The Hacker News has an article posted from November 7th about a rogue TrendMicro employee stealing customer data and selling it to a tech support scammer. This goes to show, once again, that your people are always your biggest threat. Whether they are clicking on malicious links in from that prince who sent them an email or actively stealing data to sell on the black market, they are likely going to do something to cause you serious pain. Many companies don’t know how to combat these threats or are completely oblivious to what their people may be doing. Here are some ideas to help protect your organization:
- Invest in training – Train, train, train, and then train your staff again to be vigilant and know how to recognize a malicious email, phone call, or text message before they divulge any information. If they fall for one, deliver on-the-spot training to help them learn from their mistake.
- Invest in more than your average anti-virus software – Advanced Persistent Threats (APTs) are the buzzword of the decade. While you don’t need to listen to all the marketing hype, you should have a host based security solution on your PCs and servers that does more than just look for known signatures. It needs to identify unknown threats as well as known threats, block ransomware, stop data being transferred to removable storage, and more.
- Adopt a policy of least privilege – Does that receptionist really need local administrative privileges on their PC? Does that staff trainer really need access to the marketing database? I don’t think so. If people don’t need access to data, make sure they can’t get to it.
- Classify your data – What is in that random word document on the accounting shared drive? Is it something that shouldn’t leave the building? If it is, make sure you are tagging the document and putting restrictions in place on your firewalls to stop it from leaving. Do this for all of your data and put rules in place to protect it where it is stored.
- Invest in Data Loss Prevention (DLP) tools – Make sure data isn’t leaving your organization. Have tools that can observe data movement, alert, and stop it from happening if needed.
- Protect your data from and in the Cloud – Invest in Cloud Access Security Brokers (CASBs) if you allow your staff to store data and work in the cloud. You don’t want data stored improperly in services like Slack, Office 365, Dropbox, Gmail, or somewhere else.
There are many other things you could do as well, but I would argue if you have these tools in place and configured properly, you just might avoid ending up like TrendMicro.