The Insider Threat – Careless (pt.5)

by
the insider threat can be just careless

Up to now, we have been discussing the insider threat in relation to a trusted insider committing a breach of trust and maliciously exposing your secrets. As discussed in the last article this type of malicious act does happen but more often than not your trusted employee is just a little careless or acts without carefully thinking and that leads to your insider data breach.

Good data storage as mitigation to the insider threat.

We have spoken about the value of monitoring as a carrot not a stick, and it can be encouraged through some simple training and policy documents. A good data storage policy with PoLP (follow the link to find out what that is) keeps at least some of your most sensitive and valuable data out of the hands of both the insider threat and the external threat actor if things go wrong.

I now include at least a slide’s worth of talking about where to store data in my live and online Cyber Security Awareness Training – if your team members know what is expected of them, they will work to meet those standards. It is easy in the live training to work with the client to explain the organisation’s data storage policy.

Administrators and Senior Staff Beware

You – they – are the weak link in the above mitigation.

Do not allow rogue applications.

This is a very simple way of protecting yourself from the casual insider threat. If an employee has a referral for a great piece of software they want to put on your computers, have a process in place and do the due diligence. Unpatched, rogue applications on a computer or network could be the gateway for threat actors.

Then there are updates and patches.

Read these:

Don’t Skip That Restart

How Microsoft Patch Tuesday can help your cyber security planning

Next

I was on break last week and again next week as I finish an IT and Cyber Security Audit, but I will be back with more on the insider threat in two weeks.


Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

The Principle of Least Privilege and Authentication, Authorisation and Accountability – A Primer

The Insider Threat Primer

The Insider threat – Not just a question of trust. (pt.1) – CyberAwake

The Insider threat – Start thinking about sorting. (pt.2) – CyberAwake

The Insider Threat – Mitigation. (pt.3) – CyberAwake

The Insider Threat – An Investment. (pt.4) – CyberAwake

Photo by picjumbo.com

Contact us for consultation

Wake up to cyber threats..

The Insider Threat – Careless (pt.5) Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close