I came across an article discussing the ways that companies
can help prevent insider threats. The article, 360 Advanced Warns About Insider Threats: Is Your Data Already Out
There And You Don’t Know It? , outlines some best practices and tips
related to preventing and security against insider threats. Within the article
David James Smith of 360 Advanced, stresses some suggestions which deserve
Renew your dedication to the principle of
least privilege. Immediately conduct an audit of permissions of
access, and cut back. Over time, through the phenomenon of permission creep,
too many people have access to information who should not. "The big
problem is awareness. My rule is, know they network, and people don't,"
said Smith. "On several projects, when we point out the dangers of too
many permissions, we're told, 'well, nobody could do anything with that data,'
and then we'll show them what could be done with that data using the privileges
that they thought were safe."
Viewfinity has a free Local Admin
Discovery Tool that allows organizations to discover user accounts and groups
that are members of
the local “Administrators” built-in user group on computers in your Windows
domain. Having detailed information related to which users and groups
have administrator rights on corporate desktops allows you to reassess who
should have these rights. Once the analysis has been run IT Administrators can
take action, if needed, by removing the users or suspicious groups from the
Administrators group. Reports can be scheduled to run regularly to show
you where privilege creep is happening.
Beware vendor access. Smith
warns that a vital component of the rule of least privilege is to thoroughly
and regularly analyze what access you have allowed for your vendors. As
increased use of extranets grows, know your vulnerability, and avoid opening
the door to a vendor's access to vital company information without a thorough
compliance audit. Obviously, your HVAC vendor should not have access directly
to the same set of computers where you store your payroll data. Such routes
through vendor sharepoints and extranets are favored by hackers, and Smith says
he sees that frequently.
For organizations that have outsourced their operations
support to a third party or offshore entity, Viewfinity provides the ability to limit and
what the administrators who are part of those outsourced teams can run. This
way, if the outsourced team is only responsible for maintaining certain
operational functions on servers, for example, they only perform software updates,
the policy will limit their privilege elevation rights to performing only those
functions. You can define exactly which software products they can update via
granular-level privilege control by providing the ability to reduce (or
elevate) permissions for privileged users based on roles and responsibilities.
Insider threats are a real issue, affecting not just those
companies who are breached, but for anyone associated with those organizations,
whether it be vendors, customers, partners, or employees. A completely locked
down environment benefits everyone.