Intelligent CISO Issue 09 | Page 69

decrypting myths some of the best methods employers can use to reduce insider threat. Always take up references. 7. Consider pros and cons of hiring external consultants to investigate internal threats The advantage of hiring external consultants to help detect malicious employee behaviour is that they hold no loyalties or bias and cannot be influenced by people within the business. They can also have knowledge and expertise that may not be present within the business and be able to see gaps in the business’s current cybersecurity policies of which current staff are not aware. The downside is that, if the external consultants are not supported at the highest levels within the business, they can become hamstrung with internal politics. Without the authority to interview employees across the business and delve into its inner workings, they can be impeded by individuals who may not want them to advise new security controls (especially if they cause jobs losses or a restriction on current working practices). u or 4% of annual global turnover for businesses which suffer data breaches. It also sets out a strict time frame for the reporting of breaches – normally within 72 hours. So, it is not only vital for businesses to be GDPR compliant but also to have clear and tested procedures in place for when things do go wrong. Tom Huckle, Lead Cyber Security Consultant, Crucial Academy GDPR is also an important issue to consider in advance. The regulation threatens fines of up to 20 million Euros www.intelligentciso.com | Issue 09 6. Use advance checks to reduce risk during recruitment Thorough background and reference checks in advance of employment are Companies need to be able to initiate security controls as soon as they suspect an employee or employees may be a threat to the business. 69