February 28, 2017

Prevent and Protect Against Insider Threats

Even with the latest IT safeguards in place to protect against fraud in the workplace, it may be the simple employee errors you need to worry about.

Human error was the leading cause of incidents in BakerHostetler’s 2016 Data Security Incident Response Report.

According to the Kroll Global Fraud & Risk Report 2016/2017, current and ex-employees were the most frequently cited perpetrators of occupational fraud, cyber, and security incidents over the past 12 months. The most common types of fraud were theft of physical assets (29%), vendor, supplier, or procurement fraud (26%), and information theft, loss, or attack (24%).

The 2016 Global Fraud Study showed that the median loss for all cases was the equivalent of £129,000 with 23% of cases causing losses of £800,000 or more, and the total loss caused by cases in the study exceeding £5.2 billion.

Here are 5 vulnerable areas in a workplace where employees are most likely to make mistakes – and what an organisation can do to aid insider threat prevention:
  1. At the printer:  An earlier Ponemon study showed that paper documents are most at risk when initially printed and left in a communal office print tray. Protection: A good strategy is to create a best practice standard for printing confidential information, according to the Shred-it State of the Industry Report 2016. Never leave documents unattended at a print station, and install a program to password-protect printers.
  2. At their desk:  An unattended and untidy desk with confidential information left in full sight is a security risk. Information thieves can steal documents or take pictures with their phone. Protection: Implement a Clean Desk Policy so that employees clear their desks and lock documents away when they leave their desks for an extended period and at the end of every day.
  3. Information disposal:  Throwing confidential information into open recycling or waste bins is a huge risk. Protection: Partner with a reliable document destruction company that has a secure chain of custody and provides locked consoles for storing data before secure shredding. Implement a Shred-it all Policy as well so that all paper is shredded at the end of its useful life.
  4. IT devices:  Electronic storage devices make it easy to remove confidential data from the office. Protection: Keep track of IT devices that are used to remove information from the workplace (many organisations have a sign out system). Limit and control what information is removed. Securely destroy storage devices at the end of their life.   
  5. Outside the offices:  While smart phones and other mobile devices allow employees to work at home and in transit, there is an increased security risk due to loss and theft. The 2015 Data Breach Investigations Report showed equipment was stolen from employee-owned vehicles 22% of the time. 
  6. Protection: Create a Mobile Workforce Policy, and provide ongoing security awareness training. Best practices should include secure disposal of information too such as bringing documentation back to the office for secure destruction.

Learn how information security best practices can make all the difference in the workplace with this free guide.