If you’ve been following my writing, you know that I believe one of the biggest security threats a company may face is not from outside sources—it’s from their own employees (or former employees). Many companies think they are prepared to handle an insider threat, but are they?
Here are the 5 things your company should be doing in order to avoid an insider threat:
Conduct Background Checks
Be sure to have a standard screening policy in place that includes what checks should be performed for each position as well as what information you need to gather such as previous employment and criminal background checks. In addition to looking for inconsistencies in information, you should have multiple checks done throughout the employee’s tenure with your company (click here to see why). http://insiderthreatreport.com
Monitor Employee Access to Data
Be stingy with who gets access to your data. Only give employees access to data that they actually need to do their job and require all employees to equip their devices with security tools and encryption. In addition, monitor the online actions of your employees—create a system that will alert you to any suspicious activity.
Prevent Viruses & Have a Backup/Recovery Strategy
Implement a strategy and platform that will help you with early detection of malicious codes and viruses and create a plan to ensure that all critical information is backed up and easy to recover should an IT incident occur.
Train Employees
In addition to making sure all of your employees understand what security policies and procedures exist, they also need to understand why are in place and the consequences that come should an employee choose to ignore the policies. Make security part of every employee-training program.
Have an Employee Exit Plan
As soon as you terminate or demote an employee, disable access to data immediately—even if this means disabling accounts.
So, how did your company do? Let me know if you have any questions on how to more fully develop any of the strategies above.
Security First & Associates.com
www.securityfirstassociates.com
Great suggestions! Let’s not forget the need to apply insider threat protections to your subcontractors, suppliers, and vendors. As we have seen with newsworthy data breaches like Target, vendors pose a significant insider threat too.
This is an excellent blog post and read for the Personnel Security Field. The information is beneficial not only to companies and agencies but to me as anindividual as well.