What should an insider risk policy cover?

To protect from liability concerns, enterprises need something in writing so that everyone knows what to do upon finding an insider threat.

07 insider
Thinkstock

Just before the holidays, a company was faced with cutting the pay of their contracted janitors. That didn’t sit well with those employees.

Threat actors saw an opportunity and pounced, convincing the possibly vengeful employees to turn on their employer. According to Verizon’s recent breach report, the threat actors gave any agreeable janitor a USB drive to quietly stick into any networked computer at the company. It was later found, but the damage was done.

What were the responsibilities of any employees who witnessed this act? A thorough insider risk policy would have spelled it out. Here, security experts provide their insights on what makes for a successful insider risk policy.

“With the policies, team and playbook, you will minimize the impact of insider risk. And, although it is important to have a plan to reduce impact of insider threats, you must think prevention first. Have a strong risk management program and continuously monitor your risks to ensure you can prevent insider attacks. The worst time to assess risks and find the right technologies is when dealing with an incident, so create a strong security program that has preventative measures baked in from the start,” said Rinki Sethi, senior director of information security at Palo Alto Networks.

However, if you’re faced with a situation where something has already happened, and you need to investigate the suspicious behavior, use your policies and playbooks and be sure to make detailed notes including date and time stamps of the findings, Sethi said. “This information will be useful to paint a complete picture of the events and will allow you to continuously improve your risk posture and insider risk program.”

To continue reading this article register now

The 10 most powerful cybersecurity companies