decrypting myths
some of the best
methods employers can
use to reduce insider
threat. Always take
up references.
7. Consider pros and cons
of hiring external consultants
to investigate internal threats
The advantage of hiring external
consultants to help detect malicious
employee behaviour is that they hold no
loyalties or bias and cannot be influenced
by people within the business.
They can also have knowledge and
expertise that may not be present
within the business and be able to
see gaps in the business’s current
cybersecurity policies of which current
staff are not aware.
The downside is that, if the external
consultants are not supported at the
highest levels within the business, they
can become hamstrung with internal
politics. Without the authority to
interview employees across the business
and delve into its inner workings, they
can be impeded by individuals who may
not want them to advise new security
controls (especially if they cause
jobs losses or a restriction on current
working practices). u
or 4% of annual global turnover for
businesses which suffer data breaches.
It also sets out a strict time frame for
the reporting of breaches – normally
within 72 hours. So, it is not only vital for
businesses to be GDPR compliant but
also to have clear and tested procedures
in place for when things do go wrong.
Tom Huckle, Lead Cyber Security Consultant,
Crucial Academy
GDPR is also an important issue to
consider in advance. The regulation
threatens fines of up to 20 million Euros
www.intelligentciso.com
|
Issue 09
6. Use advance checks to reduce
risk during recruitment
Thorough background and reference
checks in advance of employment are
Companies need to
be able to initiate
security controls as
soon as they suspect
an employee or
employees may
be a threat to the
business.
69