THE RISK YOUR
BUSINESS
‘INVITES’
IN
MANAGING INSIDER THREAT
Are you inviting risk in? The human factor is
one of the biggest unavoidable weaknesses
in corporate security strategy and the most
difficult to manage. Here, Josh Lefkowitz, CEO
of Flashpoint, tells us why HR teams need to
work alongside insider threat programme teams
to avoid inviting risk into the organisation.
Josh Lefkowitz, CEO of Flashpoint
T
oday, corporate
security is
everyone’s
responsibility.
Whether you work
in procurement,
finance, sales, or
legal, you need to identify and manage
risks – digital and physical – related to
your department. Recognising the human factor in
security breaches The human resources department
is no different and this team faces a
specific security risk that is now a major
concern for organisations: insider threat.
Businesses and their HR teams need to
make sure they’re not inviting risk into
their ecosystem in the guise of employees
who may not be all they seem, or who
become a risk during employment. Either way, the impact can be
devastating because the employee has
privileged access to the company’s
systems and data. 1. Before you hand over the
keys to the kingdom:
Pre-employment screening
While IT security departments can
deploy a range of technologies to
detect and counter threats, there is an
important psychological and behavioural Taking references on prospective
employees has always been the
responsibility of the HR department.
These usually focus on competence
62
Security breaches, whether
deliberate or unintentional, almost
always involve a human element. It
could be a mistake by a worker who
accidentally clicks a malware link,
or a deliberate attempt to steal the
organisation’s intellectual property.
element that must also be understood
and managed.
That is why human resources (HR)
departments should be fully involved in
insider threat programmes (ITPs).
There are three key high-risk moments
in the employee lifecycle when HR and
security teams should work together:
Issue 16
|
www.intelligentciso.com