Any recommendations for educating employees about insider risks? What are some best practices you've found effective / what resonates most?

2.9k views4 Comments

Sort by:

Strategic Banking IT advisor in Banking2 years ago

We have a pretty good training strategy that includes many different topics: insider risks, security, data protection, accountability, etc.

It's always interactive with videos and some questions to answer (kind of an exam).

Some training are mandatory and dashboards are available to managers.

With this, everyone will not only see the training but need to succeed the final exam (5 or 6 questions).

All year long, new material is being produced on multiple subjects.

And it's all managed through Workday.

Finally, every employee could access its Security Dashboard where a gauge indicates his level of awareness. And mandatory trainings also show up on the dashboard.

Chief Information Security Officer in Healthcare and Biotech2 years ago

Couple suggestions -
1. Continious employee training program
2. Incentivise the positing reporting
3. Provide sample use cases, if possible from past incident without disclosing the employee details
4. Create sense that security team is monitoring.

Information and Security Office & Enterprise Data Governance/AI in Finance (non-banking)2 years ago

Just to be clear: Not all Insider Risks materialize into Insider Threats, but all Insider Threats originate from an Insider Risk.
Educate Users as part of the Cybersecurity Training and Awareness program (annual or bi-annual training). Ensure it is aligned with organizational risk appetite.

CISO in Software2 years ago

Based on my experience, one of the best practices companies can perform is to create and (mandate) employee training based on real world scenarios and events that have occurred previously inside the company (with names and people anonymized).

Content you might like

How are you socializing quantum-safe cryptography with your organization's leadership team? What’s your approach to the messaging around that given the complexity?

Have you rethought how you lead a remote/hybrid team at all this year? Any advice or wisdom you can share?

What are your organization’s drivers for implementing RegTech?

Support future growth36%

Automate manual processes59%

Demonstrate compliance49%

Reduce risk exposure43%

Improve customer experience16%

Reduce costs13%

View Results

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

Do you have a person at your company specifically focused on payments (e.g., VP of Payments)?

Yes65%

No35%

Any recommendations for educating employees about insider risks? What are some best practices you've found effective / what resonates most?

Sort by:

Content you might like

How are you socializing quantum-safe cryptography with your organization's leadership team? What’s your approach to the messaging around that given the complexity?

Have you rethought how you lead a remote/hybrid team at all this year? Any advice or wisdom you can share?

What are your organization’s drivers for implementing RegTech?

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

Do you have a person at your company specifically focused on payments (e.g., VP of Payments)?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Current State of Software Developer Experience

Unlocking the Potential: GenAI's Impact on Product Innovation and Growth

Buyer Journey Mapping: 2023

Take Your Insights On-the-Go