Despite the focus on outside threats, today’s most damaging security threats aren’t limited to hackers or malware but from a company’s trusted insiders with access to sensitive information in collaboration tools like SharePoint. A recent report from Cybersecurity Insiders and Nucleus Cyber looked at what companies believe are the drivers for insider attacks. The top answer – lack of user training. The solution to the problem most cited – more user training. While employees need access to sensitive information to do their job, organizations need a plan to make sure their own people are not the cause of a data breach – both malicious insiders and negligent insiders. However, more training alone isn’t the answer – training backed by automated enforcement in your Office 365 collaboration is.
Contributing Factors to Insider Threats and Prevention Methods
Here’s a quick look at the facts around insider attacks according to the 2019 Insider Threat Report:
- 56% of organizations surveyed believe the most critical factor enabling insider attacks is the lack of employee awareness and training.
- On the flip side, the most utilized tactic in combating insider threats, 51%, is user training to address both inadvertent insider threats due to human error as well as recognizing unusual and suspicious behavior often exhibited by malicious insiders.
- Those survey also cited a lack of training and expertise (58%) as the key barrier to better insider threat management, in addition to the lack of collaboration among departments (57%) and lack of budget (52%).
There’s one common thread here: a lack of or need for more user training.
Why More User Training Simply Isn’t Enough
Collaboration tools, like SharePoint, are one of the best and worst things to happen to business productivity. Ironically, the ease of which users can share and collaborate on files is both its appeal and security downfall. With intranet tools like SharePoint, it has never been easier to share files with a colleague or even a third party. Plus, you can access files from any device with mobile apps designed to access your Office 365 documents at any time, from anyplace.
However, the facts clearly illustrate that simply relying on data governance and security policies to safeguard SharePoint data from insider attacks puts organizations in precarious security position. No one can guarantee that every person in an organization who has access to sensitive information in SharePoint and other collaboration tools will follow the rules – no matter how much training they receive.
There is concrete evidence that a large percentage of breaches are caused by employees accidentally or maliciously mishandling sensitive customer, patient or corporate information against policy. The Insider Threat Report also revealed that 70% of organizations observed that insider attacks have become more frequent over the last 12 months. And 60% have experienced one or more insider attacks within the last 12 months. The results closely mirror McKinsey’s findings that insider threats are present in 50% of breaches reported in a recent study.
Adding to the complexity is the sheer number of communication channels that exist in Office 365 (i.e. SharePoint, OneDrive, Teams, Yammer) making it difficult for users to remember the rules for every situation and communication medium.
It can happen in any setting, and it can happen to you. So, what steps can you take to protect the business?
Protect Your Content and Your People
For starters, why are organization’s only relying on user training when technology exists to protect data in any circumstance? Education has its place especially when it comes to protecting against outside threats from hackers like phishing attacks. And educating users on data sharing polices is important for them to understand the rules around collaboration, but it’s just one step you should be taking to protect your data.
Just as organizations depend on security technology to protect them from a myriad of outside threats, the right technology is also invaluable to protect data from within; from malicious insiders look to profit from data theft to innocent slips of the mouse that result in a headline making data breach.
You should look to protect your data and users (arguably your next most valuable asset) by:
- Auditing Data and Access: To start, identify where all your data currently exists in both SharePoint, SharePoint online, OneDrive and any other data repositories and tools used to store it like legacy Windows file shares. You also need to ensure only authorized personnel have access to sensitive information – that includes your SharePoint admins. Sure, they need to know the files exist to manage them, but they don’t need to be able to look at the file contents unless the information is applicable to them – just like any other user.
- Classifying and Securing Data: Once you’ve reviewed who should have access to sensitive information, you should look to automate the process of classifying documents according to their sensitivity level. Don’t just rely on folder permissions or database security methods. The best course of action is to use data-centric security that both applies both classification and security to the individual document to restrict access and apply restrictions on what actions can be performed (print, save, email, etc.) based on its classification level. Extremely sensitive content should also be encrypted to ensure it remains protected if it makes its way out of the organization – intentionally or not.
- Addressing Changing Risk Profiles: Today’s data isn’t static – it’s constantly being collaborated on and changing. Look at data on a continuous basis to account for how information and its associated access attributes and user context change over time, then adjust its security accordingly. Assess the risk profile associated with the data and its use cases, then consider the security that should be applied in each scenario.
- Balancing Security with Collaboration: Keep the right balance between what users want from a collaboration perspective and what the organization demands from a security perspective. Go too far in either direction and you can make your situation worse. Too lax and your data can be shared far too freely. Too stringent and your users find an alternative way to share and collaborate using shadow IT. In either situation you lose visibility and control of your sensitive data.
Training Backed by Automated Enforcement is Essential to Data Protection
Data-centric technologies that adapt security controls to match data sharing scenarios, without placing a burden on users that will cause them to circumvent or reduce their productivity, is the key to securing collaboration inside and outside of SharePoint.
Directly integrated into Microsoft’s content and collaboration platforms including Office 365, Teams, SharePoint, and Yammer NC Protect provides effective, dynamic data-centric security that minimizes data loss and misuse across entire organizations. NC Protect enables Microsoft customers to better secure collaboration and protect against inside threats.
NC Protect works natively with Azure Information Protection (AIP) and other Microsoft products to provide granular information protection to data within Microsoft collaboration tools by controlling file access and use combined with restricting certain collaboration functionality as needed, including elements of the SharePoint user interface, an application’s method for viewing files, and encryption or restriction of attachments sent through Exchange Email. NC Protect can also apply dynamic, custom watermarks to editable and read-only Microsoft Office files for auditing and security purposes. It requires no additional client-side application, reducing IT overhead and the risks involved in implementing new cloud services or BYOD policies.
Secure Your SharePoint Collaboration
These measures coupled with a data-centric solution to automate these steps will help prevent insider attacks while ensuring the authorized users can access information in SharePoint to get their jobs done without bypassing security protocols to do so. In today’s modern workplace solely relying on people to follow data security and sharing protocols is not only outdated, it can seriously impact the safety of your sensitive data.
Learn more about how to secure SharePoint and Office 365 content with NC Protect:
If you’d like to discuss any aspect of your SharePoint intranet security, then get in touch.