Why The Coronavirus Outbreak Will Promote Insider Threats And What You Can Do About It?

These are overwhelming times for all of us.

Stress, burnout, and anxiety are at a global high, locking many of us out of the flow.

Coronavirus: it’s what every news outlet and people are talking about.  With the devastating ongoing pandemic, public venues are being asked to close, while more companies are requesting their employees to avoid attending their office and work from home.

Although businesses have moved more and more towards work flexibility over the years, the idea of having your entire organisation working from home is altogether a different scenario.

Given that people all over the world are in a state of anxiety, apprehension and high alert, the perception and awareness of doing business-as-normal runs out of the door.

Emotions are running high. Stress is swelling. Fear is in everyone mind. What state of mind will employees be moving forward?

Unfortunately and invariably, employees will be more careless and negligent given the stressful situation. Accidental and unintentional of data loss and data leaks will more likely to happen.

In times of severe stress, human beings will revert to the most basic instincts – “survival”, and consequently logic thoughts will be thrown out of the window.

Our primary concern is for oneself – our physical health. If you ever come across Maslow’s Hierarchy of Needs, you will see that the first three needs deal with your physiology, safety and belonging.

Yet, in these trying times, employees may be more brazen and seek to take data out for their advantage if their well being and livelihood are threatened.

In a previous article, I wrote in November 2019, I explicitly defined the difference between Data Loss – Data Leak – Data Exfiltration. You can find the item here.

  • Data Loss – Is the result of data that has been unintentionally or accidentally misplaced so that it is no longer accessible. Simply put, it is lost
  • Data Leak – Is the result of the unauthorised and unintentional transmission of data within an organisation to an outside party.
  • Data Exfiltration – Is the result of unauthorised but intentionally copying, transferring or retrieval of data from within the organisation and taking it out. It is often referred to as “data theft”.

As the saying goes “data by itself” doesn’t leave the organisation. It is essential that your organisation understand its information assets, who has access to it, where is it moving to and most importantly, do you have visibility of people actions on the data?

Answering these questions will help your organisation to inventory your data and importantly develop the appropriate mitigation strategy, whether it be data-loss, data-leakage or data-exfiltration.

However, a more frightening scenario can occur if an employee livelihood is threatened. People behaviours are no longer the norm.

If people are fighting over toilet paper in the isles of supermarkets, how would they react if they found out that they were fired?

If on social media, people are being informed of a mass lay-off, how would they react to such news?

In this pandemic times, it is highly possible that some individuals might lash out at the organisation, the project, at other individuals, as a result of being aggrieved, and unfairly dealt with.

Question: Would the traditional information security approach of an organisation prevail against a determined employee that wishes to steal corporation information or even sabotage the business as a result of being fired? Very unlikely.

Risks of employee behaviour in times of uncertainty is made much more difficult for everyone. Not only are employees highly stressed and anxious, but those that are in charge of protecting the organisation assets are in the same situation. Their chances of preventing insider incidents successfully from taking place diminish as the threat of Coronavirus spreads.

What Can You Do Moving Forwards?

Effective measures against insider risks as a result of increasing global uncertainty:

  • Enable user activity monitoring so that you understand what actions users might place your organisation at risk.
  • Automatically adjusts access rights and actions that can be taken with your data, based on the real-time risk profile of the user (e.g. are they on the corporate network or in a public location?) to enable users to work anywhere without risking your sensitive data. Technology such as com
  • Employ positive deterrence messages. In these trying times, engender positive employee engagement. Help them to act in the best interest of the organisation.
  • Most importantly, increase your communication to all of your staff with positive messages, support and encouragement. Employees need to feel that they are safe and cared for.

Contact Us

For more information, you can also send them an email at:  sales@nakedinsider.com or give us a call at: +61 26282-5554.