Blog Layout

Mitigating cybersecurity insider threats

Detangle IT • Jan 01, 2020
Mitigating cybersecurity insider threats

Did you know that in some industries the biggest cybersecurity threats come from inside a breached organization? Sometimes it's motivated by financial gain and sometimes it's plain-old ignorance. So how can you protect your organization from insider threats?

#1 Educate

You must teach your team to recognize personally identifiable information (PII) and understand the financial implications of a breach. Each employee needs to grasp the risks associated with violating specific state or federal regulations regarding data privacy and security. For example, when a celebrity is admitted to the hospital, employees may be tempted to sneak a peek at their medical records. As innocent as that may seem, it could result in a hefty HIPAA fine.

#2 Deter

You must put easy-to-understand policies in place to prevent an insider from breaching company data. And those policies must be strictly enforced. In fact, almost every regulatory framework pertaining to data security requires that these policies are published where they can be easily found and that you present them in company-wide meetings. In some case, you may be forced to put a person in charge of holding everyone in the company accountable to following the policies.

#3 Detect

Businesses must have systems in place to identify data breaches and their sources as quickly as possible. You should be able to see any time someone accessed PII. This speeds up the breach response time by revealing when unauthorized personnel viewed something they shouldn't have. It's significantly easier to stem the spread of a breach with an effective audit trail in place.

#4 Investigate

When a privacy or security breach is detected, certain actions must be taken to limit the damages. For example, after the cause of a breach has been identified, your team should create new policies and procedures to ensure it can't happen a second time. In the case of an insider threat, that might mean revoking data access privileges to a department that never actually needed them.

#5 Train

Since IT systems are constantly evolving and easy to accidentally bypass, your employees must undergo regular data security training. A one-day seminar is a great start, but incorporating short, weekly reminders or activities will go a long way toward keeping everything fresh in their minds. Consider using a variety of media, such as emails, break-room posters, and even face-to-face interviews.

Is your company's data secure from insider threats? Call us today for a quick chat with one of our experts for more information.

Fileless malware: The invisible threat

By Detangle IT 20 Jul, 2020
Scanning the files you download is not enough to detect malware these days. Hackers have found a clever way to get around antivirus and anti-malware software by using fileless malware. Since this malware is not as visible as traditional malware, it can infect your entire infrastructure without you even knowing. Let’s take a closer look […]

How to tell if your Mac is compromised

By Detangle IT 15 Jul, 2020
Viruses and malware creators are out to attack anyone and everyone, including Mac users. Despite Apple’s robust macOS that makes it difficult to attack Macs, cybercriminals are finding ways to identify and exploit vulnerabilities. Read on to find out which threats you should protect your Mac against, as well as signs that your computer has […]

Top tips for making your website look awesome

By Detangle IT 03 Jul, 2020
Like people, websites also need to be dressed for success. Here’s how you can make yours look impressive and have visitors eager to do business with you. Make a statement with professional photographs Before site visitors read what’s on your website, they assess it by checking out your images. A picture is indeed worth a […]
SHOW MORE
Share by: