Two major government agencies in charge of cybersecurity have issued a warning about the rising threat of insiders who may cause data breaches or destroy sensitive information, according to a release by the U.S. Department of Homeland Security. The warning released by the DHS along with the Federal Bureau of Investigation noted disgruntled or former employees may be the ones who take action to steal proprietary software or consumer information from their former workplace in order to benefit another company.
The sources of these breaches may be cloud storage services, such as Dropbox, as well as personal email accounts, according to the DHS and FBI. Companies that are aware of this problem may want to look into deactivating former employees' access to corporate systems as the report said terminated employees may still be able to view information held on their IT networks via remote desktop protocol software.
When insiders threaten the security of their past employers' systems, businesses may see increased disruptions and downtime. This may result from website malfunctions, cyberattacks and data breaches. The FBI estimated businesses affected by insider threats may see costs between $5,000 to as much as $3 million.
Lack of Background Checks Endanger Taxpayer Data
Insider threats may be present in agencies that collect sensitive consumer information, including the Internal Revenue Service, according to a release. A report by the the Treasury Inspector General for Tax Administration (TIGTA) said the IRS did not implement certain controls to protect consumer data, including running background checks on government contractors. Workers who had access to sensitive but unclassified (SBU) information did not have background investigations done, which could put this information at risk for being used for fraudulent purposes.
The report highlighted one incident where a contractor was given a compact disk holding 1.4 million taxpayer records, including their names, addresses and Social Security numbers. It was found that the workers hired by the contractor did not undergo background investigations.
In a separate incident, a long-time worker at the IRS was found guilty of identity theft after heading a tax fraud ring, CyberScout reported in June.
Recommendations for Increased Security
TIGTA suggested the IRS conduct background checks before the contractors start work and that the staff is trained on contractor security requirements. Without the right internal controls, taxpayers may be vulnerable for fraud and identity theft due to contractors having access to taxpayer data.
With other threats to consumer security and privacy, the DHS and FBI recommended agencies also change passwords to servers and networks once employees leave and prevent access to cloud storage websites.