Three Tips to Bolster Your Insider Threat Program

By David Touchton and Josh Jost

Throughout the years, security professionals have continued to recognize the importance of insider threat training due to the impact that insiders can have on an organization or nation. Insider threat programs are as important as ever in today’s climate, as many companies incorporate remote work into their daily activities. Remote work brings a new cadre of risks that also bring new challenges. These include the use of personal devices, cloud usage, unsecured storage devices, and public workspaces. Additionally, the Great Resignation has sparked concerns about insider threats as the mass exodus of personnel can lead to data being exposed and not accounted for correctly.

The most impactful thing security professionals can do to mitigate the risks associated with insider threats is continuous training of employees.

“It’s imperative to train employees to be aware of insider threats and how they affect a company and its people,” said Jeremy Good, Vice President and CIO at Carley Cop. “Ensuring employees understand how to recognize insider threats and providing clear instructions for reporting them is essential.”

To ensure employees are trained, there are a few key points security professionals need to address concerning their insider threat programs.

Conduct an insider threat self-assessment. Assessments are the easiest method when gauging a company’s insider threat program. Meet with your insider threat team and discuss current policy and procedures with a critical eye. Review insider threat indicators along with internal reporting requirements. Ask your team, when was the last insider threat? How was it reported? What was the infraction? How did it impact our business? Review company working hours, and who is authorized to work outside regular business hours? No question should be unanswered, and each answer provided should be evaluated to ensure the program is fundamentally sound.

Annual Insider Threat Training. Training methods should always be evaluated and are often the best method toward ensuring employees understand the risks and best practices related to insider threats. Ensure your insider threat training is up to speed on the latest indicators, threats, policies, and procedures; outdated information is a critical weak point in any training program. Ask questions such as, when was the last insider threat training conducted? Have all current staff taken the training? Have security staff collected and addressed all questions?

Conduct end-of-day security checks. It is crucial to conduct end-of-day checks. These can expose issues before they become larger problems. Ensure your staff and security team understand the importance of this and have a straightforward procedure. Failure to maintain this standard is a failure of your insider threat program. Additionally, vary the time and process for random security checks during the day to further prevent the unauthorized removal of information from your facility.

As the world evolves, insider threat training must evolve in conjunction to ensure information remains secure. Stagnation leads to complacency, and complacency leads to insider threats going unnoticed and unreported. Conducting a thorough, detailed assessment and self-inspection, along with communication with staff and management, are critical factors in ensuring you remain diligent in the fight against insider threats.

David Touchton is the founder of FSO Services, and he can be reached at David_t@fso-services.com.

Joshua Jost is a partner at FSO Services. He can be reached at josh_j@fso-services.com.