Protecting The Crown Jewels From Insider Risk for SME’s

Protect Your Critical Assets From Insider Threa

Every time an employee leaves your business, it places your Intellectual Property (IP) and Critical Data at risk.

Intellectual Property refers to your patents, trade secrets, copyright, trademarks and new concepts or ideas. Whereas, Critical Data applies to any function that attributes to the running of your business, including; business plans, sales/customer information (impacted by GDPR), rate plans, financial data such as; revenue, profits, stock price.

This post will focus on the importance of protecting  Personally identifiable information (PII) that is often listed in customer databases and stolen by departing employees. With new GDPR laws, companies have to report breached data to the supervisory authority within 72 hours. And if the security breach is likely to result in a high privacy risk for an individual, the individual will also need to be informed of the breach.

Thus, there has never been a more critical time to protect your data walking out of the door by your departing staff member or disgruntled employee, a failure to protect will result in untold financial and brand damage that may be difficult to recover from.

Here are some tips on what your business needs to consider.

At the outset of your business’s relationship with a staff member, it is important to have the minimum in place:

Your Culture:

Your Legal Agreement:

Your Technical Ability:

  • Implement monitoring tools that track the movement of critical data such as; files emailed to personal email accounts, excessive printing of confidential documents, copying of files containing strings such as bank codes, dates of birth.
  • Encrypt critical files to ensure authorised access only, with the ability to remotely remove access rights should an employee leave or exhibit disturbing behaviour.
  • Monitor compromised emails and passcodes that have been exposed to the dark web.
  • Implement an exit policy to close old accounts, remove access levels and close down redundant web pages.

Your HR Processes:

  • Include a detailed confidentiality clause in employment contracts and ensure staff members understand their obligations before signing the agreement.
  • Implement a data security onboarding process that covers the use and restrictions of managing data and staff members obligations to security.
  • Manage poor performance, weak leadership and disgruntled staff members as revenge, greed and bitterness are the main factors that motivate people to commit theft and destroy data.
  • Apply a process that manages high-risk staff members, including changing access levels due to changes in job role and restricting access levels for departing employees.
  • Implement exit interviews to continuously improve the way you manage departing staff members for continuous improvements in security.
  • When a staff member is terminated, redundant or resigns, instrument a process that ensures critical data is returned back to the company.

Should a data breach occur?

This is not a holistic list, however, for a small to medium business who have limited access to security experts, it highlights some of the basic security processes that will help protect your critical data.

Harrman Cyber operates with a conglomerate of data and security experts who provide cost-effective advice, solutions and outsourced expertise to help small to medium business protect their critical assets from a data breach.

Tanya Harris, CEO, Harrman Cyber and Cyber Security for SME’s

Follow Tanya on Twitter  

Connect with Tanya on Linkedin 

Tanya Harris CEO, Speaking Events

ISACA OCEANIA CACS 2019

Wednesday September 11 through to Friday September 13, 2019 

​In September 2019, ISACA invite you to join them along with delegates from around the world at the SkyCity Events Centre in Auckland, New Zealand, for an engaging and informative programme of world class speakers, panels and entertainment. They will also have the privilege of celebrating an exciting milestone: ISACA’s 50th anniversary!

In honour of ISACA’s 50th, the conference will focus on the areas that have brought ISACA and the profession success thus far and will continue to lead them into a strong and prosperous future. Talking about what they call the BA*SI*CS: Business Acumen, Strategic Innovation, and Cyber Security.

InfoSecurity ISACA

Infosecurity ISACA North America Expo and Conference will debut in New York City’s Javits Convention Center from 20th to 21st November 2019.

Across workshop, conference programs and exhibition, the first-time 2019 event is expected to draw more than 2,000 attendees and more than 120 exhibitors. Professionals can gain a range of CPE for attending the conference and associated events.

THE SABSA APAC CONGRESS

COSAC is delighted to announce that the third annual SABSA APAC Congress will be integrated into COSAC 2019 in Melbourne, from Tuesday December 3 through Thursday December 5 2019.

COSAC is honoured to host this opportunity for SABSA Architects and the thousands of users world-wide to come together within the long-standing COSAC spirit and ethos of real value, unrivalled quality of presentations and workshops, and true professional fellowship.

SABSA is the world’s most successful free-use and open-source security architecture framework and methodology. It is the leading best practice method for delivering cohesive information security, assurance and architecture solutions to enterprises. The SABSA framework ensures that the security needs of your organisation are met completely and are designed, delivered and supported as an integral part of your IT management infrastructure.

Past Events: Topic Women talk IT: Women in Security

Tanya discussed common data breaches and the link to insider threat, more importantly, how the insider threat can take on several different forms, and how the attack is usually initiated from within your network versus outside. In the past security has focused on solutions such as firewalls, antivirus and IDS/IPS. It is becoming increasingly important to recognise that technology alone cannot prevent insider threats, as technologies that stop one type of insider attack may not necessarily be effective against others. IT needs support from other divisions in order to effectively tackle this growing problem. When a company takes a multi-faceted approach to cybersecurity, by providing a comprehensive range of solutions such as access control, encryption technologies, employee engagement and training, they significantly increase their defences against insider attacks.

Past Event: AISA Sydney May 2017. Topic: Challenges how we look at Cyber Security.

Tanya discussed growing trends, changes to legislation, including ASIC’s focus on Board Members’ responsibility to Cyber Security, Europe’s new GDPR laws, and why insider threat needs to be at the core of protecting data.