When you detect an insider threat, what steps should your IT team take to protect the business? (E.g. an employee downloading confidential data via email or uploading it to their personal cloud storage). Do you report the incident to HR with the evidence? Do you call the police to report the incident?

Solutions providing automated hardening upon suspicious activities could be extremely helpful here.

31 views
2 comments
2 upvotes
Related Tags
Anonymous Author
Solutions providing automated hardening upon suspicious activities could be extremely helpful here.
3 upvotes
Anonymous Author
It's an interesting question. Technically speaking you need to report it both to HR and Legal, but doing so kicks off a fairly complex process with legal requirements for confidentiality etc. It's best to first conclusively determine if the behavior you are observing is related to actual being malicious or person simply doing some stuff to make their lives easier (shadow IT services). Majority of cases I have seen where you think there's a malicious insiders at deeper look turned out to be people frustrated with internal restrictions/lack of proper tools/software to make their jobs easier. Once you dug as deep as you can internally in IT and confidence is medium or higher that what you are observing is malicious then yes go ahead and file it with both HR and legal teams and provide all relevant context of your investigation. If you trigger this step earlier they will come back and ask you to do a deep investigation first anyways, so you are simply saving this step automatically and doing it up-front.
3 upvotes