Mitigating cyber-security insider threats.

Did you know that in some industries the biggest cyber-security threats come from inside a breached organization? Sometimes it’s motivated by financial gain and sometimes it’s plain-old ignorance. So how can you protect your organization from insider threats?

#1 Educate

You must teach your team to recognize personally identifiable information (PII) and understand the financial implications of a breach. Each employee needs to grasp the risks associated with violating specific state or federal regulations regarding data privacy and security. For example, when a celebrity is admitted to the hospital, employees may be tempted to sneak a peek at their medical records. As innocent as that may seem, it could result in a hefty HIPAA fine.

#2 Deter

You must put easy-to-understand policies in place to prevent an insider from breaching company data. And those policies must be strictly enforced. In fact, almost every regulatory framework pertaining to data security requires that these policies are published where they can be easily found and that you present them in company-wide meetings. In some case, you may be forced to put a person in charge of holding everyone in the company accountable to following the policies.

#3 Detect

Businesses must have systems in place to identify data breaches and their sources as quickly as possible. You should be able to see any time someone accessed PII. This speeds up the breach response time by revealing when unauthorized personnel viewed something they shouldn’t have. It’s significantly easier to stem the spread of a breach with an effective audit trail in place.

#4 Investigate

When a privacy or security breach is detected, certain actions must be taken to limit the damages. For example, after the cause of a breach has been identified, your team should create new policies and procedures to ensure it can’t happen a second time. In the case of an insider threat, that might mean revoking data access privileges to a department that never actually needed them.

#5 Train

Since IT systems are constantly evolving and easy to accidentally bypass, your employees must undergo regular data security training. A one-day seminar is a great start, but incorporating short, weekly reminders or activities will go a long way toward keeping everything fresh in their minds. Consider using a variety of media, such as emails, break-room posters, and even face-to-face interviews.

Is your company’s data secure from insider threats? Call us today for a quick chat with one of our experts for more information.

Fan of the show?

If you have any questions you'd like to ask or would like to be a guest on the show, use one of the buttons below.

Copy of cover V.21
About

Plans are useless but planning is indispensable and crisis will reveal how you operate.

Join me as I discuss ongoing cybersecurity incidents, trends and best practices to help information security professionals catch threats before they become incidents.

Connect
  • info@amplifiedandintensified.com

  • Contact

  • Spotify

  • Apple Podcast

  • YouTube Channel