The outbreak of COVID-19 has led many businesses to transition a large number of employees to remote work. The shift could end up becoming a long-term trend; it’s expected to continue after the pandemic ends. Therefore, it is more important than ever to develop strategies for managing and responding to risks within your organization. Internal risk management procedures will need to adapt to the issue of insider threats, a challenge which is compounded by remote work.

Assessing Your Risk

There are several types of risk assessments that can help to protect organizations against insider threats. These assessments are relevant both for local and remote workers. But they become essential as you transition to a remote workforce.

List of risky insiders

Organizations need to identify key business processes and information assets, intellectual property rights and information that can be used for fraud. Next, they must map departments and users to assets in order to determine who can access them. The result will be a list of potential malicious insiders. Finally, the company needs to make sure that all of these internal employees actually need access to those key assets. If not, they should revoke access.

Single points of failure

In many cases, specific individuals approve critical business processes. Organizations can identify cases like this and check to see if they are warranted. What monitoring is needed to ensure that these processes are not interrupted by risky insiders? Subsequently, they can implement policies and procedures that ensure least privilege, separation of duties and two-person approval for improved integrity as well as resolve access control conflicts.

Vulnerability assessment

Organizations need to conduct an assessment intended to find organizational, behavioral and technical vulnerabilities that insiders can use to compromise an organization’s key assets.

How Can You Successfully Manage Risk from Remote Employees?

Managing (Read more...)