Partners To The Rescue: How To Protect And Educate Clients From Insider Threats

By Isaac Kohen, Teramind

As dedicated, go-to technology resources, VARs and IT service providers are in a unique position to help their clients stay ahead of an increasing vulnerability faced within organizations today — the invisibility factor of insider threats. Still, there remains a significant gap in the knowledge organizations possess about insider threats and the programs they’ve chosen to implement in order to prevent them. We hear about malicious insiders and data breaches weekly; so how can VARs and service providers help their customers keep their data safe?

1. Education Is Key

The idea insider threats exist is obvious. The main issue is everyone doesn’t think it’s going to affect them until it’s too late. Having a response plan after the fact is important and we’ll discuss it later, but most important is detecting and preventing in real-time and implementing a program. That’s where education plays a huge role. Educating higher management on how insider threat attacks occur and, most importantly, real life scenarios and examples that upper management can connect to are really important for helping potential customers understand the possible consequences and importance of an insider threat program.

2. Help Customers Identify The Data They Need To Protect

There are the obvious sets of data that companies want to protect — credit card information, social security numbers, company financial records, etc., yet there’s more. Every company needs to dig deep to fully understand what data may be valuable to others and how to best protect it. In many cases, companies are surprised at how easy it was for someone to go home with sensitive data on a USB drive that nobody would notice for weeks, if ever. Help your clients decipher what information they need to make sure their data and systems are not compromised.

3. Implement The Necessary Tools

Where do you start with tool suggestions? Organizations need to be able to directly connect all movement of data to users. Of course, it depends on industry and type of data that needs to be protected, but there is also something uniform about user behavior. One suggestion can be a user behavior analytics platform that helps track employee activity. For example, knowledge on who uploads files to the cloud, logs into their personal e-mail at work, and downloads data to removable drives can be the missing key to the holes in your information security strategy. And if you find data is consistently being leaked, there are tools out there that can help with deeper analysis of data such as who makes system changes, has engaged with competitors, or searched for someone’s personal details.

4. Automate Preventive Measures

Once you understand your user’s activity, implementing preventive measures becomes a much easier task. Often times organizations are surprised by the amount of file transfers employees send using instant messaging or files employees take home to work on via USB. Now remember not all actions are malicious, but knowing employees take home certain files to work on should also put the idea of blocking that ability for other types of files so they don’t get taken home. Another important aspect to consider is how quickly your organization can respond. Today it’s possible to stop malicious or data threatening actions in real time. If users are accessing system files they shouldn’t or are uploading sensitive information to the cloud, immediate action such as lock-outs can be extremely beneficial for clients.

5. Analyze Your Analytics, Do The Necessary Upkeep, And Construct A Response Plan

With all the collected data, organizations are introduced to all types of new information that can help them optimize their security strategy. Assist organizations in looking past the parameters they defined in step three and to consistently reassess where they may have gaps in their security. Encourage organizations to redesign their rules and to deeply investigate even smaller mishaps within their organization to see if it can give them a better idea of perhaps a bigger security problem.

Of course response plans, in the case of data breaches, should be taken very seriously. When advising clients on response plans, first ensure they have the tracking capabilities to perform accurate investigations to know exactly what happened. Additionally, make sure they can keep track of the content that leaves the organization. Overall, as a VAR, you can be very helpful in not only providing the solution, but in making sure companies get the full value of the solution. This can ultimately result in increases in revenue and a deeper relationship with the client organization as a trusted partner.

Isaac Kohen is the founder and CEO of Teramind, an employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior. Isaac can be reached at ikohen@teramind.co.