When hiring the team that literally holds the keys to your castle, you want to make sure they are well-vetted.
The last thing you want is to hire someone to protect your network that will eventually turn into an insider threat scenario.
So how can you establish better security practices beforehand that will make hiring new members of your security team a breeze?
Kurt Long, CEO of data security and protection firm FairWarning, offers these five tips below to organizations who want to establish better security practices when hiring their security folks.
Acceptable use policy
Organizations should implement an Acceptable Use Policy (AUP) to mitigate risks associated with employees who have access to the organization’s network and company equipment. Without an Acceptable Use Policy, organizations are vulnerable to law suits, regulatory fines, and security breaches.
Your Acceptable Use Policy should be explicit in communicating what one can and cannot do with the organization’s technology and equipment. An AUP should define the proper use of organizational information whether it be customer, financial, health, or proprietary information.
Some considerations that are often overlooked in the current digital era that should be included in an AUP are email activities, social media and blogging, mobile devices, authentication, and data classification.
Circulate the document through management in each department to ensure there aren’t vulnerabilities being overlooked that could put your organization at risk.
Monitoring technology
Trusting employees is a part of a successful workplace culture, but research shows that it’s also important to verify that employee activity adheres to your policies and procedures.
According to IBM X-Force Research, 60% of all attacks on an organization were from insiders. Insiders may maliciously or carelessly expose business critical information about your organization or customers, causing reputational damage and/or loss of business.
Leaving your organization vulnerable to a data breach could potentially cost millions-of dollars. Ponemon’s 2017 Cost of Data Breach Study cites the average cost of a data breach in the US at $7.35 million.
Monitoring technology will provide your organization with the ability to Trust but Verify® that employees are not violating your Acceptable Use Policies and putting your organization at risk.
Sanctioning
To further protect your organization and provide transparency for new hires and existing employees, an organization should have a well-defined sanctioning policy in place. Specific penalties should be defined for those who do not adhere to the Acceptable Use Policy of the organization.
Management should have a clear understanding as to what the implications are for employees who misuse organizational access. In your sanctioning policy, communicate to employees that their activity is being recorded through user monitoring and that they are held accountable for any misuse of the organization’s resources.
Physical security
Although cybersecurity remains a pressing concern for most organizations, physical access to your network should not go ignored.
Social engineering can be used to gain access to your organization’s physical perimeter and access to your network. For example, if an employee holds a door open for a non-employee out of courtesy, and that non-employee intends to access your organizations’ network through a stolen laptop, your company’s data is at extreme risk.
Multi-layer authentication, requiring both a password and a physical token, to gain access to technology and organization perimeters provides an extra layer of physical security to your networks.
Training
Employees are either the greatest vulnerability to an organization or the best line of defense. Implementing a culture of security and accountability will help secure your organization.
The idea is to move towards preventing security issues rather than discovering problems when the damage has already been done. Training through Learning Management Systems on your acceptable use policies, monitoring technology, current cyber threats, and sanctioning will aid in defining a strong culture of security.
