A group of US security agencies has once again designated September as “National Insider Threat Awareness Month” (NITAM). While insider threats are always a concern, the agencies point out that they are more of a threat this year because of stress caused by work and personal struggles brought on by the pandemic. Stressed employees or contractors are more likely to make errors, commit fraud, or try to profit from stolen data.
Because of the current situation, this year the event is focusing on the theme of “resilience”, which is defined as taking action to promote personal wellbeing and mental health to alleviate the stressors that can cause insider threats to occur. That’s right, the agencies are recommending compassion as a control! By training employees to see the signs of stress in others and to take action to assist them, it is less likely that those with access to sensitive data or transaction capabilities will intentionally or unintentionally misuse them.
Insider threats are always a concern for financial institutions. In addition to making employees aware of the problem and teaching them to recognize the signs of stress, Bedel Security also recommends that institutions include detection and prevention controls to help defend against these threats. These controls include regularly reconciling financial transactions, blocking access by employees and contractors to risky sites and USB devices, and implementing a Data Loss Prevention (DLP) system to detect and block the unauthorized movement of data from the institution.
The official link of National Insider Threat Awareness Month is https://www.cdse.edu/itawareness/index.html#0. It contains many materials (including videos and games) that you can use to raise awareness of insider threats and identify those that may be stressed. If you need further assistance in setting up an insider threats program send us an email at support@bedelsecurity.com.
Additional Resources:
The Virtual CISO Whitepaper
https://www.bedelsecurity.com/the-virtual-ciso-whitepaper
The Biggest Insider Breach
https://www.bedelsecurity.com/blog/the-biggest-insider-breach
Assessing Endpoint Protection
https://www.bedelsecurity.com/blog/assessing-endpoint-protection