People spend vast sums of money on personal security systems to protect themselves from a home invasion. Some even keep guns by their beds just in case a criminal breaks in while they are asleep. We visualize these bad actors as complete strangers, but crime statistics consistently show that most home thefts and home assaults are perpetrated by people that the victims know.
Similarly, IT organizations spend a considerable percentage of their IT budget trying to protect their information from outsider attacks. However, like with personal crimes, industry experts recognize that most assaults on an organization’s sensitive data are perpetrated or enabled by people that work for that organization.
Regardless of whether the crime is intentional and malicious, or unintentional and accidental, the consequences can be devastating.
You protect your home from the inside by remaining vigilant and aware of those with whom you associate. But how do you protect your organization’s information from insider abuse when you may have hundreds or thousands of people accessing that information every day?
There are three main ways that insiders can compromise your digital documents.
Risk #1: Phishing Expeditions
According to a report from Verizon, 90% of data Breaches “have a Phishing or Social Engineering component to them.” That means that a lot of our security efforts should center around countering these attacks.
A classic example would be the theft of emails from the DNC, which occurred after a senior person had his credentials hacked during a phishing expedition.
Employee training often isn’t enough, especially when it only takes one click to open up the floodgates.
Risk #2: Users with Ill Intent
The papers are full of examples: Snowden, Manning, The Panama Papers, the Sony Breach, the list goes on and on.
These types of breaches are also challenging to combat because users must have access to your information to do their work.
How do you keep a disgruntled employee from taking his/her anger out on the company by posting sensitive documents to the web?
How do you keep a profit-minded employee from abusing their access to sensitive documents by selling them to the competition?
Risk #3: Human Error
A completely innocent worker can mistakenly grant access to your network in any number of ways:
- Not shredding paper documents containing access information;
- Losing mobile phones that have credentials stored within; or
- Misaddressing correspondence containing access information or other sensitive data.
No one is perfect, which is why you need to protect your information repository from people that obtain access through the mistake of an employee.
One Solution to All Three Challenges
The answer to all of these scenarios is leveraging protection software like Guardian for eDOCS and Guardian for Content Server.
Guardian monitors the activities of users in your system in real time. It can significantly reduce your exposure from a breach by limiting the number of documents a user can access without scrutiny from a supervisor and has the additional ability to lock a user’s account automatically, should the user reach a threshold for the number of documents they are permitted to access.
You Need Guardian
It only takes one user – one insider – to create havoc within an organization. If this happens at your organization, what kind of exposure could you face? Would your job be at risk? Your reputation shattered? What legal exposure will you experience, both criminally and civilly? What will happen to your organization? What will it cost to repair? What about the morale of your employees?
The cost of a breach is far too high. Get Guardian Today.