Reducing Insider Security Risks, Data Loss: 10 Best Practices
Conduct a Comprehensive Risk Analysis
Analyzing potential risks from human errors will better prepare you to act should they occur.
Proactively Address Weaknesses
Educate and train employees about common threats, aggressor tactics and expectations when it comes to following corporate policies and procedures. This must be done in tandem with the deployment of security tools and standard risk management practices designed to help the business mitigate security breaches.
Create Actionable Policies and Procedures
Reform data security policies and procedures by putting them into actionable, simple-to-understand language that your employees are more likely to understand and observe.
Avoid Counterintuitive Policies
Policies that interfere with employees' ability to do their jobs can create a corporate culture that undermines the power of its own written requirements.
Include BYOD Policies
BYOD policies should feature clear direction on tolerable behavior and device uses. Include application whitelists and blacklists.
Further mitigate the risk of human error by publicizing repercussions for employees who violate company policies throughout the organization. Tough love can be effective.
Adapt Education and Awareness Activities
Gone are the days of one-time, daylong training sessions. Continuously remind users of their responsibilities and of the very real consequences for poor choices. Deploy active training measures to keep these concerns top-of-mind.
Evolve Beyond Basic Tools
Passwords, firewalls and "secured" (SSL-encrypted) browser connections are not enough. Enhanced detection, monitoring, response and containment capabilities must exist.
Deploy Mobile-Device Management
Choose MDM software that supports multiple device types, provides remote-wipe capabilities, and includes capabilities that track data and applications.
Create Ironclad Personal Device Agreements
Make it clear to your employees how their devices are being managed and clearly outline privacy rights.