Best Practices to Avoid Insider Threat
All companies must use the best practices to avoid insider threat from taking place and know how to avoid situations involving accidental or a malicious rogue employee or contractor. According to Verizon’s 2015 Data Breach Investigations Report, 50% of all security events are caused by a company's own employees.
Here are Seven Best Practices to Avoid Insider Threat
1. Employee vetting - All staff must have background checks. It’s wise to also require any third party vendors do the same with their staff.
2. Training and education – Implement IT security training for all staff to educate them on the importance of strong passwords, phishing attempts and other cyber threats.
3. Take off-boarding seriously – Deactivate all passwords immediately for any employee leaving the company.
4. Have a clear BYOD policy - In this document, clearly spell out what company files employees can download or email to their mobile devices. Consider monitoring and encrypting all employee personal devices that access the company network or email.
5. Have a strict ‘Uploading & Downloading’ policy – Nothing should be installed (applications) or plugged into the network (USB drives) without first being checked by your IT department.
6. Thoroughly vet the IT security practices of all third-party contractors – Evaluate and monitor passwords used by your service providers. Upon cancellation of their service, their passwords and access should be immediately revoked.
7. Don’t allow personal file sharing services for confidential information – Services like DropBox, Google Drive, and OneNote should not be used for any passwords or sensitive information. Upon termination of any employee, passwords should be retrieved and reset. A recent survey discovered that 88% of employees retain access to file sharing services they used at their old job, and 60% of employees who had a personal cloud login were not asked for their password when they left their companies.
Business Information Solutions, Inc. (BIS) offers proactive IT support, security and managed services along the Gulf Coast. Our network security services include thoroughly monitoring your network 24/7 including desktop, email and mobile device protection through our BIS Firewall Security Management and anti-virus and spyware solutions. All along the Gulf Coast, our goal is to grow your business as your technology partner, reducing the risks of a rogue employee from the first day of their departure.