Intelligent CISO Issue 9 - Page 68

decrypting myths It is not only vital for businesses to be GDPR compliant but also to have clear and tested procedures in place for when things do go wrong. files and systems. A removing access policy and/or an employee termination policy should be in place in advance. When an employee leaves the business, all access should be quickly removed. Not just to the building but to devices and software. 3. Utilise PoLP to limit access to the essentials, especially for short-term staff When workers only stay in post for a matter of weeks or months a Principle of Least Privilege (PoLP) policy is an absolute essential. This system sees a new arrival start with no privileges and only receive access to systems and files they need to do their job. It may seem a simple principle, but it takes planning because many security systems assign rights in groups rather than to individuals. Businesses should map all job functions and what privileges they need and avoid assigning privileges to guests, members of the public or those who do not need them. 4. Have a plan in place to deal with an insider incident Companies need to be able to initiate security controls as soon as they 68 suspect an employee or employees may be a threat to the business. 5. Be aware of what lack of preparation means This can involve invoking or honing monitoring tools to begin to gather evidence and determining the threat and scale of the incident. Coordination with legal counsel can be initiated early to address privacy, data protection and legal responses. Suspected employees could have their accounts frozen or they could be placed on forced leave or job rotation to allow for a forensic investigation to take place. For those organisations without the appropriate controls in place, the scenario may play out very differently. It can result in increased damage to the business in terms of data stolen and reputation lost. Falsely-accused employees may take legal action against a business, while distrust of the organisation may arise among other employees. Issue 09 | www.intelligentciso.com