Insider Threat Management

10 Ways Users Steal Company Data (And How to Stop Them)

No one likes to think about trusted insiders such as employees, vendors and contractors, stealing sensitive data. The unfortunate truth is that it happens more often than you’d expect.

According to Accenture, 69% of organizations have experienced an insider threat incident in the last 12 months. A few concurrent trends are only increasing this risk. The first is the continuing rise of shadow IT. Cisco estimates that 80% of employees are using unsanctioned software. Mixed with bring-our-own-device policies and a shift to remote work, it's a recipe for increased insider risk.

10 Common Ways Users Leak Data

Creating a locked-down atmosphere straight out of George Orwell’s 1984 isn’t the answer. But it’s important to know the top behaviors that cause insider data loss. Here are most common ways users exfiltrate or leak data (from both technical and non-technical users), along with suggestions for how to give people the tools they want and still minimize the risk of an insider threat incident.

1. Removable media

These days, business users can simply take the files they want and go. Sophisticated technical users can intentionally introduce malware onto company machines using removable media (Mr. Robot-style).

To prevent this type of insider-led data breach, organizations can:

  • Lock down USB ports
  • Monitor user activity
  • Leverage endpoint protection tools
  • Enforce company policies
  • Educate employees on acceptable use

2. Hard copies

It may not seem as commonplace as it was before laptops, tablets and smartphones, physical printouts are still a major cause of data exfiltration. Whether users print out sensitive data to work remotely or write it down by hand, keeping track of hard copies of sensitive and critical company data can become a major problem.

In fact, paper records are the most common cause of data loss in the healthcare sector, resulting in  65% of data breaches. That's why organizations should:

  • Monitor what is being printed
  • How frequently printers are used
  • Lock down sensitive physical records
  • Shred sensitive documents before disposal

3. Cloud storage

More workers—both employees and outside contractors—are using cloud storage services such as Dropbox and Google Drive. Often, they're used without IT or security team involvement, making it difficult to secure their usage.

Instead of imposing restrictive policies, organizations can allow these services in moderation. They should carefully monitor who is accessing documents, whether they are being shared with unauthorized users and block these actions if they breach policy.

4. Personal email

Insiders often access personal email accounts to bypass corporate systems and exfiltrate data. While it's not always malicious (it might be easier than logging into a VPN, for example), unauthorized personal email use can be a costly risk.

To prevent data loss through outside email accounts, carefully monitor email traffic between business networks and personal addresses to stop data leakage in its tracks. Also, be sure to educate employees about appropriate use of personal email and company-owned devices.

5. Mobile devices

Mobile devices are a major productivity boon to employee productivity for remote workers and the mobile workforce. However, they also pose a threat to organizations’ data because of their multi-purpose use as recording devices, cameras and storage devices.

Having a solid, carefully enforced policy around mobile device usage and access (whether business or personal) is table stakes, as well as a way to monitor and control endpoint access for any business-owned devices.

6. Cloud applications

Cloud applications such as Salesforce, SharePoint and others are major sources of data exfiltration. Users often upload sensitive documents and information, including customer accounts, deal information and sales pipelines.

Some users may access other shadow IT apps that fall outside corporate policy. Sites such as WeTransfer, which allow users to easily send data externally, can cause a major security concern. To prevent data loss, it’s critical to monitor user access and activity on all cloud apps, enforce policies on acceptable use and suspend access right away when an employee or contractor leaves the organization.

7. Social media

Unauthorized use of social media is a key concern for security teams It’s easy for an employee to leaks of sensitive corporate data, whether intentional or by mistake. As with cloud apps, security teams must be diligent about monitoring user activity and enforcing social media policies at work.

8. Developer tools

Technical users often access web-based hosting sites such as GitHub for version control of code or Pastebin, which stores code snippets in plain text. These sites make it easier for developers to collaborate on projects. But they can be a major conduit for leaked intellectual property and proprietary source code.

Organizations must establish data policies for code repositories and monitor usage to ensure code is locked down for authorized users only.

9. Screen clipping/sharing

Many users try to find ways around IT policies with unapproved software or applications. Unauthorized screen clipping and screen sharing services such as Snagit can easily be used to exfiltrate data. If users are regularly accessing these sites (or other unauthorized software), it could quickly become an insider threat.

10. FTP sharing sites

Many organizations also forbid users from using FTP file-sharing servers. But they're still easy to use and prime points of data exfiltration.

Organizations must deploy end-to-end file activity monitoring along with real-time alerting to stop FTP-based data exfiltration.

How to Prevent Data Exfiltration

To prevent data leakage at scale, start with user education. Ongoing training and “lunch-and-learns” can be great ways to recommend policy best practices for both technical and non-technical users. A formal security awareness training program with targeted and follow-up training is even more effective. 

Admittedly, enforcing rules isn’t always fun. Try to make a game of it by rewarding people for good behavior. Or combine training with valuable information that people need in their lives outside of work. For example, teach people how to protect their kids online at home—with a side of training for acceptable online behavior at work.

Ultimately, providing people more freedom and flexibility when it comes to their own tools and web access is better for the bottom line. Overly restrictive policies are difficult to enforce. And they could be a major turnoff when it comes to employee satisfaction and retention.

With insider threat management tools like those we offer at Proofpoint, organizations can monitor and detect data exfiltration attempts, and investigate suspicious user activity in minutes.

Subscribe to the Proofpoint Blog