Security Intelligence discusses insider risk
I just read this Security Intelligence article by David Strom and was happy to see him discuss our 2015 Insider Risk Report. It’s great to see outside opinions about this risk, especially from someone with Strom’s high reputation.
Strom agreed with our findings that IT workers tend to be the biggest risk when it comes to sloppy security practices. He states:
“Over the years, I’ve met many IT workers who embody this attitude. They don’t feel bound by their own security policies, best security practices or other rules that they create for their fellow employees–and that is a sad and sorry state of affairs.”
I also appreciate the fact that he offers encouragement to IT workers to be a force for change within their organization. I think when you can empower your IT workers to actually take the lead in improving both their own and the rest of the company’s security behavior, you get greater buy-in from the people who could otherwise do the most damage.
As we discuss in our best practices guide, it starts with having a concrete security framework in place. This includes having IT conduct frequent reviews and implement updates to thwart the latest threats. And holding regularly scheduled employee training, which can make a huge difference in how aware your employees are of their risky security habits and how empowered they feel to combat them.
I recommend taking a look at our best practices guide (which you can download by filling out the form at the bottom of this post) and seeing how you can implement these strategies in your own organization. Even though the IT department can be your greatest risk, it is also your most powerful tool.