When you think of threats to your company, you probably think of external threats: criminals, weather events, and other disasters. But what about the threats within your own organization?
Insider threats are particularly disturbing to businesses, because company leaders expect loyalty from their employees. Unfortunately that isn’t always the case. Underpaid employees are often easy targets for rival organizations. Those employees may be struggling financially, and willing to make money by stealing intellectual property or giving a competitor information. In many cases, the employee believes such acts of espionage are “victimless” crimes; no one is getting hurt, and the employee may not feel like they are stealing from another person.
In the last year, governments have started getting more involved with insider threats. China most recently passed an anti-espionage law targeting non-Chinese businesses, but other countries are getting involved as well. This will likely have an effect on how insider threats, both real and perceived, are handled in the next year.
The cost of insider threats
According to a recent report from the Ponemon Institute, insider threats have been on the rise in recent years. The research finds that 67% of organizations experience between 21 and more than 40 incidents of insider threats a year. This uptick in insider theft is concerning; no one wants their most important intellectual property stolen by a competitor. There’s also an effect on the bottom line; the cost of criminal insider theft in 2022 was $4.1 million, according to Ponemon’s report.
Intent doesn’t always matter when it comes to insider threats. True, the phrase “insider threat” may conjure images of malicious attacks on your organization’s intellectual property from the inside, such as disgruntled employees and corporate espionage. There is, however, a third group of insiders who increasingly pose a threat to your business: well-meaning but careless employees.
According to Ponemon, 56% of insider incidents are caused by negligence. The problem we see most often is that people tend to ignore best practices when it comes to protecting information. For example, a group of employees who post a selfie of themselves at work to social media, might inadvertently reveal intellectual property in the background.
How can you mitigate insider threats in 2024?
Don’t expect employees to keep your secrets: Your employees aren’t your friends. They’re probably not your family either. They work for you. This means that although your trade secrets are important to you, they aren’t necessarily important to the rank and file workers in your company. If a trade secret is important, limit internal access to it.
Teach information security best practices: Because most people don’t think about security like a security practitioner would, it’s important to teach your employees proper information security and document control, and incorporate it into your company culture.Your culture is important; once your employees understand why security is so important, many of them will be more vigilant about best practices.
Know who is disgruntled: Your rivals probably know which employees are unhappy, so do your best to know who those workers are. Look for the actively disengaged people, the ones most likely to want to sabotage your organization. Keep in touch with culture by talking to employees and using surveys. Make sure that people who are terminated no longer have physical or digital access to your property.
Talk to your team about espionage: Many people aren’t thinking about corporate espionage on a daily basis, but that doesn’t mean it can’t happen. Tell your employees to be careful of what they post online, because careless posts can make employees targets for social engineering hacks or future attacks. The internet doesn’t even need to be involved. When employees head out to lunch at a local cafe or to after work drinks at a local bar, they’re likely to talk about work in the hearing of potential bad actors. Criminals know this, and may go to local hangouts in hopes of seeing or hearing trade secrets.
Limit your sales materials: It’s normal to get excited about your company’s innovations. However, be careful what you release in your sales materials. You might be giving something important away.
Look beyond your employees: Insider theft can come from a number of sources: vendors, channel partners, resellers, or even clients. Be aware of who has access to your most valuable information and lock down anything that can be stolen.
Intangible assets are still assets
You would not leave a stack of hundred dollar bills sitting unattended in your workplace. Nor would you walk around with a gold bar in your hand, setting it down on bar tops and restaurant tables, or accidentally leaving it on your car seat for a few hours.
You shouldn’t leave your ideas lying around either.
People tend to think differently about intangible things than we do about physical objects, but ideas are easily stolen, especially if they’re not guarded. Treat your ideas and notes as you would a gold bar. Give them the same amount of protection. After all, your ideas are probably more valuable than gold.
Need more insights on keeping your IP safe? Contact Circadian Risk for a demo today.