Too Long; Didn't Read
In 2023, Tesla experienced its biggest insider threat of the year in May, announcing that it had suffered a massive data breach, marking what is possibly the biggest breach in the company’s history with over 75,000 employees and former employees having personally identifiable information (PII) leaked.
While the leak is interesting in itself for reasons of scale and the high profile target, in this article, we are going to look at the role that fostering loyalty with employees can play in helping to tamper the desire of employees to want to turn against their organizations.
3 Tips for Reducing Insider Threat Risk
Given the ways that employee loyalty can be diminished, how can organizations improve the positive feelings that their employees have and reduce their risk of an insider threat incident?
Here are a few suggestions.
Provide an Outlet for Frustration or Concerns
Beyond the need to feel appreciated, people need to feel that they have a place to turn to when something is bothering them at work.
A question any company, especially a manufacturer, should ask is whether employees have a place to go where they can voice ethical concerns in house and see that they are handled with due seriousness?
If workers do not have an internal channel for dealing with concerns, then they may seek options elsewhere.
Invest in Education and Training
There’s an interesting question about when it comes to accidental insider caused incidents. On the one hand, they do not actively choose to harm their employer since the case is unintentional. However, on the other hand, a lack of interest in following the guidelines due to a lack of a strong commitment to their organization probably plays a role in these incidents occurring.
Dealing with the non-malicious actors requires less stick and more carrot to get results. Training and education can play a critical role here in preventing incidents.
The advantages here can be two-fold. Learning the proper protocols for handling sensitive data and systems teaches them how to do the job correctly and safely. It also gives them a sense of ownership.
When your organization invests time and resources into training them how to be better at their job and protect the organization, then chances increase that they will try to implement what they learn in the courses.
Encourage but Verify with User Behavioral Analytics
Even as we work to increase the level of trust with employees, we need to implement measures to verify that folks are on their best behavior.
This means putting in place User Behavioral Analytics tools for continuously monitoring behavior in order to establish a baseline of activity. Once we understand how people interact normally with the systems that they are entitled to work with, think about which applications, data sets, etc that they interact with regularly, then we can detect when they begin to act anomalously.
Most insider threat cases follow similar patterns in that they have threat actors abuse their privileges and find ways to exfiltrate their pilfered data. By monitoring sensitive files, we can see who is accessing them, and potentially who is stepping outside the lines and needs to be followed up with.
Loyalty is Earned, Not a Given
One note for clarification. Companies are not families. They hire, fire, downsize, and work in their own self interest. Most of us do not fire our family members, even if we want to sometimes.
Employees have the same right to leave an organization if they feel that their own needs are not being met. Having loyalty to a company does not mean that someone should stay if they are not happy.
What it does mean is that if the organization acts properly, then they will engender enough good will to keep employees on the ethical and legal path of not stealing their data or seeking to cause them harm.
And that may count for enough to help diffuse and prevent a potential incident.