IS INSIDER THREAT A REAL RISK?
Unless you are the sole employee of a cash only business with zero electronic communication or data storage, you need to understand and have a plan for insider threats that can negatively impact your business’s reputation and bottom line from malicious or unintentional mishaps that come from the inside of your organization. Technical insiders, team members with privileges who manage data and devices, can take down a company in no time, and their tech savvy can make it hard to discover the problems until it’s too late. Annually, insider threats cost companies upwards of $25 million dollars*.
INSIDER THREAT RISK MANAGEMENT STRATEGY: PERSONAL DEVICE VULNERABILITY
Working with experts to create a strategic Insider Threat strategy will help ensure that your company stays safe. This can include policies and procedures that minimize potential risks across your information technology landscape. A good Insider Threat Management program will consider all devices in the company, from mobile phones to database servers, as any of these devices can be used to commit fraud, intellectual property theft, access private data, and sabotage systems.
Many business leaders work to protect the company’s devices, but they fail to consider how vulnerable they are through the devices their employees bring from home.
THE TOP TEN MOST VULNERABLE DEVICES in Insider Threat Occurrences according to Carnegie Mellon’s Software Engineering Institute are:
- Database Servers
- Company Desktops
- File Servers
- Personal Computers Used for Work
- Web Servers
- Company Laptops
- Personal Mobile Devices
- Company Mobile Devices
➔ TIPS FROM TMPC
- Have clear BYOD (Bring Your Own Device) Policies in place that outline appropriate use of personal devices for work. Your policies should also allow for potential forensic examination of those devices should an insider threat incident occur.
- Also, it’s always a good idea to have preventative policies in place that decrease the chance of insider threat malfeasance, such as two-person rules that require more than one stakeholder to make any database modifications, for example.
➔ SECURE AN INSIDER THREAT STRATEGY
For more information, visit our site where you can find out more about proper Insider Threat Risk Management and get in touch with our experts:
- Internal Threat Management for Business Clients.
- Internal Threat Management for Government Clients.
Be safe out there.