Insider Threats in the Remote Workforce

If you have shifted to running a remote workforce due to the COVID-19 restrictions, you have most likely been dealing with the technological and security issues that can come with a remote workforce. 

Using a remote workforce for employees previously on-site can be beneficial, especially during a time when physical workplaces must be closed. But a remote workforce should not be run without optimal security protocols in place. It’s important to establish an insider threat detection program for your remote team. 

Hacker cracking password. Gangster breaking in computer system, electronic device, trying to guess secret word or number combination. Vector flat style cartoon illustration isolated, white background

One big threat that occurs within a remote workforce is an insider threat. Whether unintentional or malicious, insider threats can be devastating and every company should adopt an insider threat monitoring program and use employee monitoring software to curb remote insider threats. 

How Insider Threats Work

Insider threats are threats to a company’s security, assets, or finances that come from somewhere inside the company. 

An insider threat can be anyone who has privileged access to company assets. This might be a regular employee, a former employee, a trusted insider, a disgruntled employee, a negligent employee, or a third-party insider like a third-party contractor, partnership, or business relationship. Insider threats can be malicious activity or unintentional; in either case, it is important to set up barriers to protect against all kinds of insider attacks. 

Because a company can have numerous endpoints at any given time, there are a myriad of ways that an insider threat can be part of a malicious cyber-attack. Therefore, protecting a company from the occurrence of an insider incident means that a multi-level insider threat program is required. 

Ways Insider Threats Take Advantage in a Remote Workforce

There are two main classifications of an insider threat: a malicious insider and a negligent insider. How a company protects against each a malicious insider and a negligent one will be different. 

And while the intention of an attack is still the same in a remote workforce as it is in a physical workforce, companies need to change their approach in how they protect themselves when working with a remote team.

Malicious Insiders and a Remote Team

A malicious insider is someone who is directly connected to your company who seeks to gain access to sensitive company information and use this information against the company. 

This might entail sensitive banking information, private employee data, private consumer data, credentials, or other information. Depending on the type of information or company data obtained, the malicious attacker might use it for extortion, blackmail, or sell it to another malicious threat actor. 

For these reasons, among others, it is vital that your company assume that, to some degree, your remote employees would be willing to run off with vital company assets. This should not suggest that a business owner needs to be suspicious of every employee that they have, but they should go to great lengths to protect the most sensitive company information and shield this information from employees who do not need access to it. This also includes shielding how an employee would gain access to this information. 

When malicious insiders want to obtain private data, they might carry out a series of strategies in order to trick, sneak, or force their way into a protected area. 

A remote worker may use any of the following strategies (among others) to steal or gain access to your company’s sensitive data: 

  • Use their clearance in order to illegally download sensitive information off the computer, either onto a separate physical hard drive or into a cloud drive
  • Use their current access to allow other malicious actors into the company network
  • Deploying a malicious algorithm that is able to bypass firewalls, folder credentials, and the like
  • Deploying a sophisticated and silent keylogger that aims to collect credentials and other vital information from a company
  • Downloading malware onto the company’s network, pretending that the event was an accident

Depending on the sophistication of the attack, the extent of their malicious network, the tools at their disposal, and the level of security that a malicious employee can get passed, any malicious insider has the potential of costing a company thousands of dollars. Some attacks can even last over a longer period of time. 

Negligent Insiders and a Remote Team

A negligent remote insider or an accidental insider is particularly common, especially if the team is new to remote working and when companies are rushing to move to remote workforce as we see during COVID-19. 

Because the move to remote was extremely sudden, many businesses were unable to provide their staff with optimal data security hardware or software, policies, and training. Or if these things were deployed, there was a lag. 

This loophole has allowed malicious attackers to take advantage of weak security that is on personal networks and personal computers. It is no doubt that there are increased insider threats due to the COVID-19 pandemic and the sudden shift to remote work. 

Insider risk includes employee distractions, mixing personal computer use with company use, remote video fatigue, increased susceptibility to phishing attacks and using unsafe computing practices while outside of working hours. 

And as mentioned, personal networks are not usually as secure as business networks. Malicious insiders are likely to take advantage of those “negligent insiders” who do not have high-level security on their computers, like firewalls, malware detection, anti-virus software, and more. 

Increasing Security in Your Remote Workforce

Even if your company has not been able to adopt secure remote workforce measures while your team is operating in remote-only settings, it is not too late to increase security. 

Here are some things to consider to boost security in your remote workforce:

1. Buy company laptops

One of the best ways to improve your company security and reduce the chance of a security risk is to provide each remote worker with a company laptop, computer desktop, or other hardware for your employees to operate on. With a company laptop, your business can have full control over the software and security settings of the hardware. 

This will allow your company to protect the computer against malicious attacks, even if the personal network is weak. With a company laptop, you can deploy antivirus, malware, and firewall software. 

You can even secretly install employee monitoring software for added protection against a negligent or malicious insider attack. 

2. Buy company security software

Even if you cannot get a company laptop, you can purchase enterprise security software that your employees can download and run to secure a personal computer and personal network. 

These programs often allow an admin, IT manager, or your security team to remote install the software onto the employees’ computer, so there is no need to hassle your employees. 

With enterprise security software, companies have the ability to control a data breach even on remote networks. As an admin controller, you will also have an admin console to oversee each security incident that occurs on your employees’ computer and network. 

3. Adopt employee monitoring software

Employee monitoring software is different from security software and should also be downloaded to employee personal or company computers. This software can be downloaded secretly or with the employees’ knowledge. It can also be remotely installed from the admin’s console. 

Sophisticated employee monitoring software can monitor: 

  • The amount of time spent at work, on tasks, or on projects
  • When your employee accesses certain files
  • Downloads and uploads into company clouds
  • Communication and email clients with keylogging software
  • The daily tasks and other user behavior via interval screenshots
  • Whether or not your employee is sitting at their desk and working with webcam monitoring
  • User and entity behavior analytics and insider threat awareness reports

With employee monitoring software, the admin can see a wide range of employee behavior on the computer, and it also might come with GPS tracking and mobile device monitoring for added protection for your company network. 

In addition to protecting against insider threat risk, remote employee monitoring can improve employee productivity and act as an attendance tracker for your remote team. 

4. Employ user access restrictions and security controls

You might already have user access restrictions on your corporate network but reassess these controls now that your company has gone remote. If you have had to switch your files to a cloud-based service, then you or your security team may need to re-establish user access restrictions. This will allow your employees access to only the files that they need legitimate access to. 

Therefore, if any employee or user who gains access to privileged accounts, folders or drives that they should not be in, this is an indication of a potential insider threat. An employee monitoring software would be able to recognize that this occurred, alerting the administrator.

5. Develop a teleworking policy

A lot of malicious attackers that take advantage of negligent employees will do so simply because new remote working policies are confusing or not yet established. Therefore, it is in your company’s best interest to develop a teleworking policy that makes sense for your company’s needs and that best protects your company’s critical assets. 

Simple security policies inform your remote employee on how your company wants to manage day-to-day security. Additionally, your security team should develop other internal policies on how the company will manage cybersecurity threats, data loss prevention, a security breach, cybersecurity, business continuity in the event of a security breach or insider threat incident. 

This might include:

  • Using a certain program in order to communicate with employees, communicate with external clients, and to pass sensitive documents or information through
  • Managing remote access, bring-your-own-device (BYOD) policies, and policies of use around personal or employee-owned devices, such as whether or not the employee-owned devices can access certain services, programs, or files
  • Technical requirements for connecting while remote, including virtual private networks (VPN) and using multi-factor authentication (MFA) protocols
  • Developing acceptable use guidelines, which determines what is acceptable in the scope of practices
  • Mobile security guidelines, as well as daily housekeeping to said devices, such as keeping the devices updated, always locking devices, immediately reporting lost or stolen devices, and not connecting to public WiFi networks

6. Employee Education and Training

It is understandable that your employees are overwhelmed with the number of changes that would be occurring if they were suddenly working from home and because of this do not want to be concerned with security

Be mindful of this switch, and assure your employees that you will guide them along. It is unlikely that SMBs will be able to outsource this entire process, so be prepared to set aside meetings that strictly discuss security education and training. 

Provide employee education and training to inform workers on how an external threat can take advantage of a negligent employee, as well as providing signs to look out for. This can be as simple as walking employees through how to download and install software, how to configure it, access clouds and drivers, and changing passwords. 

Insider threats are serious threats, especially for a remote workforce. But by following these steps and adopting an employee monitoring system, you can increase your company’s security and mitigate an insider threat incident much faster. 

By SoftActivity Team

November 10th, 2020