Insider Threat Management

Why You Should Bother With User Privacy & Data Anonymisation

Share with your network!

Insider threat incidents, and their total cost, are documented to be on the rise. With average costs for a single incident totaling out to about $8.76 million, it’s no wonder that cybersecurity teams are taking notice and acting quickly to detect and eliminate potential insider threats.

However, just as the number and cost of insider threat incidents are on the rise, so too are the number of conversations around user data privacy. Which begs the question: is it possible for a cybersecurity team to ensure user privacy while working to protect organisational systems, files, and data from the very people whose privacy they would need to protect? (i.e. “the insider threat”)

The short answer is: “Yes.”

It All Starts with Culture

The longer answer is a bit more complicated (but still “Yes,”). But it all starts with building the right culture at your organisation, along with adopting the right insider threat management solution.

Culture doesn’t necessarily just mean who you are, or where you are at presently. No, culture can include guiding principles that will help lead your team to where you want to be in the future. It embraces individual, as well as process, team, and organisational responsibility and ethics.

An organisation that seeks to be security-minded needs to ingrain certain cybersecurity questions in each and everything that they do day in and day out, supplementing them with live coachable moments when applicable.

These questions may include:

  1. What types of data are available about me?
  2. Who wants my data, and why?
  3. How might my data be collected, used, and stored?
  4. What are the potential impacts to my data privacy and security?

You’ll note that these questions are phrased for the individual. The intention here is to instill a sense of ownership balance over how data is protected.

While systems, files, and data access can be breached, leaked, misused, etc. on an organisational level by external threats as well as potential insider threats, systematic defense starts with the individual employee or vendor. We are all individual gatekeepers!

Once this mindset is ingrained in people, it becomes easier to develop a culture of trust for both the individual’s data privacy and the organisation’s and embrace the cybersecurity processes and technology needed to maintain it.

Good Process Embraces Culture

Many attempts at detecting and eliminating potential insider threats focus heavily on process. Process meaning: the method for limiting the potential for insiders to create, modify, and share data in an unauthorised way, particularly without visibility and oversight.

There are a lot of less-than-stellar ways of doing this, typically resulting in burdening the end-user and making it difficult for them to perform work. DLP software is notorious for this.

This doesn’t need to be the case.

By encouraging people-friendly processes that refrain from putting up barriers, and instead put up guardrails, you can continue to develop a cybersecurity-minded culture. How? There is no negative repercussion for following practices – it’s seamless and can be followed almost in the background.

The next step is to select an insider threat management solution that can safeguard user privacy alongside organisational systems, files, and data.

This is where data anonymisation comes in.

Technology Drives the Consistency

One of the biggest failings of any insider threat management or cybersecurity program is in the inconsistent follow-through.

This is not to say that cybersecurity teams aren’t doing all that they can to detect and eliminate potential insider threats, but rather that they don’t always stop and consider user privacy while doing it. And as we mentioned earlier, building trust among your employees and third-party vendors (i.e. potential insider threats) is crucial to the long-term success of any insider threat program.

[caption id="attachment_6121" align="alignright" width="232"] How an individual user might appear with data anonymisation activated.[/caption]

Proofpoint ITM’s data anonymisation feature is one way to ensure that your program maintains a focus on user privacy. It will block all users from being able to access Personally Identifiable Information (PII) within your insider threat management solution, unless they have been given explicit permission to do so. An example of one such acceptable scenario might be when a potential insider threat incident has been detected.

The data anonymised includes:

  • Anything on the User Risk Dashboard
  • Session Recording Data
  • Alerts
  • User names
  • Personal photos
  • Department membership
  • Roles
  • Login account names
  • Computer names (being accessed)
  • ...and more

The functionality is optional, but we highly encourage that organisations enable data anonymisation. It protects the cybersecurity team member from unauthorised PII access (great for GDPR regulatory compliance) and protects the end user – the potential insider threat – from having their privacy compromised.

So, can you have your cake (effective insider threat management) and eat it too (protect user privacy)? You bet!

To learn more about how Proofpoint’s insider threat management solution can help your organisation detect, investigate, and prevent insider threat incidents, while protecting user privacy, schedule a demo.