Securing Your Organization Against Insider Threats

Protect your organization from malicious and accidental insider threats — Insider threats can come not only from current and former employees, but also from trusted third parties.

The term “insider threat” describes an internal threat to an organization’s networks, systems, applications, data, people or property. Insider threats are most often attributed to current and former employees but may also result from allowing trusted access to networks, data, facilities and the like by third-party vendors, contractors, consultants and others.

At a high level, insider threats usually fall into one of two categories:

Malicious threats. Threats in which damage or compromise to an organization may occur as a result of attacks by a trusted insider with malicious intent. A malicious insider is often motivated by one of the following:

- Retribution/Revenge for some perceived wrong
- Money, financial gain
- Intelligence against an adversary
- Whistleblowing
- Informant
- Competitive advantage
- Just for the challenge of it

Accidental threats. Threats in which damage or compromise to an organization may occur as a result of a mistake or error being made by a good-meaning, trusted insider without any malicious intent.

There are many examples of insider compromises within large, high-profile brands making headlines. However, organizations of all sizes in every business sector and every geography are equally exposed. The fact is that many organizations have been compromised by an insider and do not even realize it.

Here are several best practices that can help organizations limit the risks posed by insider threats:

Perform background checks on all internal personnel, contractors and consultants.
Implement a vendor governance program that includes audits and agreement reviews of key, trusted third-party vendors that have access to critical networks, data, applications and systems.
Assess potential threats from insiders and business partners during enterprise-wide risk assessments.
Develop and clearly document corporate security policies and procedures. Among others, Acceptable Usage, Mobile Device and Remote Computing and Data Retention and Destruction policies should all be included.
Disseminate the corporate security policy with all staff and business partners and ask that they formally acknowledge and accept them.
Incorporate insider threat awareness into periodic security training for all employees.
Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior.
Anticipate and manage negative issues in the work environment.
Know and document your organization’s assets.
Implement strict password and account management policies and practices.
Enforce separation of duties and the principle of least privilege.
Define explicit security agreements for any cloud services, especially access restrictions, as well as monitoring and response capabilities.
Institute stringent access controls and monitoring policies on privileged users.
Institutionalize system change controls.
Use a log correlation engine or security information and event management (SIEM) system to log, monitor and audit employee actions.
Monitor and control remote access from all end points, including mobile devices.
Develop and implement a comprehensive employee termination procedure.
Implement secure backup and recovery processes.
Develop a formal insider threat program.
Establish a baseline of normal network device behavior.
Be especially vigilant regarding social media and properly socialize what is expected and permissible behavior.
Close the doors to unauthorized data exfiltration.

Security incidents and events caused by insiders often result in costly and disruptive compromises. These events are often hard to identify and usually very difficult for the business to recover from. By adopting meaningful best practices, organizations can alleviate many of the exposures posed by insider threats.

Jeff Bernstein, Managing Director of Critical Defence, has 21 years of information security industry experience dedicated to the protection of critical electronic computing infrastructure. He has worked with many leading financial services, energy, legal and healthcare organizations.

Written by:

Guest Author

Blog Posts

Background Checks – Get What You Need Without Getting into Trouble

What Credit Laws Have to Do with Background Checks

Top 10 Do’s and Don’ts When Hiring a Private Investigator

Investigation Insiders

The Integras Podcast – listen online at:

Case Studies

Case Study: Due Diligence Uncovers Mob Connections

Case Study: Document, Distribute, Train, Repeat

Case Study: Why You Should Look Beyond Database Reports

Jim Tierney

13:15 25 Oct 24

Integras Intelligence, Inc. may just be the best boutique service for all of your security needs in NYC and beyond. I have used them nationally and internationally with outstanding results. Quality at an affordable price. Their dedicated and experienced staff, many with FBI and NYPD backgrounds, help guarantee successful outcomes. Their President, Forhad Razzaque, is an experienced and well-connected leader who has grown the business with an unparalleled personal touch. Highly recommended.

Lorilil Jewelers

14:04 16 Oct 24

Highly recommend Integras Intelligence to anyone in need of reliable, discreet, and effective investigative services. They truly go above and beyond for their clients!

Richard Abrams

23:11 14 Sep 22

I was so impressed with the service and work I got from integras.It was a personal issue handled professionally and discreetly. And I love the podcasts!

adrian rosario

15:51 17 Jul 22

Professional, honest and effective; I have had the privilege of working with Forhad and the Integras executive team since 2007. Having 35+ years experience in law enforcement and an investigative background, we have worked together to achieve successful outcomes investigative matters both domestically and internationally . Their staff is versatile, provides a broad range of security related and investigative know how, and consistently maintains a client-centric culture with unwavering communication and discretion. I highly recommend Integras for your investigative needs.

Brayant Sierra

16:05 08 Apr 22

Elisa Sheftic, Right Executive Search, LLC

19:50 23 Mar 22

As an executive search firm, having a vendor that is able to execute a background check search, quickly and efficiently is paramount. Integras has been an exceptional partner and understand and communicate the ever changing laws that relate to each state. I would highly recommend them for any companies or recruiting firms that needs a professional background check service. Have used them for years and will continue to do so!

Yftah Kaluski

18:36 23 Mar 22

Great service and great team behind the product!

Jay McKillop

22:58 11 Mar 22

This is a first rate operation, and many of the people that work there are former colleagues. I have dealt with Forhad professionally for over twenty years and he has never let me down. The firm I was at used his team for a "red team" exercise which went extremely well. I have also had several instances where people have come to me with some very complicated investigative problems. I referred them to Intergras and they were extremely pleased with the results. Integras has a very deep bench, with international connectivity and the capacity to get things done.

Gonzalo S.

14:59 26 Jan 22

Sets a standard of excellence in all areas of service it provides. The podcasts provide a wealth of information delivered by a panel professionals with extensive backgrounds. I know the podcast host to be a man of integrity. This has to be the best in the business. Great job!

Joel George

22:42 25 Jan 22

We have partnered with Integras Intelligence on a number of occasions. I find their team to be knowledgeable, communicative and easy to work with. It is clear that they are focused on their clients and want to deliver world-class service with an impeccable attention to detail.

Jim Denlea

16:05 25 Jan 22

We have used Integras exclusively for all of our Investigative needs, both domestically and internationally. They have always exhibited an unparalleled level of expertise, sensitivity to our client's needs, and cost efficiency. We would highly recommend them without hesitation.

Edmund Hartnett

15:38 25 Jan 22

Integras Intelligence is the gold standard of investigations. Their cost effective investigations are conducted quickly and accurately; the two most important factors for most clients. I’ve often referred friends and colleagues to Integras. Without exception, they gave the service they received very high marks. I highly recommend Integras.

Aman Singh

23:31 24 Jan 22

I have had the privilege of working with Integras Intelligence while being at two different companies. Not only is Forhad best in the industry but his team is superb.If you are seeking a company that is professional, responsive and provides thought leadership you should choose Integras Intelligence.Thank You!

Shawn Hale

22:06 24 Jan 22

I have known the Integras Intelligence leadership team for over 20 years and am a better person and professional because of it. Never cutting corners, always taking the high road, continually seeking to stay ahead of the industry and setting the standards by which others can measure. Great team. Highly recommend!

Christine Ippolito

00:39 21 Jan 22

We have used Integras as our strategic partner for background checks and physical security advice for over 5 years. The Integras team is highly responsive knowledgeable and always willing to help. We highly recommend them to others and our clients.

Brandon Hunt

13:52 20 Jan 22

I have worked with the team at Integras for over five years and have continually impressed with the professional and thoughtful approach they take to everything they do. They've assembled a terrific team of experts that you can feel confident in and enjoy working with. I strongly recommend Integras Intelligence for anyone who is in need of their services.

Patrick Kane

21:51 19 Jan 22

Integras Intelligence is a global leader in the investigative, business intelligence and security consulting space. Their team led by Forhad Razzaque, has a deep level of experience gained in both the public and private sectors.They augment this impressive team with an extensive network of investigators and other specialists that are dedicated to positive client outcomes. If you are looking for a professional, responsive, and skilled partner to help tackle a thorny issue, look no further than Integras.

USMC 0311

19:36 19 Jan 22

Integras is a leading international provider of investigative and screening services that has been such a great support for our operations in Latin America. Integras is staffed by seasoned professionals who bring decades of experience in all investigative areas and who always go above and beyond the expected service.. Thank you to the Integras team for always striving for excellence!

Securing Your Organization Against Insider Threats

Written by:

Guest Author

Leave a Reply Cancel reply

Blog Posts

Background Checks – Get What You Need Without Getting into Trouble

What Credit Laws Have to Do with Background Checks

Top 10 Do’s and Don’ts When Hiring a Private Investigator

Investigation Insiders

Categories

Categories

Case Studies

Case Study: Due Diligence Uncovers Mob Connections

Case Study: Document, Distribute, Train, Repeat

Case Study: Why You Should Look Beyond Database Reports

Stay Connected.

Don't miss the latest news.

Our Reviews

Securing Your Organization Against Insider Threats

Written by:

Guest Author

Leave a Reply Cancel reply

Blog Posts

Background Checks – Get What You Need Without Getting into Trouble

What Credit Laws Have to Do with Background Checks

Top 10 Do’s and Don’ts When Hiring a Private Investigator

Investigation Insiders

Categories

Categories

Case Studies

Case Study: Due Diligence Uncovers Mob Connections

Case Study: Document, Distribute, Train, Repeat

Case Study: Why You Should Look Beyond Database Reports

Stay Connected.

Don't miss the latest news.

Discover more from Integras

Our Reviews