COVID-19 turned our world upside down. While work from home wasn’t on most organizations’ priority lists before March 2020, what started as a health crisis quickly became the ultimate test in enterprise resilience and agility. Many organizations’ risk posture changed significantly with this transition to a remote workforce. Not many were set up to make this shift from a technology, data security and visibility perspective.
In an effort to keep business moving forward, we witnessed IT teams adopt and then reactively deploy sanctioned cloud applications, in many cases, for the first time. Collaboration tools like Zoom, Slack and Microsoft Teams have since become workforce essentials. While IT was in the midst of rapidly deploying these technologies, some employees took the path of least resistance in the absence of sanctioned collaboration tools. They downloaded freeware or shadow IT solutions to fill tool gaps that were preventing them from getting their work done. With new risks being introduced to the organization’s sensitive data, terms like “Zoombombing” emerged; opportunistic hackers monetized the tragedy by targeting home networks; and new phishing scams were launched, masked as COVID-19 updates or financial resources.
Security teams quickly found themselves in the hot seat to secure their organization’s new virtual work environment, including the new technologies that are now integral to keeping employees productive, connected and engaged. While no one could have predicted the rapid progression of current events and what quickly became our “next normal,” it’s clear now that cloud collaboration technologies are here to stay. Having visibility into data moving across those apps and tools while employees are working from home off the corporate network, is more important than ever before. While these cloud-based technologies are critical to keeping business functioning, they also open companies up to a greater risk of insider threat.
Insider threat programs are critical — and they don’t need to be expensive
When it comes to adopting security practices to manage data risk and insider threats, start simple, then iterate. Many security and business leaders think implementing a new program is synonymous with increased costs, resources and overhead, but when it comes to insider threat risk management, you can leverage some existing processes and functions. For example, communication and security awareness training can go a long way to help reiterate key information and practices. Keep in mind that most employees are not malicious insiders, so if you are just getting started, stick to the basics:
To Continue Reading…
Share a few pieces of information and we’ll personalize your experience with us