Business Continuity NewsBriefs - February 28, 2018
These NewsBriefs are produced and delivered weekly by Attainium to keep our friends and clients current on topics relating to Business Continuity, Disaster Recovery and Crisis Management.
 

Business Continuity Threats - From the Inside

February 28, 2018 - Yes, some internal threats are intentional, but most are unintentional, which makes them difficult to guard against. Estimates indicate that more than 50% of businesses have been victimized by insider attacks. Don't let yours be one of them... take a look -- this issue deals with this growing threat.


QUOTE OF THE WEEK
"The threats that pose the greatest risk to companies come from insiders, who are far more likely to access sensitive information without evidence of intrusion." 
-- Drew Farnsworth, Green Lane Design --


1. Managing Insider Threat

The financial, reputational and regulatory impact of having an organization's critical assets stolen or damaged can be catastrophic. Anyone with trusted access can exploit the vulnerabilities that protect critical assets, causing millions of dollars of damage. In order to mitigate this risk, organizations should establish a program to protect their critical assets from insider threats.
http://www.ey.com/Publication/vwLUAssets/EY-managing-insider-threat-a-holistic-approach-to-dealing-with-risk-from-within/$FILE/EY-managing-insider-threat.pdf


2. Mitigating Insider Threats: Seven Steps to Keeping Your Company Safe

Mitigating insider threats isn't just about thwarting the malicious action of a disgruntled employee; a careless insider can also cause catastrophic damage. If you are not already doing so, you need to train employees in your policies and best practices. Employees that have been conditioned to remain vigilant -- keeping security in mind during all activities -- are far less likely to pose an insider threat. This method of mitigating insider threats is just one of the ways to protect your business.
https://www.mha-it.com/2017/06/mitigating-insider-threats/


3. Building an insider threat program from the inside-out, not outside-in

As 2018 begins, you may be looking at your budget, deciding what to cut and what to invest in regarding insider threat mitigation. Some of you may already have a program in place, while others are starting from scratch. Either way, an insider threat program should begin and end with two questions -- What do we care about most? How is it being protected?
https://www.csoonline.com/article/3245605/data-protection/building-an-insider-threat-program-from-the-inside-out-not-outside-in.html


4. Seven Questions Board Members Should Ask About Insider Threat Risk

Insider threats are the unwelcomed gift that keeps on giving. A recent report by the analyst firm Forrester revealed that insiders are responsible for more than half of companies' data breaches. Companies today more so than ever before need insider threat programs, which involve a combination of people, processes and technologies. So where does the board fit in?
https://www.conference-board.org/blog/postdetail.cfm?post=6710&blogid=8


5. The Insider Threat to Business: A Personnel Security Handbook

Personnel security is a security framework or a set of measures to manage the risk of an employee exploiting their legitimate access to an organization's facilities, assets, systems, or people for illicit gain, or to cause harm. Implementing a personnel security framework will help you build an understanding of any insider threats facing your business and give you the tools to manage any associated risks. It will also allow you to place a level of trust in your employees so that you can confidently give them access to your business.
https://www.organisationalresilience.gov.au/resources/Documents/the-insider-threat-to-business.pdf


6. Building Insider Threat Awareness into Security Awareness

It's important to create a culture of confidentiality and personal responsibility for security, and educating employees about the reasons why. It's not just so-called privileged, or important, staff that can be an insider threat. Consider the "lowly" receptionist, privy to private phone calls and confidential documents; are they aware that loose lips sink ships?
https://blog.preempt.com/building-insider-threat-awareness-into-security-awareness-part-2


Copyright (C) 2018 Attainium Corp - All rights reserved.