Insider Threats
Introduction
Cyberthreats targeted at an organization can either be categorized as insider or outsider threats. Outsider threats are the most looked into since the attackers are from outside the organization. However, insider threats are quite common and can cause significant damage to an organization (Hunker & Probst, 2011). The current employees, former employees, or third parties such as customers or contractors could use their position to commit the crimes. In some instances, the threats occur as an accident where an employee may without any ill motives delete an important file or share more delicate data with a client.
Methods of employee screening
It is necessary to ensure that the employees know the nature of the information they will be handling before they are hired to work in an organization. Screening them is a very essential step in the recruitment process to ensure that they are ready to work for the good of the organization (SHRM, 2019). One of the ways of screening the employees is through interviewing them. One on one interviews helps the human resource team to understand the aptitude levels of the potential employees as well as their attitudes towards the work they are about to start. Secondly, carrying out background screening of the employees will help to identify whether they have any criminal records (Aamodt, 2016). Background checks will also help to verify whether the information filled in the resume by the applicant is genuine or not. Thirdly, conducting an in-depth assessment of the potential employees is a significant method in ensuring that they have the required skills and competencies required for the identified position to avoid accidental threats such as deletion of important files.
Pros and cons of credit histories
Carrying out credit checks is an important step as it helps the employer to understand the level of responsibility of the applicant. Financial behavior of people can help determine their potential to engage in malicious activity in the organization (Aamodt, 2016). For example, potential employees with loan default histories are considered to more likely to be irresponsible which is a great insight to employers. On the other hand, the state laws in most regions have prohibited the use of credit histories in the recruitment process and could lead an employer into legal implications. It is, therefore, necessary that any employers verify whether the region their organization is based, approves or restricts the use of credit reports. For example, using the credit checks to lockout an applicant based on the presence of criminal records could lead into lawsuits if there is no relationship between the job position and the potential to engage in malicious activity.
Ways of regulating administrator privilege
Segmenting the networks which restrict the administrators to only the systems that they are responsible for through the use of proxies, and firewall VLAN is one of the ways to limit administrator access to organizational network resources. Secondly, it is necessary to monitor the network with a SIEM to prevent the administrator accounts from accessing and probably reading or modifying organizational data. Thirdly, there is no need to provide database administrators with domain accounts and they should make use of verified access to perfume database rearrangement. Resetting the passwords to the main accounts often will also help in limiting the amount of access administrators have to the networks resources hence preventing cases of data loss, theft, or alteration occurring within the organization.
Organizations lose a significant amount of revenues from insider attacks. It is necessary to make use of best practices to limit administrator-privilege on the organization’s networks.
References
Aamodt, M. G. (2016). Conducting Background Checks for Employee Selection. Retrieved from https://www.shrm.org/hr-today/trends-and-forecasting/special-reports-and-expert- views/documents/shrm-siop%20background%20checks.pdf
Hunker, J., & Probst, C. W. (2011). Insiders and Insider Threats-An Overview of Definitions and Mitigation Techniques. JoWUA, 2(1), 4-27.
SHRM. (2019). Screening and Evaluating Candidates. Retrieved from https://www.shrm.org/resourcesandtools/tools-and- samples/toolkits/pages/screeningandevaluatingcandidates.aspx