Insider risk management is about much more than ensuring you have the right technologies in place. It’s about having the right mix of people, processes, and technology focused on the issue.
Since people are at the center of all insider risk, having a strategy for ongoing cybersecurity awareness coaching and training can help prevent simple mistakes from evolving into insider-caused breaches. (Fact: Negligent insiders account for 62% of all incidents, costing organizations an average of $4.58 million annually.)
The work-from-anywhere boom and remote work threats
The COVID-19 pandemic has dramatically increased remote work. At the peak of restrictions, over half of Americans worked from home. Now, 33% are always working remotely. Nearly two-thirds of workers want to keep this arrangement, and companies like Facebook and Twitter plan to make remote work permanent. Gartner predicts that 40% of enterprise workloads will be in the cloud by 2023, up from 20% in 2020.
Remote end users now have more control over how and when they access enterprise apps and valuable data, including sensitive intellectual property. On the flip side, the typical perimeter-based security controls of the past are no longer effective.
Here’s a look at some of the most frequent insider risk and remote work cybersecurity-related issues—and how to prevent them with effective coaching and training:
Password check: 1-2-3
According to a 2019 Verizon study, weak passwords are at the root of 80% of hacking-related security breaches. And despite the continuous stream of staggering statistics around password-related breaches, 99% of enterprise users admit recycling their passwords across work accounts or between work and personal accounts.
If your organization has a significant percentage of employees working from home or accessing cloud services with individualized credentials, it may be time for a password hygiene training session. Or better yet, consider adopting a service like OnePassword or Okta for identity and access management.
Train users on remote work cybersecurity best practices
Phishing and denial of service (DoS) attacks are common ways that hackers exploit remote workers so they can gain access to corporate networks. These attacks often look unsuspecting (sometimes appearing as if they’re from known senders). They’re designed from a social engineering perspective to trick users into revealing their login information or other sensitive details.
Keeping users informed about account security best practices can help prevent these types of attacks. Some starter tips for users may include:
- Keep usernames and passwords to yourself. No one will ask you for your username and password for cloud accounts.
- Know who is sending an email before opening it. If you see an email from an unknown or suspicious sender, do not click any links.
- If a login screen looks fake, it probably is. If you see a different or suspicious-looking login screen, do not enter your account information.
Consider security awareness training for your employees. This training helps users know what to do when they receive a strange email or encounter a funny-looking login screen. A data-driven approach can identify risk, target the right users with appropriate education and reduce the company’s exposure to threats.
After training, it’s a good idea to run occasional simulations to see if users fall for phishing emails or “attacks” sent by your security team, just to make sure people retain the knowledge the acquired through training.
Goodbye, VPN; Hello, enterprise remote access
Many organizations use a virtual private network (VPN) to connect remote employees when dealing with highly sensitive or internally privileged information, such as financial services records or development staging environments.
VPNs provide encryption and allow companies to use their full suite of network security technology. However, they also slow internet connections and aren’t designed for today’s network complexity, number of users and risk scenarios. Once a user logs in with a VPN, they’re considered “trusted”—and granted more access than they need.
Organizations, to secure networks properly and reduce VPN lag time, need software-defined perimeter (SDP) enterprise remote access solutions. An SDP solution is a VPN alternative that provides application-specific access. It’s easier to manage because it provides complete visibility into which users are logging in and what they’re accessing, just as if they were working on site.
CASB vs. 2FA: Keeping cloud apps secure
Beyond strong passwords and employee training, companies can use two-factor authentication (2FA) as a bare minimum to secure cloud software accounts. Essentially, 2FA verifies that you are who you say you are. Employees can use their mobile phones to access a code, or they can receive a phone call with a code to input when they log in.
2FA is just one step toward keeping cloud apps secure, however. If employees lose their mobile devices, their phones are compromised or authentication systems have vulnerabilities, hackers can still log in using stolen credentials or bypassing 2FA altogether.
2FA is still a great start. And you can add an extra layer of protection to your cloud apps by using a cloud access security broker (CASB) like Proofpoint CASB. You can choose which users and third parties can access cloud apps, and whether a user can have full access. You can also see who is logging in and from where and gain maximum visibility into cloud usage.
Dashboards allow you to see compromised accounts, OAuth abuse, shadow IT access, or data loss prevention (DLP) alerts. You can also deploy DLP policies consistently, using the same protocols for email and on-premises files in the cloud. Incident management is also centralized across cloud apps.
Make insider risk awareness an ongoing priority
Keep in mind, an effective insider risk program for work-from-home security isn’t a one-and-done, checklist-style operation. It’s an ongoing effort that involves a lot of hands-on, in-the-moment coaching with employees to keep them informed of policies designed to protect them and avoid unnecessary mistakes. It also involves staying abreast of potential malicious insider threats—such as disgruntled employees who may want to steal intellectual property and sell it to the highest bidder.
We’ll be updating this series with new coachable moments to help your team be more proactive about your approach to insider threat management and cybersecurity at large.
To learn more about how CASB can be an effective part of a proactive insider threat management strategy, download our white paper, “Getting Started With CASB.”
Subscribe to the Proofpoint Blog