How do you make sure your company isn’t one of them?
If you haven’t read the first blog in this series, be sure to check it out
How can unethical behavior affect your businesses?
When a company’s strategy includes unethical activities, end users often take the biggest hit. It risks a software user’s private data, identity, and assets associated with that identity. And once word gets out to the media, it results in irreversible damage to the company’s reputation. Two recent examples come to mind:
However, when a single software developer or group of developers create morally questionable code, the consequences for the company can be even more devastating. While still damaging to the company’s reputation, there are other risks, too: from leaking data to competitors to disrupting internal processes, potentially bringing the entire business to a halt.
Whenever we at Luxoft’s information security practice carry out a risk analysis or security audit, we always determine whether insider threats exist and identify potential consequences. We create effective countermeasures after assessing motivations (e.g. if they don’t feel respected by team members or feel they are underpaid) and goals of potentially rogue employees. This way, we can pinpoint which individuals are most likely to plan an information leak (e.g. of intellectual property or company secrets), damage the business’s credibility in the eyes of users and investors, or completely disrupt the business’s operations and sabotage business opportunities (e.g. disclosing financial information before an acquisition).
How do companies fight insider threats and lower their impact?
Insider threats have some of the most severe consequences among security incidents, since employees are familiar with where they work and may know what can cause the most damage. At the same time, this type of threat is the most downplayed by companies of all sizes, from small mom-and-pop shops to major global entities. So it’s high time to start looking out for potential threats before they even happen.
And to do that, you need a complete end-to-end security environment.
First, you need to run a security assessment to identify areas that are at risk. Only then can companies start implementing high-level policies and communicating those policies to all their departments.
In addition to
• Dual control: A task considered to be highly sensitive requires at least two people to carry it out, decreasing the chance of fraud
• Segregation of duties scheme: Different tasks considered to be highly sensitive cannot be carried out by the same person, distributing power among coworkers. For example, a software developer who creates the code cannot also approve and deploy code changes in production.
Lastly, don’t forget about your employees and co-workers!
Making your security framework successful is still a difficult task, as every company faces different challenges. But with the help from a valuable partner that knows your specific business needs, you can rest assured you’re getting assistance from top security experts that live and breathe technology.
Q: How can you protect your business? A: You can’t do it alone.
As businesses continue to digitalize, insider threats ensnare them more and more. Minimizing these threats is becoming a top priority for organizations across all sectors.
We at Luxoft can help your business overcome these threats before they even happen.
We equip the appropriate armor your business needs to protect from both inside and outside forces. We secure software development and beyond, while adhering to best practices around security assessments, process and policy design, strategy and management. With deep knowledge across industries, we deliver what’s necessary for every business to survive, both now and in the future.
For more information, contact us by clicking
InfoSec Director, Luxoft Digital