ArchiveOODA Original

Manage Insider Risk and Prevent ‘Big Brother’ Perception, Part 3

This is the third article in a four-part series focused on proactively managing corporate security culture and workforce expectations as your organization prepares to prevent, detect, and respond to insider risk incidents.

In Part 2 of this series, I provided four actionable steps for being straightforward with your workforce about how you plan to establish and subsequently enforce new policies or monitoring changes to your enterprise security plan, you can read more here.

Workforce Investment Strategy for Managing Insider Threat Risk

After explaining to your workforce why you are including insider risk in your corporate security culture, how can you explain the benefits of an insider threat management program or the ‘what’s in it for them?’?

The third step in my workforce investment strategy is explain the benefits of insider risk management to your workforce, including:

  • Risk management can help protect employees.  For example, the National Insider Threat TaskForce cited in 2018 that federal insider threat risk management programs have successfully prevented multiple suicides.
  • Risk management enhances employee personal security outside of the office.  Sharing best digital practices for preventing an insider incident, whether malicious or unintentional, can help employees manage their home computer use.  Increasing their awareness of how they might be targeted by an outside adversary for sensitive information can help them better protect themselves and your organization.
  • Managing insider risk helps protect workforce privacy.  Discussion and policy implementation about how company property and computers should be handled ensures that employee privacy expectations are balanced against employee privacy interests.      
  • Managing insider risk helps sustain business operations and job opportunities.  Insider incidents can lead to accidental data breaches. Statistics show that 60 percent of small businesses were forced to shut down for good within six months of a major data breach.

These actionable recommendations help strengthen the relationship between you and your workforce by increasing their awareness of how managing insider threat risk concurrently benefits them and the enterprise.  

Stay tuned for the fourth installment in this four-part series, which addresses how to solicit your workforce to help manage insider risk, coming soon.

Crystal Lister

Crystal Lister

Crystal Lister is the Co-founder of Cyber at Global Professional Services Group (GPSG) where she engages with executive clients on cybersecurity and insider threat risk management. Crystal’s background as a former cyber threats and counterintelligence officer informing national security strategy in the federal space allows her to provide unique strategic context to risk management and security leaders at the intersection of human risk and technology in the workplace.