Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Talking insider threats at the CSO40 Security Confab and Awards

Grant Hatchimonji | April 3, 2014
These days, the threat landscape for most companies is massive. But while there is a litany of outside threats that their security teams need to worry about, there is often an even greater danger much closer to home. Insider threats are an issue that no company is safe from, with breaches not just occurring at the hands of a disgruntled or malicious employee, but also unintentionally as a result of ignorance.

The positive encouragement in an attempt to spread security awareness was not just limited to the award, however. Wang also mentioned a number of other methods he adopted to help mitigate insider risks, ranging from the simple to the unorthodox.

Wang admitted that even as the person who was responsible for creating ReSource Pro's security policies, he couldn't remember every last one of them; it simply isn't feasible without reminders. So one of his more basic approaches to increasing awareness involves educating employees of security and privacy policies by having them pin up colorful, engaging lists in their cubicles. Similarly, the company circulates simple comics constructed from internet memes to remind employees of the proper course of action in certain scenarios, like repeatedly entering a password incorrectly.

But some of the approaches were even a little more creative, like a crossword puzzle for which all of the answers referenced security policies. Employees can even be reminded by an audio prompt — humorously similar in nature to a pre-recorded aircraft safety video — how to properly close up shop at the end of a work day without creating any risk of a security breach (leaving computers on or logged in with sensitive data open, leaving physical documents or written passwords out on one's desk, etc.).

By using these kinds of methods, said Wang, "I believe security policies will not be that hard to remember."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.