Danger at your doorstep

csm_5_tamper-proof_history__fotolia__50177d29e8Five tips for protecting your company against insider threats

Many companies think of hacker attacks – such as those involving ransomware, Trojans or malware – as the biggest risk to security. However, network vulnerabilities are not always exploited by outsiders. The company’s own staff may have wide-ranging access permissions and use these to misuse corporate data. Few organisations are as well-equipped with tools and measures to block insider attacks as they are against threats from outside. The following five tips help companies ensure that they’re effectively protected against data loss and theft by insiders.

1.    Implement a range of different access permissions

To protect sensitive data, it’s important to ensure that staff from different departments have the access permissions they need for their job. That helps firms enforce a “need-to-know” principle. In other words, employees can’t access certain documents or data unless they need them for a specific task or project. Using varying permission levels, companies can set up “Chinese walls” within the company that prevent information being shared between departments. This measure helps to limit the impact of any loss of data.

2.    Use highly secure two-factor authentication

It’s a good idea to implement two-factor authentication as a further measure to minimise risk. To access the system, users enter their password first, but also need to enter a pin number that is texted to their mobile device and is only valid for a single session. As a result, insider attackers can’t access sensitive information or data – even if they have stolen other users’ passwords.

3.    Shield your information

Operator shielding provides an extra layer of security for data – because IT providers and operators should not have access to your files and documents under any circumstances. And administrators’ access rights should be strictly limited to the information they need for their job.

4.    Implement information rights management

You can use information rights management technologies to monitor your sensitive documents and prevent them from being downloaded by unauthorised users. IRM is an effective way to ensure you keep control over your documents, even when users have the necessary permissions to access them. In addition, watermarks can be embedded in them dynamically, helping to prevent users from making screenshots. These measures help to ensure that data stays within a protected environment and doesn’t fall into the hands of third parties or anyone not involved in working on it.

5.    Record activities in a tamper-proof history

Logging every activity in a tamper-proof history helps you hinder data theft by insiders and – if an incident does arise – to find out exactly what happened after the event. That gives you transparency and traceability throughout the information flow.

Mark Edge, Regional VP of Brainloop, comments on the growing threat of insider attacks: “Over the last few years, we’ve observed how data loss incidents can increasingly be traced back to insiders. Companies often make it very easy for their staff to access and distribute sensitive data due to insufficient security standards and precautions. Yet the company’s image isn’t the only thing to suffer in cases of data theft. The financial and legal consequences can be considerable and even threaten the firm’s survival. This is why Brainloop recommends that companies implement and comply with the standards described above to minimise their exposure to risk.”

More on brainloop

New study: How secure is your confidential information?

New study by Brainloop on protecting corporate information: companies are talking about it but not necessarily implementing it


Protecting your information has never been more important. With the continued rise of cybercrime and the increase in incidents of data loss, organisations are under more pressure than ever before to ensure that their assets are effectively secured.
Nevertheless, many companies do not take this task particularly seriously.

This was illustrated in a recent study by Brainloop which found only 51 per cent of those surveyed thought that the potential cost of data loss is high. Perhaps this explains another finding – email is still the distribution method of choice for sensitive documents for 34 per cent of the study participants. Brainloop was interested in exploring how over 150 CIOs, CISOs, CSOs and senior executives in the UK see the protection of their sensitive information as well as comparing their thinking to the peers in Germany, Austria and Switzerland (DACH).

The study revealed that senior management takes little responsibility for the protection of corporate data – only 25 per cent in the UK over 8 per cent in the DACH region. This responsibility is often pushed down into the IT department. While IT professionals can provide advanced software and good security systems, information security depends on people as much as technology. Protecting critical information also involves legal issues, human resources practices as well as operational policies and should be a core responsibility of the board and executive management.
To view the full survey results, download the infographic.

Full access to Infographic

Get in touch with us!