Insider Threat Management

Securing Remote Workers and Enabling Business Continuity with Insider Threat Management

Share with your network!

(Update (10/09/2020)

Right now, more employees and contractors are working from home than ever before. Key to ensuring business continuity during this rapid shift in remote working patterns is to consider how insider threat management (ITM) can help maintain your compliance and cybersecurity posture. In this post, we share practical considerations to make as organisations shift toward remote working.

Right now, most companies are not only suddenly managing a massive increase in the number of remote workers, but also remotely supporting a set of business-critical functions that traditionally are exclusively in-office activities. This shift in workforce dynamics has brought a unique set of cybersecurity and insider threat considerations. As Joseph Blankenship from Forrester Research writes, the pandemic has created the “perfect conditions for insider threat.”

Most organisations face great pressure to maintain productivity and business continuity while ensuring compliance with data protection regulations and protecting from insider threats. Some employees will be new to remote work, causing the potential for misuse of company resources if the right security guardrails are not put in place. Others may be targeted by malicious actors with thousands of new COVID-oriented scams popping up. Many organisations are themselves in flux as they restructure and plan for a new normal. All of these elements contribute to an environment where insider threats are not only harder to detect, but they also may be happening more frequently. Here are five examples of new ITM challenges that can emerge when an organisation needs to manage a rapid increase in remote work volume and how cybersecurity for remote workers can help mitigate risks.

Managing Cybersecurity Risks while Rapidly Increasing Number of New Endpoints

Most organisations have needed to increase the number of sanctioned endpoints that employees can use to accomplish remote work. Whether new physical laptops or new VDI instances, new desktop infrastructure is being deployed rapidly. Many of these new endpoints are for employees who previously did not have remote access to organisational resources, such as call center employees, executive assistants, or financial administrators. 

This creates new security vulnerabilities related to the new remote job functions and new types of application access granted to users outside of security perimeters. And it increases the insider threat attack surface with a larger number of active endpoints with authorised access outside of the perimeter. ITM solutions that provide early identification of user risk based on endpoint activity are critical for managing security while expanding the number of physical or virtual endpoints.

Extending Application Access to New Remote Workers

Another strategy for managing the need to rapidly increase the number of remote workers with access to enterprise applications is to leverage application virtualisation technology. This results in a similar increase in the potential range of insider threats that need be considered. With more users accessing published applications from remote endpoints, it is important to extend visibility of potentially risky user activity or risky handling of sensitive data to the application servers. Extending ITM visibility to cover server-based published applications in addition to desktop clients is a strategy for enabling remote application access while maintaining security posture.

Balancing Remote Productivity with Risky “Shadow IT” Practices

As employees adapt to new remote working models, the full potential of digital communication and collaboration technologies is being realised. But with the incredible boost in productivity associated with now-commonplace cloud-based messaging, file sharing, screensharing and conferencing applications, comes the potential for misuse. This is the same shadow IT challenge IT organisations have been managing the past several years as employees trying to strive for convenience, use their own cloud-based tools on the same workplace endpoints with direct access to sensitive data. But with the pressures to stay productive while working 100% remote, the likelihood of leveraging non-sanctioned cloud applications increases along with the associated risk of data leakage. ITM, along with a strong security awareness training, can be tools for maintaining compliance related to management of sensitive data.

Managing Privileged Access of Remote Users

As privileged access users, like IT Support or Operations, also move to remote working models, it is critical to ensure ongoing commitment to security practices on both desktop and server endpoints. Deploying ITM technologies on critical servers or primary operating machines will provide forensic troubleshooting and auditing without having to have someone document or actively monitor IT operators. The ability to rapidly identify and resolve concerns related to the actions of privileged access users is a necessity regardless of where they are working. But as the working world shifts to remote, we are relying on IT organisations more than ever to maximise productivity while supporting secure operational practices of our remote workers.

Onboarding New Employees When Everyone Is Remote

While the world will ultimately find a new post-pandemic normal, many organisations will maintain a larger number of remote workers than before. As new employees are hired and onboarded as remote workers, ITM practices will be a key enabler of maintaining security and visibility. Simplicity of technology solutions will be paramount with the need to quickly configure new desktop endpoints and ensure visibility to new user activity as they gain access to sensitive data and resources.

Managing Data Loss Risk from Departing Employees

Finally, on the flip side of the previous example, it will become far more common for organisations to manage employee offboarding—whether voluntary or not—within a remote work framework. Many organisations have ITM programs focused on at-risk employees – and an employee that is about to leave an organisation poses a higher risk.  When employees are remote, it is inherently more difficult to manage access to data and resources, in particular if endpoint-based. ITM can be an important tool for ensuring visibility and control during the remote employee offboarding process.

Navigating New Waters with Remote Work Security

We’re in uncharted waters when it comes to cybersecurity for remote workers, and everyone is working hard to figure things out and adjust to the new situation. That means employees, contractors, and other insiders are more likely to make mistakes that could cause insider threat risks, or in worst-case scenarios, take advantage of the situation on purpose to exfiltrate data or otherwise break security guidelines. 

Managing cybersecurity for remote workers has unique considerations, and the current global situation has left many organisations without the same tools and workflows they could rely on when employees were in the office. Empathy, understanding, and flexibility will be important traits to cultivate as you navigate these times and bring updated IT security measures to remote workers. Finally, with a few adjustments to existing security programs, we’re confident your team can meet the security needs of these unprecedented times.

How are you adapting your security stack and ITM program to manage security with a remote workforce?