Information theft, loss, or compromise is one of the biggest risks facing businesses with staff working from home during this global crisis. It’s important to have IT Security measures in place as well as a Telecommuting Policy to govern information use and staff behaviour whilst working from home.
Specialising in security risk management and trusted insider threats, Your Business Security empowers businesses to protect themselves. Services include security risk management, trusted insider threat mitigation, security vulnerability assessment, reviews, audits, policy and procedure development, and security awareness training.
With extensive experience in Government security, Your Business Security also offers assistance with Defence and Government contract readiness.
Our holistic approach to security risk management includes consideration of physical security, IT security, personnel security, information security, and governance.
To start protecting your business today contact us for a free consultation.
Malicious damage (via internal or external perpetrators)
Intellectual Property theft
Criminal activity in the workplace
Sabotage of plant or equipment
The impact of such security incident is not always financial. It may also cause operational impact, reputation damage, or result in costly litigation.
All businesses can reduce their security risks by having a security plan.
Holistic Security is security covering all facets of a business using a pragmatic and balanced approach which is integrated into everyday work practices. This includes measures in consideration of information security, personnel security, IT Security, physical security, business governance and trusted insider threats. As an example, your security risks are not being effectively managed and you are not achieving holistic security if:
You have a high-end security system in place, however your personnel security is poor, you haven’t completed adequate background checks, and you have criminals operating the system;
You install expensive, state of the art security doors, however security culture is poor and staff are regularly leaving them unlocked;
You have fantastic IT security measures in place however your staff do not follow IT security policy and their passwords are written on post-it notes left around the office; or
You have strong security policies in place however staff are not trained in these policies and enforcement is non-existent.
In summary, holistic security covers all aspects of business security ensuring there are no gaps and it is the most effective way to protect a business.
A security plan details security objectives, security risks, and lists security measures which a business has or aims to implement to reduce risk and provide protection from security incidents such as theft, fraud, sabotage, hacking, or other malicious or criminal activity.
Security measures are more than simply guards, fences, gates, and CCTV cameras. A detailed security plan takes a holistic approach to security and details not only physical security measures but also considers, IT Security, personnel security, information security, and business governance.
Many businesses focus on external security threats and forget that internal threats posed by trusted insiders such as employees or contractors may in fact be a far greater threat. A good security plan also includes measures to guard against trusted insider threats.
A strong security culture is imperative to reducing security risks within a business or organisation. A business with a strong security culture will have staff who understand security policy and procedures, understand threats to the business, and will willingly support compliance with security policies and procedures. Suspicious behaviour or behaviour not aligned with the business Code of Conduct will not be tolerated and incidents will be reported and investigated without delay. Senior management will lead with a top down approach and the risk of internal fraud or malicious activity will be low. If an incident does occur, it is more likely to be identified and reported without delay. Conversely, in a business with poor security culture, compliance with security related policies and procedures (if they exist) will be poor, risks of incidents occurring will be higher, and if an incident does occur it will more likely go undetected, or worse still be detected yet unreported.
Employees must all play a role in protecting the business, therefore employee trustworthiness, and training and awareness, are key elements to building a strong security culture. An employee report, or formal whistleblowing hotline is often the way in which a security incident such as theft or internal fraud is identified.
A “trusted insider” is a current or former employee or contractor who has legitimate access to information, technology, assets, premises or intellectual property owned by a business or organisation.
The insider threat is simply the threat posed by the trusted insider. This may include incidents of, unauthorised access; use or disclosure of confidential information; theft; sabotage; fraud; or other malicious activity which results in potential or actual harm to a business.
Trusted insiders can pose a threat intentionally, unintentionally (such as inadvertently releasing valuable confidential information), or under duress (for example blackmail). Business risk assessments should consider all forms of trusted insider activity when assessing risks.
Generally speaking, trusted insiders are motivated by five key factors: Coercion, revenge, ideology, money, and ego.
A trusted insider threat mitigation strategy details specific measures designed to reduce risk and protect a business against trusted insider threats. Given employees and contractors know and understand a business best, they often also understand where the business vulnerabilities lie and have access to information and assets otherwise protected from the general public. Fraudulent activity can often be covered up and unless specific measures are in place to guard against insider threats, malicious activity can be difficult to detect.
Conducting a risk assessment, having a security plan in place, and having a clear and robust trusted insider threat mitigation strategy, will significantly reduce the risk associated with malicious insider activity. See our case studies for examples of malicious activity and controls which may be implemented to protect a business.
Security training and awareness is essential to supporting a strong security culture. Key outcomes of a training and awareness strategy should be to ensure that employees understand security policies and procedures, understand threats to the business, understand what the consequences of non-compliance are, and know how to recognise and report security incidents or suspicious activity. Businesses with a strong security culture and good training and awareness in place, will have employees who want to comply with security practices, and therefore are able to mitigate security risks much more effectively.
We are using cookies to give you the best experience on our website.
You can find out more about which cookies we are using or switch them off in settings.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!