Protection against insider risks works when the process involves controlling the data transfer channels or examining data sources.
One approach involves preventing USB flash drives from being copied or sending them over email. The second one concerns preventing leakage or fraud in which an insider accesses files or databases with harmful intentions.
What’s the best way to protect your data?
It seems obvious that prevention is the best way to solve any problem. In most cases, DCAP (data-centric audit and protection) and DAM (database activity monitoring) is sufficient. Both serve the purpose of protecting data at rest.
The following example illustrates the approach we found in the Russian legal system.
An employee of the Federal Migration Service in one of the Russian regions was approached by his friend, who asked him to hide information about two offenses in his file in the migrant database. The employee knew that this could be done remotely, accessed the database from home, and blocked the necessary data. For doing this, he received a reward of a mere $100.
In order to prevent this incident from happening, it was enough for the manager to observe the employee accessing the…