What do you think when you hear the words “insider threat”? Once people get past a foreign agent’s image in a spy movie, they often can’t imagine what that might look like at their organization. The first reaction tends to be, “We hire good people. We trust them, and we need to trust them to move the business forward.”
And they’re right! They likely do hire brilliant, hard-working folks that aren’t looking to harm the organization actively. So, why do insider threats still happen? The reality is, most insider threats occur because employees are simply trying to do their jobs and, unfortunately, they engage in some less-than-ideal security practices in the process.
The nature of work is more collaborative than ever before, which is great for innovation, culture – the works! But it also creates more opportunities for sensitive data to end up where it doesn’t belong.
At UserTesting, for example, we have always had a primarily remote workforce and a software-enforced perimeter. Without the visibility we have into data movement, there would be many opportunities for sensitive data and IP to walk out the door. When I signed on to establish a DLP practice, I knew the old-school strategy of blocking wouldn’t work and would ultimately undermine UserTesting’s competitive advantage.
Instead of shutting down the tools and processes that enable our teams to be effective, we focused on understanding the business reasons behind those practices, educating on more secure alternatives when necessary, and gaining full visibility of data movement to respond quickly to insider risks.
If I could give one tip to my colleagues in security, it would be this: collaboration can’t—and shouldn’t—stop. Now more than ever, your employees’ ability to work quickly and have flexibly is a critical part of your business. Instead of focusing on how to block every potential risk, we need to learn how to adapt security policies to encourage safe use of collaboration technology.
At the end of the day, we’d be a completely different company without the collaborative, flexible culture we’ve built at UserTesting. Instead of putting up roadblocks, our security team is focused on gaining visibility of data movement across the organization and educating our employees on how to do their part in protecting UserTesting’s data—no matter what tools and processes they use. If you’re interested in learning more about how we do it, check out our story: https://www.code42.com/customers/usertesting-case-study/.
Read about other considerations in 3 New Priorities That Highlight Why Your Security Stack Might Have Gaps.