42 Seconds with a Code42 Customer: Lehigh University

Code42 provides your business with a variety of data security benefits, including increased productivity, risk mitigation, streamlined user workflows, and more–all in a single product that’s been proven to ultimately save you money. While Code42 has a few primary use cases–backup and recovery, device migration, etc.–we’ve learned that our different customers use Code42 in different ways. To explore how customers use our product, we recently partnered with the talented team at creative agency Crash+Sues to create a series of animated videos featuring the voices and likenesses of actual Code42 users.

In our latest video, Naazer Ashraf, senior computing consultant at Lehigh University, explains why they rely on Code42 over sync and share products for data backup and restore. As one of the nation’s premier research universities, Lehigh’s faculty are known for their excellence in research. Obviously, data is extremely important (and valuable) to researchers, so imagine the reaction when one researcher deleted files from Google Drive to save space–and discovered that doing so wiped the files for 10 other researchers. Naazer tells the story in just 42 seconds. Check it out below.

Protect Your Data from Insider Threats with Code42

Code42 provides your business with a variety of benefits, including increased productivity, risk mitigation, streamlined user workflows, and more – all in a single product that’s been proven to ultimately save you money. Recently, Code42 launched Security Center, a new suite of tools to help you spot suspicious data use behaviors in your workforce – and respond to them if necessary. There’s a big reason why we added this feature – the facts show that 89 percent of corporate data loss involves the actions of an insider.

We recently partnered with the talented team at creative agency Crash+Sues to create a series of videos about the core features of Code42. This most recent video focuses on an all-too common scenario in which an employee decides to steal valuable data from his employer. Unfortunately for him, this company has Code42’s Security Center.

Take a look today for an illustration of how Code42 and Security Center can help keep your enterprise’s data safe from insider threats.

How to Manage Data Security Risks That Live Off Network

I am already sick of it. That particular way that people’s faces look on webcasts is just not flattering. That said, that’s just one of the challenges we face (pun slightly intended) right now. Every day more employees are working from home. To get our jobs done and keep the business moving forward, we are turning to collaboration tools. Our days are filled with sharing files, Slacking colleagues and saving work to Google Drive. What does this mean for your security teams? Suddenly, they’re on the hook to manage a spike in file activity that now lives off network. The cherry on this particular sundae is, most of their tools (VPN, web proxies, etc.) aren’t architected to solve this problem at scale. 

That’s why we developed a new way to see places where your data may be being put at risk without slowing down your employees. The functionality is not complicated. It’s easy to deploy. And if you’re one of our customers, you actually have it already. For more information, check out this short video or skip past the break:

Spot high-risk users

With our new functionality, the risk intelligence around your remote workforce’s file activity is surfaced alongside existing data on our risk exposure dashboard. From the interface, you get a view into company-wide file activity across computers, cloud and email — including a specific focus on file activity for employees who are working remotely. In fact, you can pinpoint which workers are most actively moving data and may represent the highest level of risk to your organization. You also can quickly investigate file events, including file content, through our forensic search interface or see a view of the users’ individual activity by accessing their user profile. For example, below we see a sorted list of the employees with the most remote file activity. The ranking makes it easy for your team to decide where to dig deeper.

See a sorted list of the employees with the most remote file activity. The ranking makes it easy for your team to decide where to dig deeper.

Detect off-network file exfiltration

To focus in on the data itself, the risk exposure dashboard also shows file movement to the most common exfiltration vectors. This includes cloud sync activity, web browser uploads and movement to removable media, broken down by file category across your organization. With this level of detail, you can not only detect off-network exfiltration events but also validate proper use of corporate tools, and uncover Shadow IT that might indicate gaps in tools or training. 

Google Drive is this organization’s sanctioned cloud service, but these Dropbox events present potential risk.

Don’t believe it? See it for yourself. 

To really appreciate how quickly and easily the dashboard digs into off-network file activity, we think seeing is believing, so we’re offering a free product trial for 60 days to anyone who can use it during this time. Get more details about our 60-day free trial, including terms and conditions, here: https://code42.com/trial.

Now that we’ve covered all that, if you’re still reading this, congratulations. You’re now my new best friend. Talk soon!

The Work-From-Home Enterprise: Data Security Questions Investors and Board Members Should be Asking

Poof! Just like that the very perimeter organizations built around infrastructure, network, and endpoints to keep organizations safe is gone. Yes, we all have been saying the perimeter is gone for what feels like years now. But now, it’s really gone. This time for real, and I would argue for good.  

Our world has been turned upside down. The COVID-19 outbreak is first and foremost a health crisis that demands swift action in order to keep our loved ones, students, employees, neighbors and communities safe. Organizations and institutions around the world shut down offices and classrooms, fundamentally flipping the everyday face-to-face routines we all have to the work-from-home digital realm. 

What started as a health crisis is shifting dramatically to a global economic crisis. Businesses are being forced to make very hard decisions about their people, processes and spend for the sheer purpose of continuity. What we are experiencing is a wave of crisis centered on near-term survival. What we are missing is a wave that will have much longer-term impact. And it centers on the very thing the aforementioned perimeter was designed for — data security.

“ We have a security crisis on our hands. It demands we, as a security industry, rethink, reimagine and rebuild what data security means in what we contend is not the new normal, but the next-normal. ”

In a world where every employee and student is suddenly working from home, the very policies and processes organizations and institutions have put into place to secure data are rendered obsolete. We have a security crisis on our hands. It demands we, as a security industry, rethink, reimagine and rebuild what data security means in what we contend is not the new normal, but the next-normal. The information technology industry prepared us for the next-normal. Heck, they enabled it with technology like Slack, Zoom, Google Suite and Microsoft Office 365. Like it or not, the next-normal is already here and it’s in the cloud. It’s focused on collaboration, speed and simplicity. What’s not focused on collaboration, speed and simplicity? Data Security. It’s time information security catches up and catches up quick. 

Data security for the next-normal

To help boards of directors and business leaders think through the data security implications of the next-normal, we put together a series of questions that cover three key areas of data risk: remote employees, departing employees and high-risk employees. Managing data risk is not only an information security issue falling squarely in the hands of the CISO. In the next-normal, managing data risk is an organization-wide responsibility, so these questions also apply to the CEO, CIO, CHRO, general counsel and line of business leaders.

“ In the next-normal, managing data risk is an organization-wide responsibility ”

Remote workers

We are living through the largest shift in work culture in our lifetime. The spread of the virus has forced many people to work from home. A decision that, while necessary, has put a strain on your IT and security teams. Suddenly, they are on the hook to manage data risk beyond  the perimeter and do it at scale. Doing so requires some real gut-check questions:

  • Do you have visibility into all employees’ off-network file activity?
  • Do you know what trusted and untrusted collaboration tools employees are using? 
  • Do you know what data employees are moving, when they move it and where?   

Employee departures

With the global economy headed for a downturn, many businesses are planning actions that impact their human capital  — whether it’s furloughing employees, eliminating contractors or reducing their workforce. Employees are on edge. And when they’re on edge, they make decisions with data they may not normally make.  

  • When someone leaves your company, what do you do to ensure they aren’t taking confidential information with them? 
  • If an employee who is leaving returned a wiped laptop, could you determine what confidential information that employee accessed before wiping the laptop?  
  • If you suspect that a key employee took confidential information to a competitor, how would you investigate? How long would that take? What would it cost?  Would you have enough information to pursue litigation if required?

High-risk employees

To ensure business continuity during a crisis, it is important to have a clear picture of employees who are considered high risk. Workers could be considered high risk because of the data they produce or have access to, and/or because of their data controls and privileges.

  • If one of your key employees had his/her corporate IT credentials compromised, could you detect if the account was being used to transmit confidential information outside of the company? 
  • Which employees have access to your most sensitive information, including customer lists, source code, product roadmaps and more? What technology are you using to detect if they misuse that information (either intentionally or accidentally)? How would you know if an employee took sensitive data? When would you know? 
  • What steps would you take to prevent misuse of your trade secrets by employees? 
  • If one of your employees accidentally shared a file outside of your organization, how would you investigate to determine whether you had any reporting obligations to regulators or customers?
  • Have you educated your employees, especially privileged employees, about how to detect and avoid falling for potential phishing or malware campaigns? 

Of course, this is not an exhaustive list of questions for every possible data risk scenario, but they are a baseline for assessing your level of visibility or lack thereof. With the onset of COVID-19, we are navigating some uncharted territory. The next-normal has been thrusted upon us, and it’s rooted in cloud, collaboration, speed and simplicity. If we are to survive in the short-term and thrive long-term, we must rethink, reimagine and rebuild how we do data security.  We’re here to help.

What to Do When Data Becomes Invisible in a Work-From-Home World

Like many other businesses, Code42 has been looking for ways to help as this pandemic sweeps across the world. Many of our customers have asked their employees to work from home, which has put an incredible amount of stress on IT and security organizations. 

The Remote Employee Challenge

For the last two weeks, our team has been designing and building a view into the potential data loss that may be happening as a result of the massive change in how people are working. Our goal was to give more visibility to security teams who have trouble detecting when employees — intentionally or accidentally — put data at risk while using collaboration tools off network. That’s why we’re offering this new capability to enterprise companies for 60 days at no cost. It’s a small gesture in the scheme of things, but we hope it helps. 

Seeing Where Data Lives and Moves

At a time when so much data activity is happening off network, what security teams had visibility to last week is invisible this week. Face it, employees will do what they need to do to get their jobs done. They will upload files to Dropbox or Box. They may email business files to their personal email so they can work from their home computer. Or they might go old-school and copy work data to a USB thumb drive. This is bound to happen as employees settle in to working from their home offices.

So how can our new work-from-home view help your security and IT teams? They’ll be able to:

  • Pinpoint remote employees who take the biggest risks with files.
  • Detect unauthorized use of Dropbox, iCloud, Box, OneDrive and Google Drive.
  • Provide an organization-wide view of browser upload activity, including attachments to personal email, and uploads to personal cloud sync systems. 
  • Alert security teams to users with risky file activity based on file type, count and size.
  • Offer historical user activity profiles to speed insider threat investigations.

The Offer Details

Our offer is open to enterprise companies while they work through this new “normal.” To start using our new work-from-home view for 60 days at no cost, sign up by May 30, 2020, by visiting www.code42.com/workfromhome or contacting a Code42 Customer Success Manager if you are a current enterprise customer.

Our Commitment to Customers During COVID-19

As COVID-19 (the coronavirus) continues to impact our communities, I want to personally update you on the steps we have taken to ensure business continuity for all our customers.

In these unprecedented times, where many organizations are making the shift to remote work (including our own), I want to reassure you that your data remains safe and secure.

Being a cloud-based SaaS company, you can rest assured that our operations will not be impacted. Our workforce is very accustomed to leveraging collaborative technologies to work outside of the office. As part of our business continuity planning, we have tested the ability of our systems and processes to handle all of our employees working remotely, and we are well equipped to maintain the high-quality customer service and support you have come to expect from us.

The health and safety of our employees, customers and partners are paramount. We have minimized employee travel, both international and domestic, and will conduct internal and external meetings virtually as much as possible.

This is an unprecedented time for everyone, and the situation is changing in real-time. We are committed to maintaining our business operations and ensuring you continue to receive the highest quality service without disruption.

As you can expect, even through difficult times, we continue to innovate. To help you fully leverage your collaborative technologies, while maintaining your security and business continuity, we have developed a Remote Employee view in our product. This new view provides full visibility to data risk across your remote workforce. If you are interested in learning more, please contact your Code42 Customer Success Manager.

Thank you for your continued trust in Code42.

Collaboration Without Compromise: A New Approach to Securing the Remote Work Culture

We are witnessing the largest shift in work culture in our lifetime. And it’s putting remote work and collaborative technologies to the test at a scale that we have never seen before. Everyday the news is bringing us stories about more employees who are logging in from their kitchen table to email, slack, airdrop and message their colleagues. And while they are all focused on getting their work done, what might not be so apparent, is that they are also opening up their companies to heightened data risk. 

The simple truth is old-school technologies that were designed to prevent data from moving outside traditional security perimeters were never built to safeguard collaborative workforces. And if they weren’t equipped to protect routine cloud collaboration, how can they possibly handle the highly distributed workforces and huge influx of remote workers we are seeing today. 

The implications? This unprecedented situation is going to shine a light on gaps in the security stack that have existed for some time. So what can companies do to help secure this growing remote work culture?

Embrace the wave of collaboration

For starters, it means embracing the collaboration wave. The growth of remote work did not just start this month, it has been gathering steam the past dozen years. A survey by Global Workplace Analytics and FlexJobs states that remote work has grown 159% over the last 12 years. 

Collaborative work cultures definitely have their advantages. That’s why making it easy for employees to connect and get their jobs done — whether they’re in the office, on the couch, or at the coffee shop — has moved to the top of the to-do lists for many c-suites. In fact, according to the Code42 2019 Data Exposure Report, workforce culture ranks first among CEO, CIO and CHRO strategies and priorities. Why? CEOs, CIOs and CHROs are changing corporate culture in order to move faster. The more productive a workforce; the greater the payoff on the bottom.

Don’t let the inside be the blindside

Certainly, collaborative technologies — like Slack, Box, Microsoft Teams and OneDrive — are making it easier for remote workers to legitimately share files. The challenge, however, is they’re also making it easier to exfiltrate data, such as product ideas, source code and customer lists. 

Imagine how easy it is for an employee working from home to flip between personal and corporate cloud accounts like Google and Slack as part of their daily routine. Granted, some employees have malicious motivations. However, for the most part, its workers with the best intentions who will login to the most convenient tools at their disposal to get their jobs done — often without realizing the added data security risks they are creating for their company. 

The challenge is businesses are empowering employees with technologies for collaboration without having the proper security programs in place. Without the right technology, security teams are unable to detect and track files as they move between corporate and personal accounts. This leaves the files that employees create and share everyday vulnerable — and businesses open to insider threats.

The following stats paint a telling picture:

  • 89% of CISOs believe a fast-paced culture puts their company at greater data risk. (Source: Code42 Data Exposure Report 2019)
  • In the last 12 months, 66% of data breaches were inside jobs. (Source: Code42 Data Exposure Report 2019)
  • Only 10% of security budgets are dedicated to insider threats.

Bottom line: Insider risk programs are too often overlooked and underfunded – something that needs to change in this new era of collaboration.

Recognize that the culture shift requires a technology shift

So the question is. . . is it possible to have collaboration without compromise? Absolutely! Empowering employees to work-on-the-go does not have to come at the expense of the safety of data — that is, if companies are willing to shift how they think about and approach security. 

The lesson many companies have already learned is that traditional, prevention-based approaches to data security that focus on blocking are failing to protect data when workforces are highly distributed and reliant on the cloud to collaborate. In the Code42 2019 Data Exposure survey of 1600 business and IT leaders, 69% admitted that their organizations suffered an insider data breach at the same time they had a prevention solution in place. Not only were the organizations breached, but 73% admitted it takes months to discover, investigate and respond to a data breach. 

Think about it. Legacy solutions are busy trying to block access to files when the rest of the remote workforce is busy sharing. The approaches are working in direct opposition to one another. That’s why a new data security strategy is needed — one that fosters rather than tries to deter collaboration and productivity. 

At Code42, we believe data security should be defined not by what you can prevent, but by how fast you can detect, investigate and respond to the inevitable threats to data security. Fans of traditional prevention solutions will say: but if I can’t block, how can I prevent data from leaving? The truth is, data is already leaving. What is needed is a solution that offers complete visibility to where data lives and a high fidelity signal when it moves and leaves. 

If there is anything that we’ve learned during these past several weeks, it’s that the collaboration culture is here to stay. What we need to understand is that properly securing it is going to look different.

Code42 Extends Insider Threat Protection to Federal Agencies

An incident or breach caused by an undetected insider threat in the private sector could damage a business’s reputation or significantly impact the organization’s financial wellbeing. But, in the public sector, a similar undetected insider threat breach or incident could jeopardize our national security! That heightened level of risk is why we’re thrilled to share that Code42 has achieved the In Process designation from the Federal Risk and Authorization Management Program (FedRAMP) for Code42’s cloud-based insider threat and data loss recovery solution. With the In Process designation, Code42 appears on the FedRAMP Marketplace, which means that Federal agencies and contractors have the ability to leverage Code42’s insider threat detection, investigation and response capabilities.

Insider threat in the public sector: the risk is real

Breaches and insider threats in the private sector may get the lion’s share of the headlines, but the public sector is far from immune to the insider threat risk. A Carnegie Mellon analysis of data from the CERT National Insider Threat Center (NITC) Insider Threat Incident Corpus shows that the federal government has, by far, the highest number of serious insider threat incidents detected over the past 20+ years — more than all incidents from state and local governments combined. While alarming, it isn’t exactly surprising that the federal government is such a big target. Just as in the private sector, the offending insiders in the public sector tended to be in trusted positions, and most exfiltrated data during normal working hours. And just as in the corporate world, roughly one in three insider threats were contractors, vendors or another third party not directly employed by the federal agency.

Stepping up insider threat protection in the federal government

It’s not that federal agencies don’t understand the risks of insider threat; on the contrary, they are quite well versed and have been managing and setting best practices on insider threat programs for nearly a decade. In fact, way back in 2011, Executive Order 13587 mandated that all federal government agencies that operate or access classified computer networks implement an insider threat detection and prevention program — including the capacity to monitor and analyze the information from insider threats. But eight years later and with growing cloud adoption, there are exponentially more ways for insiders to exfiltrate data. The truth is that most federal agencies’ insider threat programs likely are built around traditional tools like data loss prevention (DLP) products that weren’t designed to handle the modern reality of ultra-portable data and widespread collaboration and file sharing — and simply can’t keep up with today’s resulting insider risks to data.

Code42 gives federal agencies a new insider threat toolset

The In Process designation is a significant milestone in the FedRAMP authorization process. Code42 is working towards FedRAMP authorization by the fall of 2020. But as I mentioned earlier, Code42 is already available on FedRAMP Marketplace — and organizations can even begin the onboarding process today. That means all federal agencies and contractors can leverage our industry-leading backup and recovery capabilities, while also gaining access to our insider threat detection, investigation and response capabilities.

Our solution quickly surfaces insider threats to a federal agency’s most sensitive, valuable and vulnerable files and information, so security teams can respond immediately and effectively — before damage is done. The solution tracks files as they are attached to web-based emails, uploaded to web applications, and moved to USB sticks and external hard drives. As part of its offering, Code42 also preserves a copy of all versions of all files on a user’s computer. This data can be used for forensics or to recover data after theft, ransomware, hardware or software failure.

Demonstrating our commitment to the highest security standards

FedRAMP Authorization requirements include some of the very highest standards for cloud security and data security risk mitigation in the world. Code42 is actively working on FedRAMP Authorization and, once achieved, will mean that we adhere to some of the most rigorous security standards and requirements. Of course, this is meaningful well beyond the public sector: FedRAMP certification should give all Code42 customers reinforced confidence in our ability to secure and protect your data.

We’re quite proud of this achievement around the Code42 offices — and we’re excited to extend our solution beyond commercial and educational organizations to the federal government, helping to protect sensitive federal data that impact us all.

Code42 2020 Data Exposure Report: The Risky Rise of Collaboration Culture

As we’ve covered in this blog in quite some depth, mitigating insider threat isn’t easy. Workers who are given trusted access to applications and data oftentimes sit in a great position to abuse that trust – either maliciously or unintentionally.  After all, they usually know where the organization’s most valuable data resides. 

Unfortunately, the challenges we’ve seen to date are only the beginning. Our newly released 2020 Data Exposure Report reveals how cloud-based collaboration tools have forever transformed the way staffers share information and collaborate with their peers. As our report found, employees are now relying on countless numbers of messaging apps, file transfer services, and cloud apps to share data within — and without — their organizations.

“ Employees today are using every app and cloud service they can as they try to work and be productive in ways that are most convenient to them. ”

Sure, employees have been sharing in ways that they shouldn’t, such as with corporate or personal email, for decades. But email is relatively easier to monitor than all of these new communication services and ways to collaborate. Today, email is but a portion of how staffers collaborate on data files. Employees today are using every app and cloud service they can as they try to work and be productive in ways that are most convenient to them.

This trend is undoubtedly giving security professionals heartburn. According to this survey, which is based on 4,505 knowledge workers in the U.S., U.K. and Germany, Austria, and Switzerland, staffers regularly rely on both cloud services that they’re authorized to use — and those that they aren’t. In fact, the survey found that 37% of respondents use unauthorized apps daily to share enterprise data and collaborate on work.

What unauthorized apps are employees using?

What unauthorized apps and services are insiders using to sidestep security policy, and why do they avoid those apps that have been sanctioned? Respondents said that they avoid enterprise approved apps because they find them complicated, slow and insufficient. The unapproved apps they turn to most often include WhatsApp (34%), Google Drive (30%), Facebook (29%) and personal email (26%).

This changing nature of how workers collaborate and the varying tools they use is proving too great a match for traditional insider threat programs. Too many insider threat programs today don’t have the ability to provide security teams the actionable insights they need to identify and mitigate data leaks. This is true whether those leaks are intentional or accidental.

This survey highlights just how far behind most enterprises are when it comes to reining in the risks associated with data loss, especially with both the growing collaborative work culture and as employees change jobs. As we’ve covered in depth over recent months, departing employees are a significant risk. Our survey confirms this.

“ Rely on our survey, which found that 87% of employees surveyed said that their former employer did not verify whether they took data with them as they left. ”

The survey found that 51% of those surveyed believe that organizations overlook the risk to corporate data and that such risk is a more significant threat than they realize. Consider this: 65% of our respondents admitted that they have repeatedly taken data from former employers, and about one-third of those respondents said that they were encouraged by their new employers to share their infiltrated data with their new co-workers!

Still aren’t convinced that enterprises aren’t taking the departing employee risk seriously? Don’t just take my word for it. Rely on our survey, which found that 87% of employees surveyed said that their former employer did not verify whether they took data with them as they left.

If enterprises are going to successfully secure the collaboration culture and their data — and effectively mitigate insider threat — they are going to have to make significant adjustments in their approach to data security. They are going to have to find ways to detect and examine how data files are moving across endpoints and cloud services.

These data sharing and work collaboration trends are only going to increase in the years ahead. In fact, the pace of these trends will  accelerate as more workers continue to collaborate how they want wherever there’s an Internet connection. Interestingly, despite an increased emphasis on file-sharing, 36% of workers have grown more complacent about data security. Finally, this survey confirmed what we already knew – that departing employees and insiders pose significant risks to data security whether they intend to or not. But, it also unearthed a few new nuggets. That includes, stunningly, many employers encouraging the use of data brought from new hires from their previous employers. The survey also uncovered how employees believe that the collaboration culture is making employees even more complacent when it comes to data security. And, ultimately, the survey showed that traditional data loss prevention tools just don’t work, especially in this age of job changing, and increased collaboration and file sharing. Don’t forget to get your copy of the full report, here.

Don’t Poison Your Employee Experience With the Wrong Approach to Insider Threat

The year 2019 was a harsh reminder that as much as organizations try to downplay insider threats, they cannot be ignored or overlooked. Organizations like Capital One, McAfee (itself an insider threat solution) and even Apple can attest as they all found themselves on the wrong side of the headlines. Needless to say, as the year wrapped up, many 2020 predictions and resolutions included a better approach to insider threat.   

Forrester’s aptly titled report, “Don’t Poison Your Employee Experience With The Wrong Approach To Insider Threat” is timely! As much as we don’t want to admit the obvious, our colleagues are among the biggest threats to the data security of our organizations. But there’s a balance between understanding malicious and non-malicious intent. And with the CCPA and GDPR serving as backdrops to data privacy, security organizations have their work cut out in balancing the security and productivity of end users. No easy feat!

My Top 5 Takeaways on Forrester’s Latest Report on Insider Threat:

  1. Make your insider threat program fit within the overall security program. We know incident response processes have taken center stage in the security world. It’s all about decreasing time to detect and respond to threats. Insider threat needs to be a part of the overall incident process. Few organizations have well-defined incident response scenarios for insider threats, but that trend is changing fast.
  2. Don’t let security become a burden on employee productivity. Code42 has been saying this for quite some time and it’s worth repeating. Security is often confronted with a crossroads situation. Traditionally, the idea of prevention (otherwise known as Data Loss Prevention) has operated on the notion of blocking suspected users from carrying out their jobs. This approach is outdated and comes at the cost of collaboration. A new wave of solutions are paving the way for a security strategy rooted in protection, and one that embraces collaboration.
  3. The Collaboration Culture is a Security Culture. Gone are the days where security is a dreaded practice with productivity stalling implications. Today’s security culture is about embracing collaboration and why not? Ask any CEO what their top digital transformation initiatives are and they’re likely to put “better collaboration” near the top of the list.
  4. Technology and human intelligence fuel your insider threat program. Emerging insider threat programs are made up of people and technology. While many organizations have relied on technology to solve a very human program, it’s clear that understanding user behavior patterns, what drives user actions and predicting users’ next moves are equally important. In the end, an insider threat program is all about speeding up time to respond to a threat. By combining technology and human intelligence, you are building yourself an all-encompassing program that covers multiple vectors.
  5. Code42 takes the focus off users and instead focuses on file behavior. And of course, I have to mention Code42 here. While many security solutions are solely focused on user behaviors and actions, our approach has been simply rooted in understanding the behavior of the file. And it’s very simple logic… In the end, the malicious end user is after your “data,” so understanding everything about that data is paramount. As I like to say, “don’t follow the employee, follow the data.” With data privacy becoming more important and organizations growing more mindful of being “big brother,” an approach rooted in data will only become more important and compelling.

2020 will undoubtedly be another breakthrough year for insider threat. There will be more headlines, innovative security solutions and smarter insiders. In the midst of this growing problem, it’s good to see Forrester remind us that building an effective insider threat program doesn’t have to come at the cost of killing your employee experience. An effective security strategy coupled with a productive workforce? I say bring on 2020.

Download the complimentary Forrester report here.

From Carelessness to Activism — Why Insiders Do What They Do

Whenever the subject of insider threat arises, the discussion gravitates toward the insider who has acted maliciously in some way. People often think of the executive or staffer who stole confidential information about an impending corporate transaction or intellectual property, such as source code, and intentionally exposed or sold it.

This certainly is understandable, after all such stories permeate the press. Just a few weeks back in late January, Hershey sued one of its former executives for alleged theft of some of its most sensitive trade secrets and confidential business information before going to work for a direct competitor, while Coca-Cola learned of an alleged security breach when a former employee was found with a drive containing the personal information of about 8,000 people. There is also the case of the three former McAfee employees that the company alleges took confidential information to a competitor.

While incidents like these are all too common, they’re not the only types of insider risks that damage the data security at organizations. There are many other reasons, beyond financial gain, why insiders do what they do. In this post, we hope to highlight some of the other common causes behind insider risks, and what they mean for your security and insider threat program.

The careless insider

As our Data Exposure Report  has shown, not all insiders intentionally act maliciously. Many insiders will inadvertently click on a link tucked within a phishing email and their endpoint will get infected. Or they will be careless with their notebook or removable drives and lose them. Drives that are, of course, unencrypted. This is perhaps one of the largest insider threat categories. And it’s not just front-line employees. According to our 2019 Data Exposure Report, 78% of CISOs and 65% CEOs admitted that they’ve clicked on a link that they shouldn’t have.

People want to use the data as they wish

Not only do people want to use data as they wish, they actually view enterprise data as their data. According to our research, over 70% of information security and business decision-makers agreed that the data at work isn’t just corporate data, it’s their work and their ideas. This means there is great risk departing employees will take data with them when they leave for a new employer. Conversely, new staff are likely bringing work from their previous employer into their new companies.

People want to work the way they want to work

Not only do staffers and other insiders want to use data as they wish, they want to work exactly how they want to work. There’s a lot of this Shadow IT underway, especially when it comes to collaboration, cloud storage, and social media. Our research and experience with our customers show that insiders will, rather than use collaborative tools provided by the organization, turn to unauthorized collaborative tools, social media and personal email to share information. Not good.

Political motivations

People today are more politically motivated than at any other time in recent history, and they are more likely to act in accordance with their political beliefs. Whether it’s over environmental issues, party politics, or other social causes, if someone perceives the organization they work for to be on the wrong side of a social cause, it could very likely be a catalyst for someone to lash out at the company by stealing, destroying or exposing data.

The spurned staffer

Sometimes insiders will do something bad with a motivation other than financial, or at least the financial gain is secondary to extracting a reprisal of some sort. These types of insider threat actions can be triggered by resentment for being overlooked for a promotion, a raise that was perceived as inadequate, perceived poor project assignments, scorned office romance, and any number of other potential personal reasons. 

As you see, there are many different reasons and motivations behind insider threats. How should your enterprise protect itself from insider threats with such varying motivations?

Focus on the data, not the motivation

Fortunately, you don’t need a different plan for each motivation. At least not when it comes to protecting your data. What enterprises need is a data security policy that includes data security awareness training and technology to monitor data movements to avoid unwanted data exfiltration.

An effective data security policy will also detail who owns the data and the proper ways to access, use and store that data. It’s also important that staffers be continuously reminded of this policy through periodic security awareness training or login banners. Finally, you’re going to need technical controls in place that will enforce your data security protocols.

One thing we’ve certainly learned is that those technical controls that attempt to block data leaving the organization are not actually effective at stopping unwanted data exfiltration. In fact, by just being in place, these technologies often create a false sense of security. We’ve learned, instead, that capabilities to monitor and audit all data movement are much more effective.

It’s true that the motivations behind the insider threat are varied and the risks they pose are significant. After all, who else better knows where the valuable data resides, why it’s valuable, and how to obtain it than those on the inside. Fortunately, to succeed at minimizing insider threat, you don’t need to focus on every motivation — you just need to focus on the data.

Code42 blog header

RSA Conference – The Busiest Security Week of the Year

The world will be talking security very soon – the RSA Conference is just around the corner.  From February 24 to 27, more than 40,000 information security practitioners, influencers and enthusiasts will descend on the Moscone Center in San Francisco for a week packed with presentations, product demos, breaking news stories and connecting with peers. 

Team Code42 will be in the North Hall of the Moscone Center ready to talk to security and IT teams about one of the biggest risks to their data –  insider threats. If your challenge is to protect your data from walking out the door when your employees transition out or from careless users, schedule a technical demo now or drop in at our booth, N-6079. We take a new approach to insider threat detection, investigation and response and can protect your most valuable IP, product plans and customer lists without rigid policies and without blocking your employees from collaborating and sharing files. We cut through the noise and give you access to incredible detail about file movements with only a click or two. We’ll be at booth, N-6079:

  • Feb 24: 4:30-7 p.m.
  • Feb. 25: 10 a.m. to 6 p.m.
  • Feb. 26: 10 a.m. to 6 p.m. (Pub Crawl from 4-6 p.m.)
  • Feb. 27: 10 a.m. to 3 p.m.

If you don’t yet have an expo pass and are having some serious FOMO, we’ll get you in the door for free. Reach out now for a complimentary expo pass.

Code42’s CEO and SVP to Present Feb. 25

We are thrilled to share that CEO Joe Payne and SVP Vijay Ramanthan will co-present from the expo floor of the Moscone Center the afternoon of Feb. 25. Please join them to hear their insights about why insider threat is such a big, unsolved problem for today’s most progressive companies, and how companies can get a leg up on some of the biggest threats to their data.

The Insider Threat –- You’re Flying Blind
Code42 President and CEO Joe Payne and Senior Vice President Vijay Ramanathan
When: Feb. 25: 4:20-4:50 p.m.
Where: Moscone Center North – North Briefing Center, booth N-6545
Session Description: Studies show that 90% of data loss that manifests from inside organizations goes undetected. What’s worse, nearly 70% of organizations that were breached from the inside had a data loss prevention solution in place. The brutal truth – prevention solutions are not effective at stopping insider threats. Attend this session to learn from Code42 senior executives about how data risk detection and response ensures you and your organization are not blindsided.

Code42 Customer Theater Presentations Feb. 25 and Feb. 26 

This year we are really excited to welcome three of our customers to speak in our booth, N-6079 during RSAC 2020. Security practitioners from BAYADA Home Healthcare, Crowdstrike and Exabeam will share the strategies they’ve used in their successful insider threat programs. 

Look Closer: Your Files are Leaving During Employee Departures
Speaker: Andrew Jarrett, Senior Manager, Desktop Equipment Services, BAYADA Home Health Care
When: Feb. 25: 11 a.m. to 12 p.m. | Feb. 26: 11 a.m. to 12 p.m.
Where: Code42 booth N-6079
Session Description: Sixty-three percent of employees brought data with them from their previous employer (Code42 Data Exposure Report 2019). The flip side of this is that employees are taking data with them when they quit, and most organizations do not have the processes or tools in place to detect, investigate or respond when data is put at risk by a departing employee. BAYADA Home Health Care recognized this risk, and took action to mitigate it by defining an internal departing employee process built around the use of Code42’s insider threat solution.

Insider Threat: The Risk your SOC Won’t Catch
Speaker: Ryan Bonfadini, Incident Response Analyst, CrowdStrike 
When: Feb. 25: 1-2 p.m. | Feb. 26: 1-2 p.m.
Where: Code42 booth N-6079
Session Description: Don’t let your insider threat program be stuck in the past (or be nonexistent). Learn how to modernize your insider threat program and prepare for next generation attacks. During this session, Ryan Bonfadini will share his expertise gained over the past seven years where he has established and matured insider threat programs at CrowdStrike and Symantec.

Data Security in the Age of Collaboration 
Speaker: Alex Koshlich, IT InfoSec Manager, Exabeam
When: Feb. 25: 2-3 p.m.  | Feb. 26: 2-3 p.m.
Where: Code42 booth N-6079
Session Description: For many companies, the accelerated pace of their growth doubles as one of their greatest security risks. To maintain security while fostering growth, Exabeam allows employees to use whatever tools are necessary to get the job done, as long as security can maintain visibility into those tools. To accomplish this, Exabeam relies on Code42’s solution to see how files are moving across their endpoints and cloud applications. 

After Hours Security Party

Join Code42 for an exclusive, invite-only event at the Minna Gallery with fellow RSAC attendees! Enjoy complimentary drinks, live entertainment and heavy appetizers. Space is limited, so RSVP now.

When: Feb. 25: 7-10 p.m.
Where: 111 Minna Gallery, 111 Minna St., San Francisco, CA 94105