Insider threats: An unsavoury but unavoidable truth

When it comes to productivity and information security, insider threats are perhaps some of the most unsavoury considerations for a firm. Any business owner or senior executive would prefer to think they can implicitly trust the people that they pay but, unfortunately, it simply isn’t possible to ignore the risk of employee misbehaviour.

User Activity Monitoring (UAM) is a process that is enabled by productivity monitoring software, PMS. These applications are designed to track and record every action performed by a user. The software outputs a log file in plain English (rather than technobabble) and a video file that enables the firm to view each user’s onscreen actions.

Applying productivity monitoring to reduce insider threats

There are three ways that PMS software works with the data it captures from tracking user activity to reducing insider threats.

• Visual forensics
  - Provides the capability to search after the event for actions that led to a security breach or other event of interest.
  
  
• Activity alerting
  - Allows the firm to define and combine rules to trigger alerts when undesired user actions are tracked, enabling immediate response if deemed appropriate.
  
  
• Behavioural analytics
  - Analyses behaviour patterns from tracked actions, to help identify users that pose a risk to the business.

Insider threats UAM helps to prevent

• Reduced productivity
  -While it is not strictly an information security issue, PMS identifies user activities that are not related to core business activities of the firm and which constitute a threat to the efficiency of the business. From files and folders worked on, through to web pages visited and documents printed, a user workflow can be examined to identify instances of moonlighting, and the misuse of company time and resources.
  
  
• Unauthorised information sharing
  - One of the most potentially damaging insider threats to information security is unauthorised data sharing. An action such as sharing a large file with a delivery partner on Dropbox may seem perfectly innocent; contrast it with a disgruntled employee emailing the company’s customer database to a competitor. The point is, in both cases, the company has lost control of its data and doesn’t know where it is and who has access to it. With PMS, the firm wins back control.
  
  
• Many companies hold personally identifiable information (PII) relating to customers. This may include financial or other data types that could be exploited by criminal activity. With PMS, firms understand who is accessing their sensitive data and what they are doing with it. UAM helps prevent the fraudulent misuse of PII.

Safer and more secure business computing from HTL Support

HTL provides firms of 10 -100 people with the IT Support and solutions that ensure robust security. There are many strands to this. Defending insider threats is one of a number of information security considerations, including back up and disaster recovery, compliance with ISO 27001 and the issue of Privacy Shield.

To find out more about how our team of professionals help clients to enjoy safer and more secure business computing, simply get in touch today.