POPIA Compliance – Insider Threats

Problem

The most important thing to your organisation is its data. Data drives your mission and is targeted by numerous
adversaries or competitors. The easiest way for someone to compromise your organisation or their data is through an insider.
An insider is a trusted individual who has ulterior motives, their goal is to steal your information or cause harm to your organisation. An insider can be anyone who works in your organisation, including employees (including disgruntled employees, leavers, manipulated individuals, negligent employees, overspenders, former employees and whistleblowers) and contractors. What makes an insider so dangerous is they have trusted access to your information, assets and resources.
Compromising your highly confidential data can be as simple as copying critical data to a portable drive or just emailing it out of the organisation. Anyone in your organisation could be a potential insider, as such you should always be on the lookout for suspicious behavior.

Identifying an Insider Threat

If you see the following behavior, you should report it immediately to your supervisor or Information Officer:

  1. Someone asking for access to information they do not need access to in order to perform their job.
  2. Copying large amounts of information at a copier, carrying a large number of documents out of the organisation, or transferring extremely large or unusual files.
  3. Working strange hours and coming into the office when no one else is around;
  4. Someone trying to log into someone else’s accounts or asking someone to give them access to a secure area such as a data center.
  5. Sending a large number of emails out of the company with attachments or carrying portable USB drives out of the organisation.

Solution and POPIA Policies

In order to minimize the impact of the insider threat, you can take the following steps to help protect yourself and your
organisation:

  1. For any data that you are responsible for, only give people access that is required for their job function. Even if someone has the required clearances ask yourself if their job require it. If not, then do not provide the information, or if you are not sure ask a supervisor. In addition, this access should be reviewed on a regular basis. Overtime people that need access to certain data may no longer need it and should be removed – use our 00.3_Personal Information Assets Information Classification Matrix and Handling Guide and 05.2_Minimum Access Policy.
  2. Do not copy work related information to personal drives or take sensitive information home with you unless you have prior authorisation. In addition, be sure you do not copy any work related information to public or cloud based services. Examples include do not forward work data to your personal email account, sharing data with cloud services such as Dropbox, or copy data to your smartphone – use our 02.5_Access and Confidentiality Agreement with Employees, 05.4_Acceptable Use Policy_Computer Equipment and 05.10_Removable Media Policy.
  3. Always lock your computer and your desk when you are going to be away for a long period of time. This ensures that unauthorised individuals cannot access any sensitive information you may have in your desk or access your computer – use our 05.7_Clear Desk and Clear Screen Policy.
  4. Never give anyone access to your account or share your password with anyone, including a supervisor. By giving someone access to either your account or your password, not only do you jeopardize your organisation by giving unauthorised access, but you will be responsible for all of their actions – use our 05.3_Password Management Policy.

The insider threat is a real and ever growing problem. You never know who could be causing harm to your organisation, so always be on the lookout for suspicious behavior.

Leave a Reply

Your email address will not be published. Required fields are marked *