What should an insider risk policy cover?

To protect from liability concerns, enterprises need something in writing so that everyone knows what to do upon finding an insider threat.

Just before the holidays, a company was faced with cutting the pay of their contracted janitors. That didn’t sit well with those employees.

Threat actors saw an opportunity and pounced, convincing the possibly vengeful employees to turn on their employer. According to Verizon’s recent breach report, the threat actors gave any agreeable janitor a USB drive to quietly stick into any networked computer at the company. It was later found, but the damage was done.

What were the responsibilities of any employees who witnessed this act? A thorough insider risk policy would have spelled it out. Here, security experts provide their insights on what makes for a successful insider risk policy.

“With the policies, team and playbook, you will minimize the impact of insider risk. And, although it is important to have a plan to reduce impact of insider threats, you must think prevention first. Have a strong risk management program and continuously monitor your risks to ensure you can prevent insider attacks. The worst time to assess risks and find the right technologies is when dealing with an incident, so create a strong security program that has preventative measures baked in from the start,” said Rinki Sethi, senior director of information security at Palo Alto Networks.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!