Three Things to Improve Security Posture Against Insider Threats

This article is sponsored by Cipher Systems

Government agencies and contractors, as well as corporate entities, are facing increasing security challenges from Insider Threats.  Recent arrests, such as that of Harold Martin, a government contractor for the NSA, and a company employee from Sage, a U.K.-based supplier of accounting and payroll software, serve as reminders of the danger of insider threat and illustrate the need for improved security within all organizations. This is especially true when, according to a recent study, 45% of all organizations feel ill-equipped to deal with the threat of malicious insiders and twice as many (90%) deem malicious insiders a major threat to security.

In an effort to address this complex problem, the U.S. government has issued Executive Order 13587 and NISPOM Change 2 to increase protections against insider threat within government agencies and contracting companies. Government contractors are expected to certify their compliance with NISPOM Change 2 to the Defense Security Service (DSS) by November 30 of this year. Below we have listed 3 key things every organization should be doing right now to deter, detect, and mitigate the risk of insider threats.

1. Emphasize the Importance of Email and Data Security

Organizations must take a holistic approach to addressing insider threats which, at a basic level, includes reminding employees to be mindful of their email and data security habits. Your employees may be unwittingly exposing confidential information in the course of their day-to-day activities. While removable storage devices such as thumb drives are widely recognized as a potential security risk, email and personal devices also pose an ongoing risk. Employees may be in the habit of emailing documents to themselves to review later, temporarily saving files to personal computers, or even charging mobile devices using the USB port on a network-connected computer. All of these seemingly benign actions may open up your network to vulnerabilities that can be easily avoided through proper training.

2. Train Employees to Spot Potential Threats

It’s important to train employees about the risk of insider threats and the potential damage they can inflict upon your organization. Education on how to properly handle data, report suspicious activity, and file complaints through formal channels will help deter insider threats from manifesting and may also assist security officers in identifying current or future threats. Leaders in your organization must set the tone through training sessions, staff meetings and company policies to make it clear to everyone that insider threat is a serious issue and can be extremely damaging to your organization, your clients and, in some cases, national security.

3. Review and Refine Existing Security Protocols

More than 70% of insiders who commit an act of sabotage against their employer hold technical positions within the company. This includes the System Administrators and IT support staff that require access to your network to keep everything up and running. In one recent example, a former Citibank employee was sentenced to serve 21 months in prison and pay a $77,000 fine for shutting down 90% of the firm’s network across North America after a poor performance review with a supervisor. It is essential that organizations put into place security protocols to monitor suspicious activity and efficiently manage or revoke access for employees who may pose a threat. Company executives should review these protocols regularly and adjust course as new threats emerge.

These actions represent only a handful of the steps organizations, particularly government contractors, need to take in order to bolster their defenses against insider threat. With the November 30 deadline fast approaching and the need for comprehensive programs that address insider threat steadily increasing, organizations should get started today raising awareness of these risks and putting common-sense policies into place.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.