Code 42

How vulnerable are you to a corporate data leak?

Assess your baseline level of exposure across the four dimensions of Insider Risk.

Arrow next Arrow next
Code 42
Code 42

PART 1: A BIT ABOUT YOU

How big is your company?

Single Select
Code 42

PART 2: SITUATION

In terms of data protection, what kind of business events do you anticipate facing in the next year?

Multi Select
Code 42

PART 2: SITUATION

Where does your organization invest the most when it comes to data protection?

Multi Select
Code 42

PART 3: FILES

Would the following types of data have significant business impact if leaked?

Multi Select
Code 42

PART 3: FILES

What visibility do you have today around data exfiltration?

Multi Select
Code 42

PART 4: VECTORS

What are your approved corporate systems for storing and sharing information?

Multi Select
Code 42

PART 4: VECTORS

Do you have ways to verify that files are being handled according to your corporate policies?

Single Select
Code 42

PART 5: USERS

Do any of these specific types or groups of users have access to more of your high-value data?

Multi Select
Code 42

PART 5: USERS

What percentage of your employees work remotely?

Single Select
Code 42

PART 5: USERS

What percentage of your employees depart on a annual basis?

Single Select
Code 42

PART 5: USERS

How often do you see employees circumventing security controls?

Single Select

LOADING RESULTS...

1000%
Code 42
RESULTS

All done!

You have an overall risk assesement grade of

C-

C

C+

B

A

Your biggest area of exposure is

Situational

Files

Vectors

Users

Your company is especially vulnerable to corporate data leaks during specific changes or events in the corporate lifecycle. We’ll dive into this further on your detailed results page.

You’ve got some very important files, but not much visibility into how they are exposed to untrusted destinations. This makes you particularly exposed to a high-value data leak. We’ll dive into this further on your detailed results page.

Your dynamic workforce leaves you with blindspots for when data moves to untrusted destinations, and with limited controls to mitigate this risk. We’ll dive into this further on your detailed results page.

You’re most exposed to corporate data leaks via your high-risk users. We’ll dive into this further on your detailed results page.

Woman in chair with pen.

Take me to my detailed results

RESULTS

Your detailed Results

Code 42

Situational

C-

C

C+

B

A

To put it plainly, you need to take action. Your company is exposed to a significant level of risk when it comes to corporate data leaks. We suggest checking out solutions to reduce your risk exposure and shore up your defenses.

Any major event that happens in your organization, like reorgs, leadership changes or M&A, will inevitably trigger an increased risk of data exposure caused by insiders. The reason why this happens is because these types of corporate events can cause uncertainty, confusion and rumors about the future—leading to heightened employee concern about their job stability, which can in turn lead to increased exfiltration activity. Incydr helps you get ahead of corporate data leaks during high-risk times of change, without adding complexity or noise.

Read the use case to discover how Incydr can protect your most valuable data during times of corporate change.

You’re on the right track, but there are still some key situational gaps that need to be addressed. This is precisely where Incydr, a purpose-built tool dedicated to managing data leaks caused by insiders, helps to shore up the fundamental holes in your defenses related to organizational change.

Any major event that happens in your organization, like reorgs, leadership changes or M&A, will inevitably trigger a rise in Insider Risk exposure. These types of corporate events can cause uncertainty, confusion and rumors about the future—leading to heightened employee concern about their job stability, which can in turn lead to increased exfiltration activity. Incydr helps you get ahead of corporate data leaks during high-risk times of change, without adding complexity or noise.

Read the use case to discover how Incydr can protect your most valuable data from Insider Risk during times of corporate change.

Your company has some key situational gaps covered—nice job!

Here are some metrics you can use to demonstrate and measure your success:

Try tracking data exposure events over time, preferably on a quarter-over-quarter basis. Make note of any key macro changes, like M&A, leadership changes or policy changes, that might trigger these events.

Doing this can help you to identify and proactively manage future events that are known to increase Insider Risk. This will help you improve your risk posture through the use of right-sized controls.

Want an easy way to do all that? Our purpose-built Insider Risk Management tool, Incydr, helps you get a handle on your data risk without impeding collaboration. Find out more about it here.


results-man-with-glasses-and-pen

Files

C-

C

C+

B

A

This should be a major priority for your organization. You’re dealing with business-critical files, but you have minimal visibility into how they are exposed or leaked to untrusted destinations. This is precisely where a dedicated insider risk management tool like Incydr can help.

Incydr helps you protect your intellectual property in a way that’s easy to manage and offers a variety of controls that are right-sized for the severity of the event. This means that your response to insider risk won’t get in the way of employee productivity or collaboration. Incydr detects insider risk across computers, cloud and email systems. It signals which risks are of highest severity and offers a variety of right-sized response controls to help you manage insider risk with signal, simplicity, and speed.

Read this to find out more about how Incydr can help you improve your data risk detection and response to combat data leaks caused by insiders.

You’ve got some very important files, but your visibility into how they are being exposed or leaked to untrusted destinations could be better. Your level of exposure from this angle merits some close attention. This is where Incydr can help.

Incydr provides a company-wide view of data risk and a variety of response controls that are right-sized for the severity of the situation. This ensures that your business critical data is protected without impeding on employee productivity or collaboration. Incydr detects insider risk across computers, cloud and email systems. It signals which risks are of highest severity and offers a variety of right-sized response controls to help you manage insider risk with signal, simplicity, and speed.

Read this to find out more about how Incydr can help you improve your data risk detection and response to combat data leaks caused by insiders.

You have business-critical data and you’ve taken steps to maximize file visibility—nice one. Here are a few things you may want to watch out for going forward, and some things you can measure to help prove continued success.

Consider keeping track of a few key metrics related to any corporate data leak of business critical files like source code, strategy documents, CAD drawings, product roadmaps, and customer lists. For example, you could track the number of files exfiltrated (and the top five users exfiltrating those files), the percentage change in file exfiltration quarter-over-quarter and the top three untrusted destinations where files are being exfiltrated to. Reporting on corporate data leaks in this way will help you assess when controls are lacking.

You can read more, and download templates to help measure your risk posture, in this Insider Risk Management program resource hub.


Vectors

C-

C

C+

B

A

Here’s the thing: you have a significant lack of visibility and control when it comes to the ways your team shares data as they work and collaborate. A Forrester study found that in the past year alone, use of unauthorized cloud applications increased by 60%. As work continues to lean towards hybrid, cloud-based models, the ability to detect data moving to untrusted destinations, and proper response controls are essential.

Using Incydr, you can identify any unsanctioned applications that your employees might be using to share or exfiltrate files, and set up intelligent controls that are ideal for the severity of the event. By doing so, you will manage the risk of Shadow IT in your organization, without impeding collaboration or productivity.

Read more here about how you can mitigate data exposure caused by Shadow IT in order to secure valuable corporate data with Incydr.

You’ve got a few steps to take here, but you’re on the right path. All the systems that help your team collaborate need to be given proper due diligence when it comes to managing use of untrusted applications or exfiltration vectors.

Having a once a year assessment of risk exposure isn't quite enough for the dynamic risks presented to a cloud-based or hybrid workforce. You need to ensure that you have a holistic insider risk management system in place to check whether employees are complying with existing data use policies or using Shadow IT. Better yet, you need to have right-sized controls in place to respond to incidents where you detect data being sent to untrusted destinations or when corporate policies have been broken.

Read this use case to find out how Incydr can help you verify the effectiveness of your controls and policies—and uncover any blindspots you still have.

Well done! Your team is working with a core set of security tools and it sounds like you’ve set up the right controls to mitigate data exposure to untrusted destinations. That said, if your workforce is cloud-based and hybrid, then you know how dynamic risk can be. To stay ahead of emerging insider risk vectors, here are a few things you’ll want to keep an eye on.

You’ll want to make sure that you have monitoring and controls in place to audit and enforce compliance with data use policies. You should establish a baseline of data exposure metrics that represent levels of Security Policy Compliance and Shadow IT Use. Check back in on a quarterly basis to see if your risk is decreasing and thus validating that your controls are effective.

Alternatively, if your risk is increasing, that may be a signal that new controls may be needed. For example, if you have a corporate policy that says employees cannot use personal messaging systems on their corporate device, but you detect that corporate files are being uploaded to WhatsApp, then you may consider using an educational control such as sending the user a security awareness training video.

Want an easy way to do all that? Incydr is purpose-built to manage insider risk. That means it will help you get a handle on your vectors without locking down collaboration. Find out more about it here.


results-hands-on-laptop-keyboard

Users

C-

C

C+

B

A

Your user risk posture needs urgent attention. As it stands, you have a surplus of potentially high-risk users with access to high-value data—and you may not have the right controls in place to handle this dimension of insider risk. Simply put: this is a recipe for trouble. We built Incydr to help you manage data risk caused by users with authorized access, without sowing distrust or depending purely on permissions.

Incydr leverages user context to focus on the actions taken by users who represent the greatest risk. With this intelligence, Incydr has a variety of controls that can be leveraged to respond based on the severity and context. Having an insider risk management solution to protect data from high-risk users like departing employees, contractors, or employees with access to high-value data is essential for improving corporate risk posture.

Read this use case to get a view of how Incydr helps you accurately detect and respond to data leaks caused by insiders—such as if employees attempt to take data when they quit.

This area requires your attention. There are some trends related to user attributes or characteristics that represent elevated risk to data, and your controls may be lacking. Our approach to protecting data from high-risk users isn’t about finding the malicious needle in the haystack or employee monitoring. Instead, it’s all about having the context to understand how certain user attributes can heighten risk to data—taking into account variables like if an employee is quitting, if the user is a contractor or if they have access to high-value data.

Incydr leverages user context cues like these to focus on the actions taken by users who represent the greatest risk. With this intelligence, Incydr has a variety of controls that can be leveraged to respond based on the severity and context. Having an insider risk management solution to mitigate third-party risk and protect data from departing employees or other types of high-risk employees is essential for improving corporate risk posture.

Read this use case to get a view of how Incydr helps you accurately detect and respond to data leaks caused by insiders—such as if employees attempt to take data when they quit.

Good news: your company has a relatively low exposure when it comes to high-risk users accessing your most sensitive files. Do remember though—“low” isn’t “zero”. Here’s some metrics you can measure to keep a close eye on your user-driven risk surface.

You’ll want to determine metrics to track how risk aware your culture is, and watch for exposure to third-party risk. Evaluate these metrics on a quarter-over-quarter basis to verify that your controls are working and identify when new risk is emerging. For example, determine who is exfiltrating data within your organization, which departments they’re in and what management level they’re at. It’s also a good idea to track the response action taken for each case, because this indicates if the frequency of critical severity insider risk cases is increasing.

Want an easy way to do all that? Incydr is purpose built for insider risk management. It’s designed to help operationalize your detection and response controls in alignment with your risk tolerance. Find out how here.

Code 42 pattern
Code 42

The leader in insider risk detection and response

Corporate Headquarters | 100 Washington Avenue South | Minneapolis, MN 55401 | 612.333.4242 | Code42.com
Twitter linkedin facebook youtube blog