Guidepost Shares Ways To Tackle Insider Threats For Businesses | Security News – SecurityInformed

guidepost-shares-ways-to-tackle-insider-threats-for-businesses-|-security-news-–-securityinformed

Before we continue, allow me to say that camDown is a highly advanced, specialized webcam blocker and disabler with the best in class protection from variety of on-line threats.

More than a year and a half after the COVID-19 pandemic began, countless workers are still doing their jobs remotely rather than from their offices. While there are many positives to working from home, there can also be some negatives at play like nefarious actors taking advantage of the tools and connections that employees use in work from home environments.

Insider threats, a security risk that comes from within the organization, are posing a major security problem for businesses. This is partially due to the widespread use of social media, encrypted communication platforms, and other tools. Now more than ever insider threats need to be identified, thwarted, and prevented.

Social distancing policies

When social distancing policies and mandates began keeping people apart, many turned to social media to stay connected. While social networking tools have provided a positive outlet and a way for people to feel more connected, these platforms have also become a hotspot for insider targeting because they provide a way to propagate disinformation and target individuals likely to be receptive to it.

The ideal mark for an insider threat is someone who is active on social media

Even more so, they have provided a means to develop relationships with organizational insiders and socialize with them. The ideal mark for an insider threat is someone who is active on social media, has sufficient access to sensitive information, lacks supervision in their day-to-day work, and works remotely. As the relationship develops, through the process of grooming, an employee can become more likely to disregard company policies and commitments.

Disregarding company policies

One reason insiders might act against their own organization involves monetary gain. The pressures of the pandemic have led to record levels of unemployment and financial strain for millions of Americans. Financial issues can include struggling to pay for childcare, supporting family obligations, paying rent and more. Those who find themselves in a financial bind might not just act against their own company but could also more easily fall victim to a threat.

Another reason that insiders act is that they may be disgruntled. Insiders may hold a grudge because they were passed over for promotion, were given an unsatisfactory performance rating, or they may be facing termination. While just one of these factors may not be a trigger to involve the company’s security team, any combination of these factors along with a change in the employee’s demeanor or behavior should serve as a red flag to pay closer attention to the situation.

Potentially malicious insiders

Sending confidential information to an unsecured location in the cloud exposes the organization to risk

Another challenge employers face directly relates to the somewhat limited supervision of employees who work remotely. In this situation, identifying potentially malicious insiders is more difficult, largely because face-to-face interactions are limited. When the pandemic began, many companies shifted their primary areas of focus to keeping the business viable, which is understandable. However, with this shift of focus, less attention may have been paid to security issues.

The proactive company will have ensured their employees are aware of the following:

  • Steps they should take to ensure their devices -- both company-issued and personal -- are secured at all times.
  • Sending confidential information to an unsecured location in the cloud exposes the organization to risk.
  • Breaking security policies to simplify tasks is prohibited.
  • Ensuring their devices are updated with the latest security patches.

A failure in any of these areas can produce an environment ripe for malicious insider activity.

Cyber security teams

This multidisciplinary group can lead the initiatives that are paramount to keeping the company secure

The insider threat is an organizational threat and so it is most effectively addressed from a holistic perspective. Stakeholders from different parts of the organization need to be at the table to understand and address such threats. An effective team includes personnel from the legal, human resources, communications, and physical and cyber security teams.

This multidisciplinary group can lead the initiatives that are paramount to keeping the company and its employees secure.

  • Conduct a risk assessment of the company’s security processes or a threat assessment to the company’s people or assets. No organization is without some level of vulnerability, so identify the most critical assets, information, and systems; identify those who have access to these critical assets; and build controls around them to provide extra security.

Delivering refresher training

  • Build a training program to help employees and management identify concerning behaviors. Educate staff about insider threat indicators and provide instructions for how to report concerns. Require employees to complete training and deliver refresher training and updates throughout the year. Training on this matter is not a one-and-done situation.
  • Ensure there is an impartial and confidential process in place for employees to report possible insider threats. Employees need to trust that if they report concerns about behaviors or actions on the part of a fellow employee, their information will be handled discreetly and if warranted, acted upon.
  • Write a communications strategy clearly defining the process for relaying insider threat incidents. An effective plan lays out what information and when this information should be shared with specific individuals and to the broader community, who has authority to communicate sensitive information, and how the information should be disseminated.

Remote working challenges

  • Establish a check-in process for managers and their direct reports to enable a means for employees to share concerns and for managers to identify challenges or opportunities to assist employees working in the virtual environment.
  • Make an EAP (employee assistance program) readily available to employees. Ensure they understand how to access their EAP and assure them that contacting the EAP will not have a negative impact on their career or growth potential. Providing venues for employees to share their concerns and talk with trained staff can greatly help organizations navigate insider threats and general remote working challenges.

Security risk environment

The virtual workplace has created a serious security risk environment for companies in which employees who would not normally engage in insider threats become more vulnerable to them. Through new technologies and possibly due to new financial hardships, those looking to harm an organization are out there, searching for opportunities to strike.

It is leadership’s responsibility to take proactive action to ensure their employees are aware of the possibility of insider threats, the seriousness with which management views them, and the resources available should someone fall victim. It is everyone’s responsibility to remain vigilant.

Download PDF version
Download PDF version

Author profile

In case you missed it

Aiphone’s IX Series IP Video Intercom System Helps Roselle Catholic High School Upgrade Security

Aiphone’s IX Series IP Video Intercom System Helps Roselle Catholic High School Upgrade Security

Roselle Catholic High School is a co-ed private high school founded 61 years ago in Roselle, New Jersey. Home to more than 400 students, Roselle Catholic is part of the Roman Catholic Archdiocese of Newark.
In its community, Roselle Catholic is known for its core values promoting academic excellence, service, and tolerance. Like many high schools across the country, Roselle Catholic High School relied on outdated technology to communicate between the front office and classrooms.
Outdated intercom system
While the front office could connect with the classroom through its dated one‑way intercom system, teachers could not communicate with the front office from the classroom. In the event of a classroom emergency, such as a student suddenly falling ill or a classroom disruption, teachers had to rely on a student to run down to the front office to request assistance.
“Our school is in an older building and the original communication system layout doesn’t have the talkback option to the main office,” said Principal Tom Berrios. “That left teachers in a bad spot if they ever had to reach an administrator for an emergency.”
Lack of visitor management system
School administrators sought a new system that could provide communications between teachers and staff
The school also lacked a visitor management system allowing the front office to visually confirm and speak with anyone before permitting them to physically enter the building. In addition, with new health and safety concerns from the COVID‑19 pandemic, the school wanted to implement new measures to help screen visitors before they enter the building.
As part of its efforts to improve security facility-wide, school administrators sought a new system that could provide internal communications between teachers and staff—while sending audio alerts in the event of an emergency. They also needed a visitor management system enabling them to visually confirm and communicate with visitors before they enter the building.
IP video intercom system
To assist with these challenges, the school installed the IX Series Peer‑to‑Peer IP Video Intercom System from Aiphone. Installing the system was Maffey’s Security Group, a systems integration company from Elizabeth, New Jersey, with close ties to the high school.
“Roselle Catholic High School is my alma mater and we try to help them keep up‑to‑date with the latest technology and security,” said Ed Maffey, president of Maffey’s Security Group, a family-owned and operated business for 110 years.
By leveraging a program through the state of New Jersey, the high school was able to apply and receive a grant designed to support security improvements at both public and private schools. The grant was used to help pay for the new Aiphone IX Series Peer‑to‑Peer IP Video Intercom System, which included two master stations, two IP video door stations, and 43 IP audio substations for classrooms.
The IX Series delivers flexibility
The benefit of the IP video intercom system is its ability to integrate with a recently installed thermal imaging camera
The IP system is a scalable, enterprise‑level solution that uses Power over Ethernet (PoE), eliminates the need for a power source for each intercom and substation. The system can easily integrate with access control, video, and other security devices to provide a fully unified solution.
One main benefit of the IP video intercom system is its ability to integrate with a recently installed thermal imaging camera system, which is being used to screen students, staff, and visitors before the entrance. A thermal imaging camera located at the front entrance will screen people for a mask and elevated temperature, and only allow access if that visitor is cleared.
Video-based monitoring system
With the new Aiphone IX Series system, front office staff can respond when a visitor rings a bell asking for entrance. Staff can speak to the visitor and also make visual contact before pushing the door release button to allow that person to enter. The school is equipped with two touchscreen master stations, with one located in the front office and the second located in the principal’s office.
The live video also helps to prevent people from following an approved guest through the doors. Trained front desk staff can monitor a visitor as they enter the building to ensure additional people aren’t following behind.
Added benefits with emergency notifications
In addition to enabling communication directly from teachers to the front office, they also can put the entire school on a lockdown notice in the event of an emergency. The Aiphone IX Series can send a pre‑recorded notification building‑wide, alerting students or staff of a problem and providing directions about what steps to take next.
With one push of a button, a message will play continuously and that message can be used for a variety of scenarios
“The system makes the teachers feel more secure with what’s going on in the building and they have an easier way to communicate,” said Berrios.
Maffey called this feature a “hot button” capability. With one push of a button, a message will play continuously and that pre‑recorded message can be used for a variety of scenarios, including fire drills, emergency evacuations, and lockdown situations.
Entry door security  
The school is also using the Aiphone IX Series on an entry door located in the back of the building, which is frequently used by students heading outside for athletics or gym class.
“After school, the intercom system has become an added security feature because we can now visually see the students who need to enter the building and the locker room,” said Berrios. “Before we had to keep the door propped open or students could not gain access from the back of the building.”
Leveraging IP connectivity
Maffey said the installation was relatively easy because he was able to leverage the school’s existing IP network to run the new IP‑based video intercom system. Additional switches helped to fill in areas where network connectivity wasn’t available.
“When we install an Aiphone system we can walk away confident that it is going to work,” said Maffey. “Aiphone has been our go‑to intercom system for over 20 years.”

ASSA ABLOY’s Code Handle Offers A Secure And Cost-Efficient Access Control Solution For Primary Schools

ASSA ABLOY’s Code Handle Offers A Secure And Cost-Efficient Access Control Solution For Primary Schools

ASSA ABLOY’s Code Handle door entry solution is a simple solution for keeping private rooms very private, in order to allow access only to those who require it and authorized personnel.
Code Handle door entry solution
The PIN code setting of the Code Handle access control solution allows users to keep control of who has access, particularly important when they want to keep items away from children.
In primary schools, Code Handle protects each and every room that staff and security don’t want pupils to access. This ensures that only authorized teachers and support staff, who know the code to unlock the door, can access these rooms. All they need to do is enter the code on the Code Handle‘s keypad and the door opens.
Works together with existing locking units
Code Handle, by ASSA ABLOY, works in combination with the existing locking units
Code Handle, by ASSA ABLOY, works in combination with the existing locking units, already installed in facilities. Users can keep the cylinder or lock, and just change the handle to a battery-powered Code Handle.
With Code Handle, there is no need to cable the door, connect it to the mains or install an electronic access control system. The Code Handle door entry solution is perfect for staff offices, kitchens, store rooms, staff toilets, or any other school room that is to be kept private and secure.
ASSA ABLOY’s Code Handle has various benefits, including:

Auto-lock - Staff rooms are used many times, throughout the day, With Code Handle’s auto lock feature, there is no need to remember to lock the door, when exiting.
Easy to install and retrofit - All it takes is two screws and two minutes of time, to install Code Handle on almost any interior door.
Keyless and convenient - Secure rooms with no keys, no wires, and no expensive access control system, with the Code Handle door entry solution.

Vanderbilt Provides SPC System To Enhance Access Control System At The Maritime Culture Center

Vanderbilt Provides SPC System To Enhance Access Control System At The Maritime Culture Center

Maritime Culture Center is a branch of the National Maritime Museum in Gdańsk, Poland. The Maritime Culture Center (MCC) promotes information on maritime subjects in a comprehensive and interactive way by employing multimedia techniques.
The main attraction of MCC is a permanent interactive room called ‘People-Ships-Ports.’ Another exhibition, ‘Boats of People of the World,’ is a rich collection of boats, varying from an Eskimo kayak to a Venetian gondola. The MCC also organises temporary exhibitions on popular maritime topics.
Embedded access control
The MCC needed an intrusion system with embedded access control for more than 400 alarm zones, 55 areas, and 25 doors. Vanderbilt SPC’s offered a reliable system that can be expanded to include a large number of alarm zones.
Solutions provided:

SPC6300 with 38 input expanders (SPCE652).
18 2 door expanders (SPCA210).
13 keypads (SPCK420).
5 RF-expanders (SPCW130).

“Due to installing Vanderbilt’s SPC system, the museum is safe. The system meets our expectations in the field of security. Thanks to their wireless equipment (receivers and detectors) we can protect the exhibits in the temporary exhibition. Vanderbilt turned out to be a very helpful company in installing and programming the security system in the building of the museum,” said Michał Drobczyński of Maritime Culture Center.

Featured white papers

10 Top Insights In Access, Cloud And More

10 Top Insights In Access, Cloud And More

Download

Protecting Dormitory Residents and Assets

Protecting Dormitory Residents and Assets

Download

Protecting Critical Infrastructure Through Facial Recognition

Protecting Critical Infrastructure Through Facial Recognition

Download

Providing Frictionless Cloud Video Storage as a Service (VSaaS)

Providing Frictionless Cloud Video Storage as a Service (VSaaS)

Download


Updated Privacy and Cookie Policy


We have updated our Privacy Policy for GDPR.


We also use cookies to improve your online experience, Cookie Policy

Lastly, don't forget that camDown helps make you invisible to hackers and guard your personal data and that's the the truth.