That Cyber-Attack May Be an Inside Job

While cyber-security threats posed by foreign governments and terrorist groups garner headlines, a large proportion of data breaches are carried out by current and former employees, vendors and business partners. As we learned from the recent NSA leaks, insider data breaches can happen to the most guarded organizations. Insider security breaches are often more consequential and costly than those by outside hackers.

Insider data breaches are usually triggered by a single employment event that causes a once-trusted insider to take action. These triggering events include being passed over for a raise or denied vacation or a promotion. Similarly, a vendor may seek revenge for a contract not being renewed, or some other loss of business.

Many insider employee threats can be mitigated by improving the recruiting process, conducting rigorous background checks and exit interviews, and simply being more aware of what’s happening with employees.

Increasingly, companies are also relying on sophisticated “data loss prevention” and other technologies. They can be effective, but many of them, particularly DLP, are invasive and can affect an individual’s privacy at work. To address these concerns, and limit potential backlash from employees, it is important for companies to engage legal and human resource personnel in the process and to have written technology policies in place prior to rolling-out any DLP system. Finally, have a plan in place and be ready to act if preventive measures fail and an insider breach does occur.