Insider threats make up 43% of all data breaches. This is a very real problem for organizations in any industry. With new regulations such as GDPR and privacy laws in California and Colorado, it is imperative that companies know where their data resides. Fines under GDPR can be up to 4% of the company’s annual revenue. That is a huge setback for a business of any size. Why risk massive fines and lawsuits from insider data breaches that are easily preventable? To answer this, we’ll first dive into some common types of insider threats within an organization.
Most stories that make the news are about malicious actors within the company that leak information to further their own agenda. For example, Tesla recently had an employee send highly sensitive documents to outside parties. It is suspected that these parties are in the oil and gas industries that don’t want Tesla to succeed. Headlines like this will make the news every single time they happen. However, the notion that insider threat is only composed of malicious employees couldn’t be farther from the truth. Every employee is not out to get you. The much more common version of insider threat encompasses leaks that are unintentional.
Imagine this: an employee accidentally emails a file to the wrong person. Sound familiar? We’ve all done it. There is absolutely no malicious intent in this situation, however the outcome is essentially the same. Now someone can access files they shouldn’t have access to. This is a far more common scenario of insider threat that is often overlooked when implementing a data protection policy.
Another common scenario is an employee leaves the company and takes company data with them. Again, this can be malicious but most of the time it is completely accidental. Typical scenarios occur in roles that feel very strong ownership of their data, such as salesmen with leads, or programmers with code. Often times they will actually try to remove all company data from their machines but some files fall through the cracks. This poses a very large risk to the organization’s information security. 67 percent of organizations surveyed couldn’t be sure that they could detect whether an employee who left was still accessing corporate resources. Don’t remain in the dark.
SecureCircle can mitigate the risk of insider threats because we operate with the assumption of Zero-Trust. We assume data is at risk no matter where it resides, even on your network. All sensitive data is protected from creation and our encryption follows it anywhere it goes. You can only read an encrypted file if your device has gone through the one-time SecureCircle client installation. All interactions with a file are logged and you can analyze this data however you choose.
If a malicious employee wants to send a protected file to a 3rd party, they can try all they want. The 3rd party will be unable to read the file because they don’t have the SecureCircle client. If the malicious employee releases the file from the Circle (decrypts it) and sends it, that information is logged and you can be alerted. Same goes for a benevolent employee who accidentally emails the wrong file to someone. They won’t be able to even open it. When an employee leaves the company, all you have to do to protect your data is remove SecureCircle client from their device.
Insure your business against insider threats with SecureCircle. Visit us at securecircle.com for more information about our data protection solution.