Every Thanksgiving, a local Minneapolis columnist names his “Turkey of the Year”—a rather ignominious honor. In this spirit, Code42 is naming our Data Security Turkeys of the Year: the riskiest types of employees in your business. As you work to mitigate insider threat, these are the people to watch out for—and to keep a close eye on.
- The Newbie: Most companies now make InfoSecurity policy part of employee onboarding. But well-intentioned new hires are still some of the highest offenders when it comes to breaking policy. They forget policy. They fall into bad habits picked up at previous employers. As they learn new workflows and seek to make their mark, they’re prime candidates to work around policy in the name of efficiency.
- The Grump: Opposite the well-intentioned newcomers are the disgruntled employees. Though they come in many forms, they’re all high-risk users. At best, they’re entertaining other job offers and typically have no qualms about taking proprietary data with them when they leave. Luring them into corporate espionage or bribing them to steal data isn’t difficult—their allegiance to your business is long gone. Some feel such spite that personal gain isn’t an issue—they’ll delete data just to sabotage the company.
- The Entitled One: These highly motivated, highly confident employees hold their work in high regard—and believe they are the true owners of their entire work product. They’re likely to entertain job offers or other opportunities and won’t hesitate to use sensitive data or intellectual property to land their next gig, or to get ahead in a future job with a direct competitor.
- The Snooper: More of a behavior pattern than a persona, the Snooper frequently asks about information, data or assets that don’t relate to his job—or that are above his “security clearance.” He’s likely to recruit the help of other employees, asking for “favors” in the form of access credentials or sharing data from other parts of the business. Snoopers often have a track record of failed login attempts with others’ credentials—red-flag behaviors they explain as “mistakes.”
- The Sloppy Senior Manager: High-level managers and executives are twice as likely as the average user to send sensitive information to the wrong destination. More than half of these high-ranking employees take files with them when they leave. The Sloppy Senior Manager believes she’s above InfoSec policy, demanding exemptions to certain policies while freely ignoring and working around others.
- The Frequent Forgetter: The most common Turkey of all, the Forgetter’s hallmark is a long history of password resets. This red flag is a sign of bigger problems. The Forgetter chooses a simple (read: hackable) passwords, uses the same passwords across multiple applications and rarely changes them. To save himself the embarrassment of yet another forgotten password call, he’s likely to write his access credentials down. Forgetters tend to find each other in the workplace, often sharing credentials or using the same passwords to “help each other out.”
Step 1: spot the turkey; Step 2: leverage endpoint visibility
This list is far from comprehensive, and spotting suspicious or high-risk users is just the first step in insider threat mitigation. Download the white paper, “Fighting Insider Threat with Endpoint Visibility,” to see how to build your threat mitigation strategy.