No one likes to think about trusted insiders such as employees, vendors and contractors, stealing sensitive data. The unfortunate truth is that it happens more often than you’d expect.
According to Accenture, 69% of organisations have experienced an insider threat incident in the last 12 months. A few concurrent trends are only increasing this risk. The first is the continuing rise of shadow IT. Cisco estimates that 80% of employees are using unsanctioned software. Mixed with bring-our-own-device policies and a shift to remote work, it's a recipe for increased insider risk.
10 Common Ways Users Leak Data
Creating a locked-down atmosphere straight out of George Orwell’s 1984 isn’t the answer. But it’s important to know the top behaviours that cause insider data loss. Here are most common ways users exfiltrate or leak data (from both technical and non-technical users), along with suggestions for how to give people the tools they want and still minimise the risk of an insider threat incident.
1. Removable media
These days, business users can simply take the files they want and go. Sophisticated technical users can intentionally introduce malware onto company machines using removable media (Mr. Robot-style).
To prevent this type of insider-led data breach, organisations can:
- Lock down USB ports
- Monitor user activity
- Leverage endpoint protection tools
- Enforce company policies
- Educate employees on acceptable use
2. Hard copies
It may not seem as commonplace as it was before laptops, tablets and smartphones, physical printouts are still a major cause of data exfiltration. Whether users print out sensitive data to work remotely or write it down by hand, keeping track of hard copies of sensitive and critical company data can become a major problem.
In fact, paper records are the most common cause of data loss in the healthcare sector, resulting in 65% of data breaches. That's why organisations should:
- Monitor what is being printed
- How frequently printers are used
- Lock down sensitive physical records
- Shred sensitive documents before disposal
3. Cloud storage
More workers—both employees and outside contractors—are using cloud storage services such as Dropbox and Google Drive. Often, they're used without IT or security team involvement, making it difficult to secure their usage.
Instead of imposing restrictive policies, organisations can allow these services in moderation. They should carefully monitor who is accessing documents, whether they are being shared with unauthorised users and block these actions if they breach policy.
4. Personal email
Insiders often access personal email accounts to bypass corporate systems and exfiltrate data. While it's not always malicious (it might be easier than logging into a VPN, for example), unauthorised personal email use can be a costly risk.
To prevent data loss through outside email accounts, carefully monitor email traffic between business networks and personal addresses to stop data leakage in its tracks. Also, be sure to educate employees about appropriate use of personal email and company-owned devices.
5. Mobile devices
Mobile devices are a major productivity boon to employee productivity for remote workers and the mobile workforce. However, they also pose a threat to organisations’ data because of their multi-purpose use as recording devices, cameras and storage devices.
Having a solid, carefully enforced policy around mobile device usage and access (whether business or personal) is table stakes, as well as a way to monitor and control endpoint access for any business-owned devices.
6. Cloud applications
Cloud applications such as Salesforce, SharePoint and others are major sources of data exfiltration. Users often upload sensitive documents and information, including customer accounts, deal information and sales pipelines.
Some users may access other shadow IT apps that fall outside corporate policy. Sites such as WeTransfer, which allow users to easily send data externally, can cause a major security concern. To prevent data loss, it’s critical to monitor user access and activity on all cloud apps, enforce policies on acceptable use and suspend access right away when an employee or contractor leaves the organisation.
7. Social media
Unauthorised use of social media is a key concern for security teams It’s easy for an employee to leaks of sensitive corporate data, whether intentional or by mistake. As with cloud apps, security teams must be diligent about monitoring user activity and enforcing social media policies at work.
8. Developer tools
Technical users often access web-based hosting sites such as GitHub for version control of code or Pastebin, which stores code snippets in plain text. These sites make it easier for developers to collaborate on projects. But they can be a major conduit for leaked intellectual property and proprietary source code.
Organisations must establish data policies for code repositories and monitor usage to ensure code is locked down for authorised users only.
9. Screen clipping/sharing
Many users try to find ways around IT policies with unapproved software or applications. Unauthorised screen clipping and screen sharing services such as Snagit can easily be used to exfiltrate data. If users are regularly accessing these sites (or other unauthorised software), it could quickly become an insider threat.
10. FTP sharing sites
Many organisations also forbid users from using FTP file-sharing servers. But they're still easy to use and prime points of data exfiltration.
Organisations must deploy end-to-end file activity monitoring along with real-time alerting to stop FTP-based data exfiltration.
How to Prevent Data Exfiltration
To prevent data leakage at scale, start with user education. Ongoing training and “lunch-and-learns” can be great ways to recommend policy best practices for both technical and non-technical users. A formal security awareness training program with targeted and follow-up training is even more effective.
Admittedly, enforcing rules isn’t always fun. Try to make a game of it by rewarding people for good behaviour. Or combine training with valuable information that people need in their lives outside of work. For example, teach people how to protect their kids online at home—with a side of training for acceptable online behaviour at work.
Ultimately, providing people more freedom and flexibility when it comes to their own tools and web access is better for the bottom line. Overly restrictive policies are difficult to enforce. And they could be a major turnoff when it comes to employee satisfaction and retention.
With insider threat management tools like those we offer at Proofpoint, organisations can monitor and detect data exfiltration attempts, and investigate suspicious user activity in minutes.