T2021_08 Safety Tips for protecting your organizational assets from insider threats (28rd April 2021)

One of the most overlooked threat actors to an organization’s cybersecurity, oftentimes comes from within the organisation.  The best way to defend against this type of threat is to make sure that employees are cognizant of how to protect data and devices located within and out of the office.

Here are a few tips on how employers can reduce cyber threats caused by employee negligence.

  • Create a cybersecurity sensitization plan for employees – Every employee should be aware of common types of cybersecurity threats and how to recognize them. Employees should be sensitized about the organization’s security best practices and how to maintain same. This will increase cybersecurity awareness among employees which can reduce insider threats caused by employee negligence. For more information about staff training, you can visit the Get Safe Online Website at https://www.getsafeonline.gy/business/articles/staff-training/ .
  • Create password policies and procedures – Weak passwords have the potential to compromise not only the data of an entire organization but also the data of third-party clients, suppliers, and partners of that organization.  As of such, a password policy should be established and reinforced that guarantees the creation and use of strong passwords. For more information about passwords, you can visit the Get Safe Online Website at https://www.getsafeonline.gy/business/articles/password-protocol-control/.
  • Create acceptable usage policies and procedures Create and implement acceptable usage policies for your organization’s computer assets to limit the unauthorized use and downloads of explicit content. This will deter employees from visiting websites that may have malicious links on them. For example, if a website is prohibited based on a particular policy, then the browser will never render the results for that website, or a warning will appear prohibiting person(s) from visiting that site.  It will also encourage employees to be more careful with all devices assigned to them by their organization and will draw a clear line between work and personal life. For more information about usage policies, you can visit the Get Safe Online Website at https://www.getsafeonline.gy/business/articles/staff-policies/
  • Create role-based access control- Create and implement role-based access control to the organization’s network. Role-based access control restricts network access based on a person's role within an organization and has become one of the main methods for advanced access control. By doing this, employees are only allowed to access the information necessary to effectively perform their job duties. Access can be based on several factors, such as authority, responsibility, and job competency. In addition, access to computer resources can be limited to specific tasks such as the ability to view, create, or modify a file. Access control allows for good accountability for those responsible for various aspects of organizational information.

The Guyana National CIRT recommends that users and administrators review these recommendations and implement where necessary.

PDF Download: Safety Tips for protecting your organizational assets from insider threats.pdf

References