Reducing Insider Security Risks, Data Loss: 10 Best Practices

 
 
By Chris Preimesberger  |  Posted 2013-02-07
 
 
 

Conduct a Comprehensive Risk Analysis

Analyzing potential risks from human errors will better prepare you to act should they occur. 

Conduct a Comprehensive Risk Analysis

Proactively Address Weaknesses

Educate and train employees about common threats, aggressor tactics and expectations when it comes to following corporate policies and procedures. This must be done in tandem with the deployment of security tools and standard risk management practices designed to help the business mitigate security breaches. 

Proactively Address Weaknesses

Create Actionable Policies and Procedures

Reform data security policies and procedures by putting them into actionable, simple-to-understand language that your employees are more likely to understand and observe.

Create Actionable Policies and Procedures

Avoid Counterintuitive Policies

Policies that interfere with employees' ability to do their jobs can create a corporate culture that undermines the power of its own written requirements.

Avoid Counterintuitive Policies

Include BYOD Policies

BYOD policies should feature clear direction on tolerable behavior and device uses. Include application whitelists and blacklists.

Include BYOD Policies

Create Consequences

Further mitigate the risk of human error by publicizing repercussions for employees who violate company policies throughout the organization. Tough love can be effective.

Create Consequences

Adapt Education and Awareness Activities

Gone are the days of one-time, daylong training sessions. Continuously remind users of their responsibilities and of the very real consequences for poor choices. Deploy active training measures to keep these concerns top-of-mind.

Adapt Education and Awareness Activities

Evolve Beyond Basic Tools

Passwords, firewalls and "secured" (SSL-encrypted) browser connections are not enough. Enhanced detection, monitoring, response and containment capabilities must exist.

Evolve Beyond Basic Tools

Deploy Mobile-Device Management

Choose MDM software that supports multiple device types, provides remote-wipe capabilities, and includes capabilities that track data and applications.

Deploy Mobile-Device Management

Create Ironclad Personal Device Agreements

Make it clear to your employees how their devices are being managed and clearly outline privacy rights.

Create Ironclad Personal Device Agreements

Rocket Fuel