Defining an Inside Out Security Policy
"It isn't just about bad apples — people that are deliberately out to steal information or harm organizations." That, from a recent CIO.com article, may not be surprising to some security experts. But to many, security risks from within can blindside organizations. What does it take to keep this in check? Policy, awareness, and tools that secure your data and corporate assets, without stifling innovation or productivity. Oh, and in case it needs to be said—trust isn’t really a security policy.
In the 2015 Security Report from Check Point, a couple of statistics give one pause. First, they reported that the loss of proprietary information had increased 71 percent over the past three years. Worse, the report stated that sensitive data is sent outside the organization every 36 minutes.
Here are my top tips for making sure you’re covered from the inside out:
- Understand where your assets reside and build a security architecture that has layers of protection.
- Encrypt data and identify tiers of permissions. Not everyone needs access to the same level of data.
- Identify an overall corporate security policy that is supported at all levels of the organization. While you’re at it, insist on stronger passwords that are changed on a regular basis.
- Train employees to recognize phishing tactics, as well as how to treat sensitive information. Most inside-out jobs are accidents. Helping individuals to recognize sophisticated tactics to obtain confidential information can go a long way.
- Stay up-to-date on threat intelligence reports.
- Monitor streaming applications onto your network with tools like Ixia’s Application and Threat Intelligence (ATI) Processor to watch for any unusual behavior: Identify unknown network applications; prevent network security threats from suspicious applications and locations; and spot trends in application usage to avoid congestion.
- Use testing solutions like BreakingPoint to check that all programs and equipment are sound and running as expected before deployment. This can help ensure that data is kept where it is supposed to reside and doesn’t find a new avenue to leave the premises.
Learn more about securing your IT infrastructure.