As organizations across Canada and the globe institute remote work policies to address public health risks, the technology that permits employees to carry on business will be critical. During this time, information technology departments may face increased demand for access to systems and files that allow the business to continue operating smoothly, as well as assistance for employees adjusting to a fully digital workday. While this demand raises operational considerations for organizations of all sizes, data security and incident preparedness should not be overlooked.
Two key data security issues should be considered alongside an organization’s business continuity and pandemic planning: incident prevention and incident response. In particular, these issues should be considered in the context of malicious insider threats to personal and confidential information.
Detecting malicious insiders during pandemic operations
Data breaches resulting from malicious insiders (current or former employees, vendors, business partners) who have exceeded or misused their access to an organization’s network or data in a manner that affects the confidentiality, integrity or availability of an organization’s information are an ongoing and growing area of risk for organizations1. This risk is enhanced when insiders with significant access to confidential or personal information are encouraged or required to work remotely, without traditional supervision or communication channels.
Malicious insiders can go undetected for long periods of time, which can compound the scale and severity of the incident and harm to the organization and its customers. Malicious insiders can be difficult to detect if: a) their misuse of company data develops gradually; b) if their access to information appears relevant to their roles; and c) because they can be motivated by significantly different factors (e.g., self-interest, profit, activism, sudden personal challenges and blackmail.) When a company is operating under new conditions—such as remote work and altered schedules—it will be even harder to detect unusual data use activities.
Because insiders have an institutional understanding of what and where the “crown jewels” or confidential sensitive customer information is stored, they can inflict significant financial and reputational damage to an organization. Once detected, such malicious insider-rooted breaches can also have a long-term impact on the business, including by diverting internal resources, affecting employee morale, compromising customer trust in the organization, and triggering litigation and regulatory investigations. All of these consequences will have even more severe effects on a company during a pandemic, when resources have already been diverted to ensuring business continuity.