Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

What are insider threats – and how do we prevent them?

Kinyarwanda version
 
An insider threat is a current or former employee, contractor, or business partner, who intentionally or unintentionally misuses organizational access to negatively affect the integrity of the organization's information systems. Insider threats come in three different types:
 
Compromised users
 
Compromised users are used as the vehicle for organizational compromise. A compromised user may have contracted a virus on one of their work devices which can then spread to the whole network, or visited a website on a work device that captures sensitive company information.
 
Malicious users
 
A malicious user acts independently and is intentional in the consequences of his or her actions. A malicious user example would be an employee who is about to leave the company, and chooses to intentionally share confidential business plans with his next employer.
 
Careless users
 
A careless user is likely to be negligent of data security polices. A careless user may be an employee that clicks on every link they see online, or removes sensitive work data from the premises to continue working elsewhere.
 
Below are some best practices that help to minimize the risks insider threats.
 
1. Deactivate employee access following termination
 
As soon as an employee is no longer a member of staff, shut down and disable every login or access they have with your company. This prevents a former employee from being able to negatively impact the company following a termination.
 
2. Limit employee access
 
Limit employees' access to only the applications, data and systems needed to complete their job. This level of risk management, means that the damage an employee can do is limited by the ICT/cybersecurity team.
 
3. Implement strict password and account management policies and practices
 
All users should enter systems through the use of strong and unique credentials that are regularly reset, and additional strict authentication practices such as multi-factor authentication. These policies make it mandatory for careless users to adhere to organizational principles that protect the integrity of the network.
 
4. Implement secure backup and recovery process
 
Implement backup policies that ensure that important data is duplicated on offline local storage or on the cloud, which is outside of your organization network. A backup of all important files would provide a solution in the case of a compromised user infecting systems with ransomware.
 
5. Instituting periodic security awareness training for all employees
 
While employees might be the biggest threat, they are also the first line of defense. Ensuring that employees are aware of insider threats will make them more understanding towards security protocols that they must adhere to.

05 September 2022

© 2024 National Cyber Security Authority