Reducing insider threats to data security should be a significant concern for all organizations. Recently, the web site TechRepublic published an excellent article describing 10 tips to reduce the risk of insider security issues (https://www.techrepublic.com/article/10-tips-for-reducing-insider-security-threats/). Here is a brief summary of the ten tips for those of you who missed the article:
- Have a plan in place to respond to IT security issues. Further, know who is part of the response and what their roles are.
- Use temporary accounts for any vendors, contractors or third parties that need access to your IT system and make sure the account are set to expire on the end date of the specific project.
- Conduct frequent audits for unused accounts and disable them.
- Have and follow set procedures for employee terminations. Have them unlock any mobile devices, provide any needed passwords, and suspend/disable their accounts immediately (or simply change the account password if the account is still needed).
- Locate and monitor disgruntled employees. These employees are potential sources of inside-the-network maliciousness.
- Use 2FA, or two factor authentication whenever you can.
- Encrypt sensitive data at rest and in motion.
- Consider using third-party products to assist your organization in securing the network. Network monitoring tools, data loss prevention software, and user activity monitoring software are all good examples of third-party tools that can enhance your security posture.
- Maintain proper perimeter security. Check the firewall!
- Change the mindset from “insurance” to “added benefit to the organization.” Often, the steps mentioned above can lead to increased productivity by locating serious issues before they become serious, thus allowing the organization to function smoothly and without security incidents.
If you have any questions about how to implement any (or all!) of the above concepts, give Peak Forensics a call at 602-354-8950 or visit www.PeakForensics.com.
ABOUT Peak Forensics: Peak Forensics is a full-service Computer Forensics, Electronic Discovery and Consulting firm in Phoenix, Arizona. Peak Forensics provides experienced, professional computer forensics services, client centric electronic discovery and seasoned testimonial and trial consulting services. Peak’s CEO and founder, Jefford Englander, has been actively participating in computer forensics and ESI investigations for 15 years and has a background in local and federal law enforcement and the civil litigation realm. From ESI collection to forensic analysis, hosted review, reporting and expert testimony, Peak can lead you to focused information.