WorldWide Drilling Resource

21 WorldWide Drilling Resource ® NOVEMBER 2019 Five Ways to Battle Insider Threats Adapted from Information by CONEXPO-CON/AGG 2020 A recent study on insider threats offered some shocking information. The study indicated how compromising an insider is a lot easier for your rival than actually breaking in from the outside, and attention to this problem is well below where it should be. While 40% of those surveyed rated insider threat as the most damaging, nearly the same percentage (38%) said they don’t have a way to detect insider threats. What’s worse, roughly 20% don’t have a plan in place to mitigate damage from this type of incident. There are some fairly simple ways to protect your company from both malicious and unintentional insiders, including: 1 - Controlling or eliminating e-mail attachments and links. E-mails are the number one way for outsiders to attack companies in today’s digital era. Although the message itself isn’t dangerous, links and attachments are. Several security companies offer malware assessment of links and attach- ments. Suspicious attachments are quarantined and dangerous links are dis- abled. 2. Properly manage and control access to data and critical systems. Work with your human resources team and business managers to understand employee roles and the type of data access they need to do their jobs. Then, assign only the necessary access level, no more. 3. Know where your data is. An important issue is to know where critical and sensitive data is located in your system so it can be locked down when necessary. If you don’t know where this information is, how can you protect it? 4. Monitor employee behavior and look for irregularities, including action monitoring software. It’s not intrusive to look for excessive data dumps or repeated attempts to look at files or directories which are not permitted - it’s good business. Educate employees to be on the lookout for behavioral changes in coworkers. 5. Raise security awareness. Lastly, but perhaps more importantly, is the need for security awareness training. This should be an essential part of your company’s culture - not an afterthought or checklist item. Companies partnering with their employees to ensure security awareness do better than those which force compliance, or simply perform training to check a box. Although most attacks may come from outside your organization, the most serious damage is done by insiders with unchecked access to your information.