Insider Threat—A Snippet Continued from page 35 The Careless Typically, those around us don’t have malicious intent to disrupt their work or personal lives. But, sometimes, people do get complacent and skip a few steps in the written guidelines or best practices and don’t realize how much damage they may cause by not carefully following procedures. Examples of carelessness may include shar- ing passwords, not locking a computer or device when not in use, and not properly disposing of or securing sensitive information. These negligent actions can provide a window of opportunity for an attacker to gain access and cause disruption. Ensuring that policies and procedures are complied with and audited on a frequent and random basis would help mitigate this second type of insider threat. The Criminal Actions of this type are made with the intent to do harm. Those with criminal intent have plans to put oth- ers at risk, no matter the consequences. An employee stealing sensitive information to commit fraud or attempting to gain access into unauthorized areas are two examples. The important thing to note is that these actions can be triggered by life events such as: termina- tion of employment, change of life status (e.g. divorce, loss, etc.), or financial hardship. Ultimately, those in this group believe the gain will outweigh the consequences. Mitigating this group is more challenging and involves multiple layers of security, thoughtful human relations, and overall execution of business security best practices with active monitoring. Devise a Plan Create or obtain a checklist and customize it to fit your organization. The checklist should include, but is not limited to, the following: 1. Initial and recurrent Security Awareness Training that includes an insider threat component. 2. Ensure company policies and procedures relating to access, system control, email com- munications, non-disclosures, and non-sharing of access credentials are in place, current to standards, and enforced. 3. Establish an internal audit process to ensure compliance with Standard Operating Procedures and Polices. Aviation Business Journal | Summer 2020 4. Have an accurate inventory of devices and their assignments. 5. Ensure all devices and equipment are main- tained with the most current security updates. 6. Grant access to systems, facilities, etc., only to those with operational needs. Likewise, revoke unnecessary access promptly. 7. Define and communicate how to report suspi- cious activities. 8. Establish clear security policies designed for teleworkers. 9. Cultivate a Safety and Security Culture through active employee engagement. 10. Monitor, Enforce, and Update the Plan. The New Norm Our way of life and the way we work swiftly changed in a matter of weeks when the COVID-19 pandemic struck. Many organizations experienced business disrup- tions, including a steep decline in business activities, layoffs, furloughs, teleworking, Zooming, and the list continues. Cyber-criminals are taking advantage as more employees are teleworking. Carefully assess how your employees telework. Do they access the corporate sys- tem? If yes, is access through a Virtual Private Network (VPN)? If no, do they need to access the system remotely, or can they limit access to the one or two days a week when they are in the office? Resources A great resource to help navigate through today’s fluid and unstable environment, while arresting insider threat incidents, is available through the Cybersecurity & Infrastructure Security Agency (CISA) website. Check out this site for more information on Insider Threat and Security Awareness Training: https://www.cisa.gov/training-awareness. You can also join NATACS’ Webinar Wednesdays, which discuss best practices on topics relating to regu- latory compliance and security best practices. Email [email protected] or call +1.703.842.5317 for more information. Be aware. Exercise vigilance. Stay safe. 37
