Intelligent CISO Issue 10 - Page 42

E R T N P X E INIO OP employer can quickly learn about such situations and take actions to counter them correctly. The risk officer of a retail service company detected that a sales manager expressed dissatisfaction with the tasks and working conditions in conversations with his colleagues. The employee even talked about leaving the company for competitors. An investigation was launched to prevent data leakage because the employee had access to client databases and confidential documents. It turned out that the employee was an experienced and diligent worker but hadn’t had a salary rise for two years. The head of sales talked to the employee and solved the problem – the salary was raised and the scope of tasks was amended. This situation could be solved with the help of data encryption and access rights control. However, if a company wants to save valuable employees and return them to their workplace with a more positive outlook, it needs to perform employee loyalty monitoring. Profiting from corporate resources Unfortunately, the use of corporate resources for personal benefit is a common thing. An employee might get access to confidential data but an 42 abnormal event detection system will minimise negative impact. One of our clients had a high- profile incident. The information security department of a development company found out that one of the employees installed Photoshop on his PC, which wasn’t a necessary software to perform duties. The system also raised an alert about the constant copying of commercial offers. An internal investigation revealed that the sums of money in these documents were falsified: changed to bigger ones. Thanks to abnormal events monitoring, the company was able to detect the fraud scheme. Internal corporate risks prevention Understanding the influence of the human factor on a company’s processes is already half the work done, but to make a success you have to ensure an integrated approach to risk management. And to perform this you need to answer the following questions: Who is in charge of risk management in your company? One aspect of the risk management landscape is the responsibility of organisations and their employees. In A company has to implement a solution that includes the features of EMS and DLP with modern forensic technology and a wide range of reports. Issue 10 | www.intelligentciso.com