Tips and tricks for catching inside threats
Technology is important in the quest to protect intellectual property and other valuable company information, but equally important--if not more so--are the personnel policies and procedures a company has in place. Minimizing the potential damage that the insider presents depends heavily on psychology, according to a survey by security firm Imperva.
Establishing close relationships with the workforce, setting up cross-disciplinary cooperation and ensuring effective IP habits go further than technology in safeguarding data from insiders, reports Dark Reading. The Imperva survey queried 40 companies that have effectively addressed the insider threat and came away with 30 recommendations.
Companies successful in minimizing the insider threat make it a priority to educate the workforce in business ethics, periodically issuing "moral reminders" that sensitive data belongs to the organization, not the employee. It is also beneficial, according to Imperva's survey, to include within the security team personnel from other disciplines, such as HR and legal. Security pros should communicate with the business units to understand their risks and priorities.
Technology comes into play in monitoring employee access to sensitive data, making sure that employees know they are being watched. Monitoring server logs can alert the security team to any aberrations in employee behavior.
- see article at Dark Reading