With insider threats emerging as one of the biggest risks to corporate data, organizations are recognizing the need for security solutions to manage and secure network access for all employees and prevent data breaches, intentional or not.

Our own report on insider threats estimated over 666,000 Internal Security Breaches occurred in US business during the last 12 months, an average of 2,560 per working day. A report from Clearswift found that 58% of all data security threats come from the extended enterprise (employees, ex-employees and trusted partners).

Some insider incidents come about from accidental behavior; others are doing authorized things for malicious purposes.

Either way the consequences for an organization can be costly. IBM estimates the average cost of an insider attack at $11.45 million. Of course, some incidents have cost large companies more than $1 billion.

Whether we’re dealing with careless or malicious activity, both involve authorized users who have access and rights. To thwart insider threats, organizations are recognizing the need to better manage network access for authorized users and close existing network security gaps.

If you are one of the many IT professionals expecting to implement insider threat programs in the next year, here is a quick overview of best practices.

So, how can IT teams use technology solutions to better prevent insider threats from both malicious and careless activity?

UserLock, an MFA and access management solution, addresses the following security gaps to help mitigate insider threats and protect sensitive information for Windows and Active Directory Infrastructure.

Most malicious data breaches are the result of weak or stolen credentials. Social engineering has been used to describe the various means of conning people to reveal personal information such as passwords.

UserLock stops malicious users, even if they're using valid credentials. For one, UserLock MFA adds an extra layer of security to make sure the right person is using the right credentials. What's more, it also reduces network vulnerability by making it impossible for a rogue user to use a valid password at the same time as their legitimate owner. This is made possible by preventing concurrent logins.

In addition, by restricting user’s individual access to the network by physical location (workstation or device, IP range, department, floor or building) and setting usage/connection time limits, UserLock ensures unauthorized access is no longer a possibility — even when credentials are compromised.

Despite the increase awareness, shared passwords are a real problem. Unfortunately, many people don't understand the risk of sharing passwords at work. Thankfully, there are a few key ways to stop password sharing and bolster password security at your organizations.

With UserLock, the ability to prevent concurrent logins decreases the likelihood of users to share credentials as it impacts their own ability to access the network.

UserLock provides the motivation to adhere to password security policy and help protect the organization’s critical assets.

Specific events need to be associated with specific users for accountability. Organizations need to know exactly who is on the network and what they are doing.

With UserLock’s granular rules and policies to secure network access, accountability and non-repudiation issues are removed.

UserLock automatically identifies each unique user making them responsible for each and every activity.

UserLock empowers IT by monitoring, recording and automatically blocking all suspicious sessions.

What’s more, it can proactively deal with suspicious or disruptive employees to reduce the risk of malicious activity. As soon as any suspicious access event is detected, UserLock can alert the administrator, offering IT the chance to instantly react by remotely locking, logging off or resetting the appropriate session.

In addition to real time session surveillance and monitoring, UserLock records all session logging and locking events in an ODBC database (Access, SQL Server, Oracle, MySQL …) giving IT administrators the ability to support accountability, legal investigations, and internal trends analysis.

If an IT security breach does occur, UserLock will provide accurate, detailed information about who was connected, from which system(s), since what time, for how long, etc.

Employees need to understand what security policies and procedures are, why they exist and what security measures are used on the network. Informed employees are the second line of defense! (logins are the first!)

From CERT best practices, “A consistent, clear message on organizational policies and controls will help reduce the chance that employees will inadvertently commit a crime or lash out at the organization for a perceived injustice.”

UserLock allows an organization to notify all users prior to gaining access to a system with a tailor-made warning message. Messages about legal and contractual implications discourage employees from committing cybercrime or lashing out at the organization for a perceived injustice.