Insider Threats Mitigation in G Suite

There are tons of cybersecurity threats waiting out there to break into your organization and compromise the system. Mostly these are black-hat hackers behind such attacks that are motivated by personal gain. Organizations and businesses usually expect such attacks ant try to take preventative measures against them.

But what most organizations’ security team forgets about is not the outsider threats – it is insider threats. The Verizon 2019 report says that in 34% of all cases, all the breaches are caused by insiders.

What is an insider threat? Since insider threat can be so harmful to your organization, we probably need a definition of it first. Insider threat is a threat that comes from within your organization, more specifically, from your own employees. It can be divided into two categories: deliberate (intentional) and accidental (unintentional).

So how can you mitigate insider threats within your organization? Since the main component here is data, we will be talking about primary data security practices. We wrote these pieces of advice mainly for G Suite users, but you can apply them to whatever your data management platform is.

1. Backup your G Suite

All the threats to your data create two risks:
● Data loss. It means losing all the business-critical data that leads to downtown and blocks the working process. For approximately 90% of companies, such downtime means money loss.
● Data leak. It means your valuable business or personal data are stolen by third parties and can be used to extort money from you, sell it to someone, or compromise you in some way.

Backup is the basis for preventing the first risk. Actually, backup is your only way to stay safe from data loss.

Sometimes though, in small companies especially, people usually not aware of good backup practices and requirements for good backup service. The most common mistake is to confuse cloud storage like Google Drive with cloud backup, which is not the same thing.

To keep your business data as safe as possible from data losses due to insider threats and other risks, you should follow 3-2-1 backup rule: make three copies of your data, store them on two forms of media, and have one copy offsite.

Backup Gmail account and other G Suite services according to this rule using professional backup service, and you will be safe from data losses due to employees’ negligence.

2. Use advanced phishing and malware protection in G Suite.

G Suite obviously has a bunch of security settings that, if set up properly, will raise your G Suite data security. One of the obvious step to take in this direction is advanced phishing and malware protection. This protection helps you filter spam, phishing emails, attachment, links, and external images, spoofing.

These security settings will provide your data with the strongest level of protection for a domain or organizational unit. You can make custom settings by turning on only those options you need. Unchecking all options turns off all advanced security settings for the domain or organizational unit.

To find out more about G Suite security, check out the article How secure is G Suite.

3. Rigorously monitor and audit users’ actions.

As we’ve said, there are threats accidental and malicious. Even in the first case, you need to monitor users’ actions to make sure that they don’t mess up. But it is especially important when you deal with intentional insider attacks. If an employee systematically shares insider information with third parties and downloads vast amounts of data, we can say that this harm is deliberate and needs to be dealt with.

To deflect an insider attack, your IT security team must keep track of the following within users’ G Suite account:

1. What they upload and download;
2. What they share and with whom (within or outside of the company domain);
3. What apps are connected to their accounts and what permissions are granted to these apps;
4. Check privileged accounts more regardfully;
5. Monitor accounts for logins from unusual locations and multiple failed attempts to log in (it is a signal of an attempt to hijack the account)

There are AI-based cloud monitoring services for G Suite like SpinOne that help you to keep track of all those things on one simple board. You can set up security policies and see and manage all the information we mentioned, and even more.

4. Train Your Employees

Since around 51% of all insider attacks are performed by pure accident, you need to train your employees to decrease this number. The reason behind most of the accidents and negligent behavior is the lack of information about the tricks cybercriminals use and the consequences for the company and employees themselves.

Your employees must know the causal relationship, the risks, the probability of data breach due to a weak password, lack of multi-factor authentication, click on the link in a phishing email, etc. They also should know how the consequences of the data breach will affect the company and them in particular. The downtime will lead to client losses, the client losses will lead to money losses, and those will lead to salary cuts or even job losses. Knowing all that, your employees will be much more cautious when dealing with data.

You can buy such training or prepare it yourself with the help of your IT security department. This training should be mandatory for all newbies and oldies alike.

If you want to control insider threats, you must always comply with the rules above, add more individual policies to your organization.