The US FDIC has recently come under fire for a series of insider data leakages. Getting hacked by your own employees is the elephant in the room for every organization. We harden our organizations from outside attacks, but insiders need efficient access to data in order to do their jobs.
One of the big changes happening at FDIC is disabling removable storage like USB keys and drives. I’ll be curious to see how this works from both an efficiency and effectiveness standpoint.
In most of my dealings (with smaller companies), the thought of clamping down on removable media is impractical. Anyone who has millennials in their workforce know that restrictive technology policies are anathema to these energetic workers. Check out this excerpt from Fortune magazine.
The companies that top Great Place to Work’s first-ever ranking of the 100 Best Workplaces for Millennials stand out for their ability to engage this generation, recognize their talents and give them a significant role where they can make a difference. At these companies, pay, profit sharing, and promotion decisions are executed fairly; everyone gets a shot at special recognition; and workers have a say in decisions that affect them. These workplaces exhibit strong, open, two-way communication; a high tolerance for risk-taking; high levels of cooperation and support among employees; and reduced roadblocks to innovation, such as internal politics.
The best solutions I’ve found for insider threats are training and strong corporate culture. Make sure your employees know the policies and that your culture promotes the benefits of protecting all that information they are entrusted to access. Protecting your organization from insider leaks with technology is super difficult — and it won’t prevent a determined insider from getting data out.