Insider Threats – How Employees and Vendors Put Your Data at Risk

Share This TechTip

What are insider threats?

Insider threats refer to risks posed by individuals within an organization who have access to sensitive information and systems. There are generally three categories of insider threats:

  • Malicious insiders: These are trusted employees, contractors, or business partners who intentionally misuse their access privileges for harmful purposes. Examples include stealing confidential data to sell it for profit, destroying data and systems, or sabotaging operations.
  • Accidental insiders: These are well-meaning insiders who unintentionally expose sensitive information or enable system access due to errors or negligence. Examples include emailing sensitive files to the wrong recipient, improperly securing credentials, or mishandling data storage procedures.
  • Compromised credentials: These occur when an insider’s login credentials are stolen or compromised by external threat actors through phishing, hacking, or social engineering. The credentials enable unauthorized access to sensitive systems as if they were the valid account holder.

Some examples of damaging insider threat incidents include:

  • A bank employee accessing customer account data and selling it to criminal groups.
  • A healthcare worker accidentally emailing hundreds of patient records to the wrong email distribution list.
  • A salesperson’s corporate password being compromised in a data breach, allowing hackers to infiltrate databases.

Insider threats are especially concerning because their authorized access to sensitive systems and data creates opportunities for significant abuse and damage. As threats, malicious insiders are difficult to detect since their activity appears legitimate.

Why Insider Threats are a Risk for Insurance Agencies

Insurance agencies handle incredibly sensitive information that makes them vulnerable to insider threats. This includes:

  • Sensitive customer data: Insurance agents have access to private information about their clients such as social security numbers, driver’s license details, medical history, and financial information. This data can be used for identity theft and fraud if accessed by a malicious insider.
  • Financial information: Insurance agencies maintain bank account details, credit card numbers, checking account numbers, and claim payment info. Theft or exposure of this financial data can lead to substantial losses for both the agency and clients.
  • Proprietary business information: Insurance agencies rely on proprietary methods for pricing risk, negotiating claims, and underwriting policies. If these confidential strategies get into a competitor’s hands, it undermines the agency’s competitive positioning and operations.

Trusted insiders like employees, contractors, or vendors with access to these kinds of sensitive data can deliberately or accidentally expose it, leading to theft of customer identities, financial fraud, data breaches, regulatory fines, and loss of proprietary business practices. That’s why managing insider threats is a critical cybersecurity challenge for insurance firms.

Real-world examples of insider threats in insurance

Insurance agencies face real risks from insider threats. While cases may go unpublicized, anecdotal evidence indicates that employees and vendors with inside access have compromised sensitive systems and data. Some publicized examples include:

  • A former insurance agent was arrested in 2018 for allegedly stealing over 20,000 customer records containing personal information. The agent reportedly sold the records to scam callers who used the data to target victims. This case highlighted the need for limiting data access and monitoring suspicious activity.
  • An insurance company employee allegedly used their access to view private motor vehicle records of acquaintances, celebrities, and romantic interests. Though no data was stolen, this inappropriate insider access breached customer privacy. The company responded by strengthening access controls and auditing.
  • A database administrator for an insurance firm improperly accessed personal information on 10,000 customers. According to authorities, the former employee used the data for identity theft and financial fraud before the unauthorized access was detected. This emphasized the need for access logging, behavioral analysis, and prompt incident response.

While specific details may be sparse, insider compromise of insurance data is an unfortunate reality. Strengthening insider threat programs is essential to protect client information and institutional reputation. Real cases, even when not made public, should inform risk analysis and policy.

Best practices to mitigate insider threats

Insurance agencies can take several steps to help prevent and detect insider threats:

  • Least privilege access: Only provide employees and vendors access to the systems and data they need to do their jobs. Don’t allow widespread access to sensitive information. Set up role-based access controls.
  • Monitoring and auditing: Watch for suspicious activity by monitoring user behavior and auditing access. Look for things like unusual login locations or times, unauthorized access attempts, or downloading of sensitive data. Use security information and event management (SIEM) tools.
  • Employee training: Train employees on security policies and procedures. Educate them on social engineering risks and how to spot suspicious emails or requests. Make sure they understand handling sensitive data properly.
  • Vendor risk management: Vet third party vendors carefully. Limit their access to only what’s required. Monitor their activities. Have them agree to security standards in contracts.
  • Background checks: Conduct thorough background checks on candidates before hiring them for sensitive roles. Look for potential red flags.
  • Separation of duties: Divide duties across multiple users so no one person has too much control or access that could lead to fraud.
  • Limit privileged accounts: Only give admin or elevated access rights to those who truly require them to do their jobs. Disable unused privileged accounts promptly.
  • Psychological screening: For highly sensitive roles, consider doing psychological screening to identify potential malicious insiders during hiring process.
  • Encryption: Encrypt sensitive data at rest and in motion to minimize impact if stolen.

With strong insider threat measures in place, insurance agencies can greatly reduce risks from malicious or compromised insiders. But a layered security approach is essential.

Implementing an Insider Threat Program

An effective insider threat program requires involvement across departments and levels of the organization. Key elements include:

Building a Cross-Functional Team
Assemble a team with representatives from IT, security, HR, legal, risk management, and other relevant groups. Ensure executive sponsorship and support. The team should meet regularly to develop, implement, and monitor the insider threat program.

Conducting Risk Assessments
Conduct risk assessments to identify areas most vulnerable to insider threats based on data access, trusted relationships, disgruntled employees, and other risk factors. Assess both physical and digital risks.

Developing Policies and Procedures
Create formal policies and procedures for managing insider threats. Address appropriate data access, handling sensitive information, reporting obligations, and other relevant practices. Include disciplinary measures for policy violations.

Implementing Technical Controls
Leverage technical controls to prevent, detect, and respond to potential insider threats. Solutions include access controls, activity monitoring, DLP, heightened authentication, and network segmentation.

Training and Awareness
Educate all employees on insider threats through training, awareness campaigns, and ongoing communications. Ensure everyone understands their role in protecting sensitive data and reporting suspicious activity.

A comprehensive insider threat program requires commitment across the organization to policies, procedures, technical measures, and education. By taking a proactive approach, agencies can greatly reduce their exposure to risks from trusted insiders.

Be proactive and avoid insider threats. Start with educating your team on cybersecurity.

More TechTips To Explore

Cybersecurity

Pitfalls to Avoid in Your Cyber Journey

Many businesses are sitting down right now to finalize budgets and lay out their plans and goals for the new year. For those focused on creating a more formal cybersecurity approach to address cyber risk, Ryan Smith shares a few tips to help you through the process.

Read More »

Unleash Your Agency's Potential

Check out our Platinum & Premium Solution Providers.

Forgot Password?

Forgot Password?

Sign up for your free 30-day free trial!

 

Let's do this

Together

We’re thrilled to invite you into Catalyit. Fill out the form to get your free, limited access – your community awaits!

Already a Basic or Full Access Subscriber?

ALERT!

Vault videos are only visible to Full Access subscribers!

Sign in or upgrade now to unlock all Catalyit content and watch this webinar on-demand.

ALERT!

This content is only visible to Catalyit Full Access subscribers!

Sign in or upgrade now to unlock all Catalyit content.

ALERT!

This content is only visible to Catalyit subscribers!

Sign in, get started free, or upgrade now to unlock all Catalyit content.

ALERT!

Vault videos are only visible to Full Access subscribers!

Upgrade now to unlock all Catalyit content and watch this webinar on-demand.

Let's do this

 

Let's do this

Fill out the form below to get free Basic Access to Catalyit and activate your Trava account.

 

ALERT!

Solution Provider Profiles are only visible to Full Access subscribers!

Upgrade now to unlock all Catalyit content and learn more about this Solution Provider.