Insider threats can be either malicious—for example, someone with authorized access to an organization’s systems deliberately steals sensitive data and sells it for personal gain—or innocent—for example, an employee unwittingly clicks on a phishing link in a seemingly legitimate email, introducing malware into company systems. Either way, insider threats can be devastating and costly: Globally, the total annual average cost to companies of resolving insider threats is $16.2 million.
It’s essential for companies that leverage digital tools to establish a well-rounded, robust strategy for combating insider threats, with the primary goal, whenever possible, of preventing them altogether. Below, members of Forbes Technology Council share expert tips to help organizations across industries address (or better yet, avoid) insider threats.
1. Log Important User Actions
Logging and monitoring of specific user actions can be critical in determining who did what—especially if it is later found out to be a mistake or malicious. Important actions to log include attempted logins, requests for private information and instances of access being granted to private information. – Caroline Wong, Cobalt
2. Establish Quarterly Training And Testing Sessions
Providing quarterly training and testing, with documented responses and scores, helps. The time spent and the results can help determine subsequent training needs for a superset of employees. Additionally, organizations must be able to proactively respond to events before they escalate by putting AI and automated monitoring systems in place. – Sandeep Kumar
3. Tap Into UBA
Focusing on user awareness, user behavior analytics (or UBA) and privilege access helps. Monitoring user activity to identify anomalies or deviations from normal behavior patterns is important—this includes tracking actions like file access and data transfers. An insider threat is usually signaled by unusual and/or unexpected behavior, and UBA tools can detect both intentional and unintentional threats and alert security teams. – Chirag Shah, Model N, Inc.
4. Leverage AI At The Hardware Level
A smart strategy is leveraging AI-driven analytics, embedded at the hardware level, for continuous monitoring. This approach detects unusual activity in real time, whether from intentional or accidental actions. This approach is crucial because hardware-level security offers a deeper layer of protection, identifying threats before data is compromised. – Camellia Chan, Flexxon
5. Ensure Advanced Data Encryption
To prevent insider threats, organizations must take a multifaceted approach, including comprehensive training, role-based access controls and detailed audit logs. However, these alone aren’t enough. The most effective safeguard is advanced encryption, which ensures persistent in-use protection. This guarantees data remains secure, even if breached. – Ryan Lasmaili, Vaultree
6. Adopt Good Cyber Hygiene Habits
Educating users on data management, maintaining an inventory of applications and deploying data loss prevention strategies are good hygiene habits that every organization should have in place to prevent insiders from exfiltrating data. An additional strategy that can augment these defenses is the use of next-generation protective DNS solutions to detect and block users from carrying out data exfiltration over DNS. – Carlos Morales, Vercara
7. Remember PoLP And PoLA
A strategy that’s not just smart, but necessary, is always remembering the principle of least privilege—PoLP—access, as well as the principle of least authority—PoLA. This refers to granting each user only the level of access and authority that they need, which will reduce both intentional and innocent cybersecurity incidents. – Kevin Beasley, VAI
8. Make Sure Leaders Understand What’s At Stake
Making insider threats part of your leadership curriculum is an essential part of creating an effective program. Helping leaders understand what can happen and what to look for creates a better “sensor network” than any tool you can buy. Leaders are often shocked to learn that a team member took an intentional action against their company, but it’s hard to see what’s happening below the surface. – Craig Burland, Inversion6
9. Implement ZTNA
Implementing zero-trust network access with a least-privilege access model is essential. Treating internal users with the same scrutiny as external actors minimizes potential insider threats by restricting someone’s access to only what’s necessary to do their job. This approach strengthens security by reducing the risk of intentional and accidental breaches. – Rajat Sharma, CWS
10. Encourage Employees To Share Concerns And Observations
It’s crucial to implement a robust security policy and open communication about the risks posed by insider threats. Encourage employees to follow protocols and share any concerns or observations without fear of retribution. Regular training sessions that educate employees on identifying potential warning signs—like unusual behavior or access patterns—can create a more vigilant, organized culture. – Eoin Hinchy, Tines
11. Analyze Behavior Patterns Across Platforms
Implement continuous monitoring with behavioral analytics, using AI to establish baseline user behaviors and detect anomalies in real time. By analyzing patterns across email, cloud apps and Web activity, you can identify potential risks early. Combine this with targeted training to address specific vulnerabilities, creating a proactive defense against intentional and accidental insider threats. – Patrick Harr, SlashNext
12. Set Up Least-Privilege Access
Implementing a robust identity and access management strategy with least-privilege access is crucial. By ensuring users only have access to the resources necessary for their roles, the risk of insider threats—both intentional and accidental—is minimized. This approach limits potential damage, enhances accountability and strengthens an organization’s overall security posture, making it critical to threat prevention. – Craig Davies, Gathid
13. Regularly Update And Rotate Access Permissions
Regularly updating and rotating access permissions helps prevent insider threats. By frequently reviewing who has access to what, you adapt to role changes and reduce risk. This practice limits unnecessary access and aids in spotting suspicious activities early, strengthening overall security and minimizing potential damage. – Balasubramani Murugesan, Digit7
14. Provide A Smooth UX For End Users
Improving the user experience is one of the most efficient ways to avoid innocent mistakes. If users feel they are fighting IT the whole day, they are more likely to fall for phishing attempts or utilize unapproved services. However, if they are comfortable in their workflows, they will spot deviations from the norm and are less likely to fall for attacks. – Kevin Korte, Univention
15. Set Up An IGA Program
It’s not just the threats that may be innocent—it’s also the initial provisioning that provides access to high-risk resources. Organizations need an identity governance and administration program to know what users can access, as well as what they can do with that access and for how long. The best solutions will automate permissions based on role, rather than having humans manage the process. – Jim Taylor, RSA Security
16. Recognize And Acknowledge Red Flags
We have to recognize the early warning flags that we don’t want to believe are truly there. Whether intentional or not, insider threats are a reality that we as tech leaders don’t talk about enough—and we often fail to educate our leadership teams about the risks and impacts. As someone with a Ph.D. in insider threats, I know that we have to recognize the early warning signs that something is about to happen; after incidents, there is usually a realization that, “Oh yes, I saw that.” – Erika Voss, DAT Freight & Analytics
17. Implement A ‘Break-Glass Access’ System
One strategy is to implement a “break-glass access” system, which allows emergency access to sensitive systems only with multiple approvals and under strict conditions. This approach ensures that access is tightly controlled and monitored, reducing the risk of insider threats while providing a secure means to address urgent situations. – Deepak Gupta, Cars24 Financial Services
18. Leverage Device Intelligence
Device intelligence exposes insider threats by detecting unauthorized devices accessing a network, as well as anomalous behavior from trusted devices. By assigning a unique ID to each device, companies can trigger additional security measures (such as multifactor authentication) for unrecognized devices. The solution also alerts networks to suspicious behaviors, such as login attempts from an unusual location. – Dan Pinto, Fingerprint
19. Segment Your Network
Implementing network segmentation restricts access to critical areas of the system based on job roles. This strategy makes it harder for insider threats to move laterally across the network, limiting the damage an insider can cause. – Manasi Sharma, Microsoft
20. Audit Employee Computers
To prevent insider threats, it’s vital to do regular audits of employees’ computers to make sure security safeguards—such as antivirus software, firewalls, spam filters and so on—are installed, active and configured correctly. An ounce of prevention is worth a pound of cure! – Syed Ahmed, Act-On Software
This article was originally published on Forbes.