As enterprise organizations increasingly adopt hybrid work policies, employers are faced with a new set of security challenges to overcome. Namely, insider risks – those caused by employees, whether intentional or accidental – can become exponentially more complex to manage in a hybrid work environment.
Gartner®, in a recent report1 on how mid-size enterprises can mitigate insider risk, said, “One of the biggest threats to any business is the one that walks through the front door every day.”
For hybrid organizations, or any enterprise business that allows a degree of flexibility for their employees, it’s important to understand that the office “door” is no longer physical in nature. Organizations must be prepared to address the potential security risks presented by today’s work-from-anywhere workforce.
In a world where everywhere is an office, insider risks can occur in homes, coffee shops, co-working spaces, conference centers and even airplanes. That means it’s more important than ever to have a secure process in place for knowing whether an employee is working from a company’s physical office or a virtual one, at any given time.
In this guide, we’ll explore the concept of insider risk, how employers should be thinking differently about mitigating these risks in a hybrid environment, and how software tools like Sign In Enterprise’s Companion App can help improve insider risk mitigation strategies.
Understanding insider risk
Insider risk is a multifaceted threat that originates from within an organization. It encompasses the potential harm posed by employees, contractors, and integrated third-party partners who have authorized access to an organization's systems, data, and facilities.
According to the Gartner report, insider threat activities are typically categorized into one of these three activities deemed to be a policy violation or illegal by law:
- Fraud: Such as phishing or financial theft
- Intellectual property theft: Such as customer lists or confidential data
- System sabotage: Such as malware, ransomware, account lockouts or data deletion
These activities can have severe consequences for an organization's security and reputation.
Not all insider risks are created intentionally
Gartner further says, “When MSE technology leaders think of threats to their business, more often than not they consider them to be malicious in nature. This thinking can often be misleading as insiders are 2.5 times more likely to make an error or have a lapse in judgment than to maliciously misuse their access,1 and when security incidents occur as a result, they take an average of 85 days to contain.”
Insider risks created on accident can often go undetected for days or even weeks. This means it’s essential for employers to have immediate access to accurate historical data on employee sign-ins and locations. The Companion App, with its cloud-based employee sign-in tool, stores data securely, maintaining a comprehensive record that can be conveniently accessed at any time.
Thinking differently about insider risk in today’s hybrid world
Resolving security and safety incidents caused by employees demands knowing where employees are working at all times. When an incident occurs, employers need immediate access to this data as part of a comprehensive insider risk mitigation protocol.
Clunky processes that involve checking manual log books and contacting the security office to review CCTV footage – all just to get an idea of who was in the office at the time – will no longer cut it. Not only is that method inefficient, but it doesn’t account for an entire subset of your workforce – those who are working remotely.
Knowing when and where all employees signed in to work on the day of an incident is a crucial first step in identifying and resolving an insider risk. The Companion App allows you to easily monitor and record who is working where.
In addition to allowing employees to sign in remotely, administrators can easily configure the office location so employees are automatically signed in when they physically arrive at the office. And, in the case of a major security or safety threat, employers can use the app to trigger an evacuation.
Identifying suspicious employee activity
A cloud-based employee sign-in tool is of course just one component of a mature insider threat management program. However, the knowledge of your employees’ sign-in patterns may be more powerful in mitigating insider threats than you would expect.
According to Gartner, “Not all indicators of insider threats are technology-based.”
Has an employee started coming into the office at odd times, either coming in early or staying late when no one else is around? For remote workers, have they been seen online without being signed in to work?
Using Companion App to monitor such activity, in conjunction with other access management and behavior analytics tools, can make a world of difference in your organization’s insider risk mitigation strategy.
Strengthen your insider risk defense with Companion App
In today's complex and evolving work landscape, insider risk remains a substantial concern for enterprise organizations.
By adopting modern, efficient practices for signing in to work, you can eliminate unnecessary risks, enhance your organization's security, and streamline incident response in today’s dynamic hybrid world.
Companion App is the fastest way to know who’s working on-site and who’s remote so you can optimize organizational efficiency while protecting your employees, customers, workplace, data and reputation.
Meet your employees where they are—on their mobile devices—and usher in a new, safer way of working with Sign In Enterprise's Companion App.
- Gartner, Strategies for Midsize Enterprises to Mitigate Insider Risk, 2023, Paul Furtado, 19 April 2023.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.