Protecting Against Insider Threats to Your Organization

How do you guard against employee theft of data without creating an environment of suspicion? By developing and administering an internal security policy, you can keep internal security at a professional level. Here are a few highlights in beginning to consider a plan:

  • Understanding Your Data
  • Monitoring Network Activity
  • Utilizing Data Protection Tools for Various Devices
  • Implementing a Departure Process

Understanding Your Data – Not all data is equal. It is essential to understand and rank your data based on corresponding levels of security. By establishing a system of ranking, you can control access to specific data based on position. You can also monitor access to data on the network.

Monitoring Network Activity – Stuart Meyers in his post on “Exposing Insider Threats” recommends monitoring access to data files and specifically to high value data. If you notice an unusual pattern of access to specific data sources on the network, it could be a flag to potential questionable internal activity.

Utilizing Data Protection Tools for Various Devices – It is important to use a software-based encryption container on all devices that can leave the building (smartphone, laptop, etc). Whether the employee uses a company-owned devices or a personal device, the company must be able to implement a robust package of security features such as “password, remote wipe, policy enforcement, and encryption—or they supported a software-based encryption.”[1]

Implementing a Departure Process – It is essential to have a set of departure protocols when an employee leaves the company that involves supervised collection of personal employee data off of company-owned devices as well as wiping any company data on an employee device.

These are just a few highlights for thinking more deeply about an internal security plan. The experts at Integracon can help your business develop a robust internal and external security plan, involving combination of software, hardware and policy solutions.

[1] Best Practices for Enabling Employee-owned Smart Phones in the Enterprise. Intel IT Best Practices White Paper, December 2011