Coronavirus and Remote Workers: Consider Increased Risk of Insider Threat Issues

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

The conference I was supposed to speak at next week was just cancelled, as many are and will be, due to coronavirus concerns. The topic was “Insider Threats and How to Mitigate Them.” One of the points I was going to make was that insider threats, both malicious and unintentional, are an ongoing and serious problem for companies. On top of that, now that many companies are “going remote” in response to coronavirus concerns, the risks of insider threats will only mount.

What is an insider threat? There are basically two kinds: 1) a malicious act when an employee, vendor or other individual who has access to company information steals personal information, health information or proprietary information; and 2) an unintentional act, such as a misdirected email, falling for a phishing scheme or wire fraud scheme, sending company data to a personal email account, or losing a USB drive or laptop.

How often do insider threats happen? According to a recent survey, 90 percent of respondents feel they are vulnerable to insider threats, 53 percent have confirmed insider attacks against their organization, and 86 percent already have, or are building, an insider threat program. Additional statistics to consider include the fact that insider threats are caused 56 percent of the time by regular employees, 55 percent by privileged IT users or administrators, and 42 percent by contractors, temporary workers or service providers.

These statistics don’t fully recognize the new reality of remote workers due to coronavirus. Many companies are implementing contingent operations plans, which include allowing employees who do not usually have access to company systems remotely or through a virtual private network, to now have access. This means they will be using their home internet connection, potentially their home computer and printer, and using remote connections. The risks associated with remote connectivity in normal times will be magnified in the new reality, without the benefit of completing a full analysis of the risks and security measures to be put in place, including robust employee education.

At the very least, these new remote workers need to understand the risk they pose to the organization and have a clear understanding of the importance of following company policies and procedures around remote access. Thoroughly training employees before they are given remote access is critical to risk reduction. Implementing increased monitoring on email and document access and disclosure is another thing to consider when allowing additional employees remote access. Control of the systems with more remote workers will be an added risk for information technology teams in companies, and mitigating this risk during the roll-out of a new remote workforce is worth the time and effort.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide