Intelligent CISO Issue 16 - Page 62

THE RISK YOUR BUSINESS ‘INVITES’ IN MANAGING INSIDER THREAT Are you inviting risk in? The human factor is one of the biggest unavoidable weaknesses in corporate security strategy and the most difficult to manage. Here, Josh Lefkowitz, CEO of Flashpoint, tells us why HR teams need to work alongside insider threat programme teams to avoid inviting risk into the organisation. Josh Lefkowitz, CEO of Flashpoint T oday, corporate security is everyone’s responsibility. Whether you work in procurement, finance, sales, or legal, you need to identify and manage risks – digital and physical – related to your department. Recognising the human factor in security breaches The human resources department is no different and this team faces a specific security risk that is now a major concern for organisations: insider threat. Businesses and their HR teams need to make sure they’re not inviting risk into their ecosystem in the guise of employees who may not be all they seem, or who become a risk during employment. Either way, the impact can be devastating because the employee has privileged access to the company’s systems and data. 1. Before you hand over the keys to the kingdom: Pre-employment screening While IT security departments can deploy a range of technologies to detect and counter threats, there is an important psychological and behavioural Taking references on prospective employees has always been the responsibility of the HR department. These usually focus on competence 62 Security breaches, whether deliberate or unintentional, almost always involve a human element. It could be a mistake by a worker who accidentally clicks a malware link, or a deliberate attempt to steal the organisation’s intellectual property. element that must also be understood and managed. That is why human resources (HR) departments should be fully involved in insider threat programmes (ITPs). There are three key high-risk moments in the employee lifecycle when HR and security teams should work together: Issue 16 | www.intelligentciso.com