When you detect an insider threat, what steps should your IT team take to protect the business? (E.g. an employee downloading confidential data via email or uploading it to their personal cloud storage). Do you report the incident to HR with the evidence? Do you call the police to report the incident?
Sort By:
Oldest
Director of Marketing in Software3 years ago
Solutions providing automated hardening upon suspicious activities could be extremely helpful here.Senior Director, Technology Solutions and Analytics in Telecommunication3 years ago
Thank you. Is there any providers that you would recommend?
Director of Information Security in Energy and Utilities3 years ago
It's an interesting question. Technically speaking you need to report it both to HR and Legal, but doing so kicks off a fairly complex process with legal requirements for confidentiality etc. It's best to first conclusively determine if the behavior you are observing is related to actual being malicious or person simply doing some stuff to make their lives easier (shadow IT services). Majority of cases I have seen where you think there's a malicious insiders at deeper look turned out to be people frustrated with internal restrictions/lack of proper tools/software to make their jobs easier. Once you dug as deep as you can internally in IT and confidence is medium or higher that what you are observing is malicious then yes go ahead and file it with both HR and legal teams and provide all relevant context of your investigation. If you trigger this step earlier they will come back and ask you to do a deep investigation first anyways, so you are simply saving this step automatically and doing it up-front.