Home Professionalisms Five Tips To Dealing With Insider Threats Facing SMBs

Five Tips To Dealing With Insider Threats Facing SMBs


 by Isaac Kohen, founder and CEO of Teramind

Smart security

Isn’t it absolutely overwhelming? You’re doing 20 things at once trying to keep your business going. With everything it takes to get your business off the ground, or maintain it, keeping track of cybersecurity can be tough. Thanks to cloud computing and SaaS/PaaS business models, cybersecurity is much more accessible to small and medium businesses (SMBs). Many SMBs today have access to enterprise level security solutions.

With that level of technology your sensitive data should be safe from any issue right? Well, technology can only do so much. The most significant threat for businesses of any size right now continues to be insider threats.

Every year insider threats costs, on average, $4.3 million to businesses regardless of their size. So who is exactly is an insider? Well everyone! Each employee and manager is an insider with access to sensitive information. Not every insider is a malicious actor, sometimes it can simply be from a lack of awareness. Insiders can be innocently reckless, saboteurs, and even in some cases moles.

Let’s explore some insider scenarios you may easily find your organization in:

Scenario 1: Reckless Insider.

John is a new employee at Xyz LLC as their Account Manager. Xyz places a high value on self-reliance and transparency with their employees and allows access to all company data. John never really explored any information that wasn’t relevant to his job though. Some weeks pass by and John seems to be getting along fine. He receives an email with a link from the IT Team requesting he verify his credentials or be locked out of his account. John quickly complies, he clicks the link and is sent to a web form. He fills out his credentials and receives a thank you message. Three weeks later Xyz discovers on the news that all of their clients’ credit card information was leaked online. John also found out Xyz has never had an IT department.

Prevention Tips:

What happened to John was called phishing, which is the act of tricking people into providing sensitive information with deceptive tactics.

Tip #1: Permissions Control.

Since John had complete access to all information so did the criminals who stole his credentials. Preemptive control of access would have prevented the credential theft from having such an impact.

Tip #2: Employee Education.

John was naive and innocently reacted, this could have been prevented with some introductory security training 

Scenario 2: Saboteurs.

Mark is one of A-Space’s two programmers. Everything was great until revenues started slowing down. Mark was told that he had to face a pay cut or be let go. He took this personally and furiously gave his two-week notice. After Mark left customer data all seemed to be deleted as well. A-Space discovered that Mark had gained access to databases that held customer data.

Prevention Tips:

There were behavioral signs when delivering the news to Mark about the potential pay cut. When he took it personally and gave his two-week notice, he should have had permissions restricted, like above.

Tip #3: Log Analysis.

This would have helped to indicate if Mark or any other employees were suddenly deviating from normal behavior, in the wake of his two-week notice.

Scenario 3: Moles.

Upstarting LLC. a startup autonomous rideshare platform, started having problems between two executives and its investors. The executives left to diffuse the situation and somehow quickly had a job with Upstarting’s competitor Maverick LLC. One year later Maverick was deploying a fleet of autonomous cars that seemed to be a direct copy of Upstarting’s primary project. Maverick’s cars, features, interface, and even the branding all seemed to be a mirror of what Upstarting’s work. IT administrators reviewed the records of the two executives who left and discovered that they had been feeding trade secrets from Upstarting to Maverick for over three years via email.

Prevention Tips:

Sadly, this is common when the most privileged users are monitored the least. This situation could have been avoided with the following tips:

Tip #4: Total Organizational E-mail Monitoring.

Monitoring emails provides a wealth of insight to understand normal communications and violations. Especially if you see competitor emails and names showing up in your logs.

Tip #5: Behavior Analytics & Automated Alerts.

The executive positions came with a common set of behaviors. These executives acted outside the norm and were siphoning information to competition. Combined with email monitoring and behavior analytics, automated alerts could have been established when there was a violation of company policy or rules.

Doing business in today’s world can be a very rewarding experience. However, failing to maintain a prevention mindset when it comes to cybersecurity could place your SMB at risk for a breach. Data is the new top asset, and left unprotected it can lead to ruin before you’ve had a chance to really start.


Isaac Kohen

Isaac Kohen is the founder and CEO of Teramind, an employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior. Isaac can be reached at ikohen@teramind.co