to-end visibility and traceability in your information flows.