It’s hard to know what’s going through your employees’ minds to determine if you are vulnerable to insider threats. Just by looking around your office, you probably can’t tell if any of your team members are planning to leave – and whether they are plotting to take some of your data with them. One employee may be ready to start his or her own business and wants your client data. Others may cave to the temptation to sell your IP for profit, or some may want data from your company to use in a new role at a competitor’s business. Furthermore, contractors with access to your cloud documents may find data they can capitalize on and steal it for themselves.
In any case, when your data is stored in the cloud, there are a few paths bad actors can take to access it:
An employee set on stealing data can make copies of your documents and download them to a personal device. It’s most likely your employee will do this before giving notice, realizing that you might monitor that activity after they resign, but probably not before.
Employees listed as editors on documents can share them with their personal email accounts, ensuring they can continue to access those documents after they leave your company. This can give them the ability, for example, to watch your earnings over time or track progress on patents. You may be careful to disable their corporate email account, but without some investigation, you wouldn’t know their personal email address gives them continued access to your data.
You may have restricted access to sensitive documents to only specific people, but Google Docs gives editors the ability to change those permissions. An employee leaving your company can save links to, for example, a pending lawsuit, a salary plan for the upcoming year, or communications between members of your executive team. Then, he or she can change permissions to “anyone with the link can view.” This gives your former employee access via the link to read, copy, edit, download, or even leak that document on the web.
Any of those scenarios are possible if you store sensitive documents in Google Workspace or other cloud collaboration platforms. These cloud solutions give you the ability to choose the level of permission that collaborators have and what they can do, i.e., view, suggest, or edit the document. Editors can also add collaborators and change permissions – without you knowing it. Google Docs includes an Activity Dashboard that allows you to see a list of collaborators if you take the time to review this information for each document. However, you need to do further investigation to see who added the collaborator, and you won’t receive an alert in real time when changes to the list of collaborators or other interactions with the document occur.
It’s also important to be aware that not all insider threats are malicious. Sometimes employee carelessness or accidents can create as much, if not a higher, risk. Employees may change permission to “anyone can view” when a collaborator is having trouble accessing a document, accidentally share the wrong link, or email a link, which is subsequently forwarded to another person. Unfortunately, even though an employee may not be complying with company policies in these instances, these errors can go unnoticed unless someone investigates collaborators' activity on each document – or you realize a data breach has occurred.
Relying solely on the security tools that Google Workspace or other collaboration platforms provide is not an effective way to address insider threats. A more effective approach is to deploy a solution that constantly evaluates access to every file, every download, and every time someone adds a collaborator or changes their permissions. A cloud-native solution that combines data science and always-on analysis can provide transparency into risky actions or individuals who are mishandling data. Optimal solutions will also make threat detection and remediation as easy as possible so that all members of your team adopt them.
Insider threats aren’t new; however, the types of risks change when companies move from paper-based documents to the cloud. Policies designed to protect sensitive data will shift from a focus on rules for copying paper documents or taking restricted material home in a briefcase. Instead, your policies need to address how to prevent a malicious actor from stealing data from the cloud.
As you implement new cloud-based security processes to enable greater efficiency, streamlined workflows, and easy access to the insights your team members need, also remember to consider the dark side of the cloud. Ask yourself how a cloud platform can make your company and your data vulnerable to insider threats – then stay one step ahead of malicious actors by deploying a security solution that can protect your business.
Fill in some contact info below or schedule a meeting so we can reach out to provide more details on how Altitude Networks can protect you from data loss in the cloud.