<div dir="ltr"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><a href="http://www.business2community.com/cybersecurity/yes-concerned-rogue-employees-heres-01854042#CRkOVcQSh0kHrmvl.97">http://www.business2community.com/cybersecurity/yes-concerned-rogue-employees-heres-01854042#CRkOVcQSh0kHrmvl.97</a></div><div dir="ltr"><br></div><div dir="ltr"><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">In IT security, it’s often said that a company’s employees are its weakest link. As technology grows increasingly user-friendly, and the rules of digital “ownership” blur, rogue employees—those who don’t follow the standard IT security rules for one reason or another—are emerging as a significant threat to corporate security.</p><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">At your organization, IT assets are likely well-protected by firewalls, network segmentation, and data security software, including email security, antivirus, antimalware, and data loss prevention (DLP) solutions. But what would happen if employees were intentionally sending valuable data off-site? What impact would this type of rogue behavior have on overall IT security?</p><div id="gmail-hooly_contaier" style="box-sizing:border-box;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"></div><h2 style="box-sizing:border-box;font-family:Merriweather,Georgia,sans-serif;line-height:1.4;color:rgb(0,0,0);margin-top:20px;margin-bottom:15px;font-size:1.6em">The Threat</h2><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">These days, there’s no question that you should be concerned about rogue employees. They pose a real threat to your organization.</p><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">Consider a <a href="https://www.biscom.com/security-is-top-of-mind-in-our-2015-it-survey-results/" class="external" target="_blank" style="box-sizing:border-box;background-color:transparent;text-decoration-line:none;color:rgb(0,51,153)">recent survey</a> that found an astonishing 87 percent of employees admit to taking data they created with them when they leave a company. The data ranges anywhere from Microsoft Office documents to financial information, legal documents, and multimedia. Most often, employees email data to themselves, use a secure file transfer or FTP, or even take photos of documents using a smartphone.</p><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">A salesperson may take his contact list to use at his next job, or a marketer may collect projects in process to add to her portfolio. <a href="http://www.lexology.com/library/detail.aspx?g=ef7d576f-b55e-44c1-b31b-c394add7d428" class="external" target="_blank" style="box-sizing:border-box;background-color:transparent;text-decoration-line:none;color:rgb(0,51,153)">A recent case in the U.K.</a> provides a real-life example: Before leaving her job to join a competitor, an employee forwarded the details of 100 clients and potential clients to her personal email, so she could leverage them in her new position.</p><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">Why do employees behave this way? In most cases, they are stealing information intentionally, either because they feel entitled to it or believe taking it is permissible. Fifty-nine percent of <a href="https://www.biscom.com/security-is-top-of-mind-in-our-2015-it-survey-results/" class="external" target="_blank" style="box-sizing:border-box;background-color:transparent;text-decoration-line:none;color:rgb(0,51,153)">survey respondents</a> said they take data because they feel that it is theirs. Seventy-seven percent admitted that they thought the information would help them find or get ahead in their next job.</p><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">As we discuss in our e-book “<a href="http://info.identityautomation.com/rogue-employees-ebook" class="external" target="_blank" style="box-sizing:border-box;background-color:transparent;text-decoration-line:none;color:rgb(0,51,153)">The 3 Types of Rogue Employees—and How to Stop Them</a>,” other rogue employees are simply being careless with information, and a few are bent on intentionally harming the company. Many feel less loyalty to a company that they are leaving; others are flat-out bitter.</p><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><span style="box-sizing:border-box;font-weight:700">Security Concerns</span></p><blockquote class="gmail-b2c-textpromo" style="box-sizing:border-box;padding:12px;margin:0px 0px 12px;font-size:0.9em;border-left:5px solid rgb(51,122,183);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;line-height:1.4;background:rgb(228,242,255);display:flex;color:rgb(0,0,0)"><small style="box-sizing:border-box;font-size:10.08px;display:block;line-height:1.42857;color:rgb(51,51,51)">Recommended for You</small><p style="box-sizing:border-box;margin:0px"><a target="_blank" href="http://webcasts.business2community.com/events/achieve-more-with-less?utm_source=B2C&utm_medium=Article-Promo&utm_campaign=Webcast06062017" style="box-sizing:border-box;background-color:transparent;text-decoration-line:none;padding-top:5px;color:rgb(0,51,153)"><span style="box-sizing:border-box;font-weight:700">Webcast, June 6th:</span> Achieving More with Less: How Grammarly's Lean Growth Team Delivers Outsized Results</a></p></blockquote><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">The actions of just a few rogue employees could put your organization in serious jeopardy. In fact, a <a href="http://www.ibtimes.co.uk/rogue-employees-biggest-threat-information-security-1448250" class="external" target="_blank" style="box-sizing:border-box;background-color:transparent;text-decoration-line:none;color:rgb(0,51,153)">report by the International Business Times</a> found that 37 percent of IT professionals said rogue employees are the biggest threat to information security—higher than external threats such as cyberattacks and BYOD.</p><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">In our digital age, every company needs to protect its assets, especially as data breaches and hacking attempts grow increasingly frequent and sophisticated. With untold amounts of data streaming out your doors, intellectual property, customer data, and other important information could be out in the open, having circumvented all typical security measures.</p><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">This exposes you to potential data breaches, ransomware attacks, sabotage, and more. In industries, such as healthcare and banking, where data privacy is an absolute must, you may fall out of compliance. And, the potential impact of these risks is far-reaching: lost revenue, tarnished reputation, regulatory fines, and ruined careers.</p><h2 style="box-sizing:border-box;font-family:Merriweather,Georgia,sans-serif;line-height:1.4;color:rgb(0,0,0);margin-top:20px;margin-bottom:15px;font-size:1.6em">What to Do about It</h2><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">While it may be impossible to prevent every incident of employee data theft, you can significantly reduce your company’s vulnerability to it. A well-defined policy, combined with identity and access management (IAM), can help to cut down on data leaks from apathetic or entitled employees, while also combating the malicious ones.</p><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">Modern IAM solutions are vital for protecting a company against rogue employees. Handling identity access on an as-needed basis leaves too many gaps—and that’s how employees are able to steal important data.</p><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">A comprehensive IAM program includes key capabilities that provide full lifecycle management of all users, which improves data security company-wide:</p><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><li style="box-sizing:border-box">Automated deprovisioning: When worker, full-time, part-time or even on contract leave an organization, their access to all systems, resources, and assets is automatically removed. This is particularly important for companies that use cloud-based systems and applications.</li></ul><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><li style="box-sizing:border-box">Automated role- and attribute-based entitlements: Often a user will be granted access to additional networks or systems for a certain job role or project. Without a full IAM program, that entitlement may be in place for as long as a user stays with the company. But modern IAM automates the addition and removal of entitlements based on roles and attributes. So, if an employee’s role shifts, his or her entitlements are automatically updated, closing gaps that otherwise encourage data theft.</li></ul><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><li style="box-sizing:border-box">Delegated administration: Modern IAM solutions delegate the administration of key systems, empowering managers or system owners to grant or revoke access. This eases the burden on IT, putting the power into the hands of the most appropriate people to monitor and manage access to sensitive data.</li><li style="box-sizing:border-box">Audit trail: Tracking who accesses what, where, and when provides important evidence in the event that data is stolen. This capability can also be used proactively; for example, if your organization is anticipating layoffs and you want to keep a close eye on specific systems.</li></ul><p style="box-sizing:border-box;margin:0px 0px 12px;color:rgb(0,0,0);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">Together, these capabilities significantly increase protection of systems, applications, and data. An effective IAM program discourages employees from stealing information—regardless of their motivation.</p><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span style="font-size:10pt"></span></b><span style="font-size:10pt"></span><span style="font-family:arial,helvetica,sans-serif"></span><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>