Companies are increasingly aware of the insider threat problem. However, few are equipped to actually reduce their risk. When an organization decides it’s time to build a formal insider threat management program (ITMP), here are some best practices on how to get started.
Prepare the Team for Insider Threat Management Success
A successful ITMP starts with a strong foundation. The security and IT teams should have a solid understanding of the organization’s overall security strategy. However, insider threat management has a cross-functional nature. For that reason, teams should also include stakeholders from departments such as legal and HR as they get started.
Take these five steps to prepare the team for the launch of an ITMP:
- Designate an executive champion: This point person will prioritize program development and secure the needed resources.
- Identify a steering committee: Include employees beyond the core cybersecurity group.
- Build cross-functional working teams: Certify compliance by inviting active legal counsel, HR, and other key teams to the table.
- Ensure privacy by design: Build precautions around personal privacy into the ITMP program from the start. We recommended that the team establish a “watch the watchers” function and whistleblower protections.
- Assemble a complete team: Identify any gaps in the internal resources. Most companies can benefit from ITMP partnerships to cover all of the bases.
Proper planning across teams will help the team in the long run. After all, launching the ITMP will require that people, process, and technology are all working in harmony.
Set the Stage for a Sustainable Security Program
The new ITMP won’t operate at full capacity on day one. While that should help minimize some of the pressure of kicking off the initiative, the team will also want to ensure that safeguards are in place as the team ramps up activity.
The best way to get immediate value from the new security program is by determining an initial operating capacity (IOC). An effective IOC will document the baseline policies and procedures of the ITMP.
As the team progresses, an implementation plan should be shared with the complete team. This plan will act as the framework for the ITMP. An effective framework documents automatic tasks while also establishing the foundation for ongoing evaluation of the program. Assess areas of improvement along the way to continually up-level security.
Planning for an annual review of the ITMP will aid the program’s sustainability. During each review, the team can check in on elements such as:
- What the program accomplished that year
- What resources were allocated to it
- Identified insider risks
- Goals for improvement
- Major challenges
Scale the ITMP to Full Capacity
The team will learn more about the organization’s unique insider threat security needs as it puts the implementation plan into action. This process will require that everyone remain mindful of internal priorities. The result should be an ITMP that adequately balances privacy and security needs.
The progression to full operating capacity (FOC) is gradual for most organizations. Reaching FOC means incorporating all of the baseline functions established by the IOC, along with five additional elements:
- Personnel Assurance: Complete and document employee security assessments.
- Access Control: Determine which insiders can act as program administrators.
- Analysis: Establish datasets that will allow the team to monitor for risk and determine the ROI of the ITMP.
- Dynamic Risk Assessment: Enhance security by establishing proactive security measures against insider threats by assessing user risk.
- Oversight: Determine ownership and clarify roles within the program.
Find the Right ITMP Solution
The frequency and risk of insider threats continues to rise. To counter this, a successful insider threat management approach requires establishing a people-based security perimeter. A mature program will embrace proactive solutions to minimize the company’s risk, while also equipping the team to react to inevitable insider incidents with speed and accuracy.
That’s where we can help. Proofpoint’s Insider Threat Management Program is a purpose-built solution for this risk.
Get an even deeper dive on what the team needs to know as the organization jumpstarts its ITMP by downloading our eBook, the second in a series of four: