In our highly collaborative, fast-paced professional landscape, data risk is ever-evolving. And unfortunately, the risk that insiders present often falls too far down on the priority list for security teams. At Certinia (previously known as FinancialForce), we offer customer-centric business applications on the leading cloud platform from Salesforce. Given our position as the preeminent enterprise resource planning (ERP) and professional services automation (PSA) solution, it’s critical for us to protect the IP that powers our platform and gives us a competitive edge.
As a result, we’ve invested heavily in building a robust Insider Risk Management program to protect our most important data from both inadvertent and malicious exfiltration to mitigate the business impact of leaks. Here are some tips I learned as we built out our program that will be helpful to those who are getting started with Insider Risk Management:
1. Get executive buy-in and commitment to the Insider Risk problem.
The best way to start is from the top down. Get your executives, the board, and the audit committee all engaged and help them understand the potential impact of insider risk. We focus on the financial, reputational and operational risks at hand and work to align our goals so our team can effectively protect what matters most to the business.
2. Assess your risk posture.
With high-level buy-in and alignment secured, the next step is to embark on a thorough insider risk assessment. It’s crucial to understand who your top threat actors are, what your critical processes look like and what your capabilities in terms of mitigating insider risk are. Knowing your gaps — and your strengths — is really important.
3. Design and implement your Insider Risk Management solution.
Once you understand who presents the greatest risk and what you need to protect most, the final step is to design and implement the insider risk solution. This careful, methodical planning is essential for creating a robust, effective insider risk program. Too often, companies apply band-aids to address the insider risk problem. It’s really important to have that sort of broad consensus and governance before you start.
At Certinia, gaining buy-in from our executives set us up extremely well to be able to grow our Insider Risk Management program, all while keeping business impact top of mind. With Incydr, we have gained the ability to protect our most important data but also establish repeatable processes that save my team time and allow us to speed our response time, which makes all the difference.
To learn more about how we use Incydr in our approach to insider risk, read the Certinia case study.