One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8578407 |
| Date de publication | 2024-09-17 06:00:13 (vue: 2024-09-17 14:17:40) |
| Titre | Une nouvelle location de 90 jours de l'embauche: qu'est-ce qui pourrait mal tourner? A New Hire\\'s First 90 Days: What Could Possibly Go Wrong? |
| Texte | When we think of risky users, new hires don\'t typically first come to mind. While it\'s great to have new teammates to help us drive company initiatives forward and handle workloads, these new people also come with a high amount of initial risk. It is for good reason that many companies make the first 90 days a probationary period for new employees-it helps them confirm that they did not make a mistake. In honor of Insider Threat Awareness Month-and looking through an insider threat lens-let\'s examine why new employees can be so risky for employers. Keeping an eye out for red flags One of the most important questions to consider when evaluating new hires comes down to insider risk. Namely, is this person here to steal our data or cause harm to our organization? While you don\'t want to assume the worst, healthy skepticism is good. There have been numerous incidents of malicious insiders who worked their way through the hiring process with just that intention. Sometimes, people make it their business to take entry-level or mid-tier jobs at companies for the express purpose of stealing sensitive data. It\'s not especially difficult to do this, either. Anyone looking for this type of work can easily find tips on how to make their way through the job interview process even though they don\'t have all or most of the prerequisite skills. While this advice can give honest jobseekers an edge, it also creates real risk for companies who need to protect themselves from bad actors. Malicious insiders who lack the appropriate skills for a job will often try to make rapid progress toward their goals, aiming to be in and out before their inability to perform becomes evident. The risk of delayed training Now, let\'s talk about why enhanced visibility and monitoring is so important for surfacing risky insider behavior during a new hire\'s first 90 days. Traditionally, when someone joins a company, they go through an onboarding period where they receive a certain level of compliance training, appropriate use training and technical system training before they officially dive into their job duties. But in today\'s heavily understaffed work environments, new hires may be put to work immediately. They get training over the course of two to four weeks while they are already on the job with access to potentially sensitive data. So, it\'s no surprise that accidental data loss and system sabotage are two of the most common insider risks that many companies see during this period. The first 90 days should be period during which your team uses enhanced visibility and monitoring to ensure a new hire doesn\'t behave in any risk or malicious ways. This helps you mitigate insider threat risk. Risks arising from old behavior patterns Another source of risk with new hires relates to meeting different expectations about how to handle data. A new employee may not have had the same privacy and compliance requirements at a previous organization that they must now adhere to at their new employer. New hires straight out of college are a perfect example. In higher education institutions, collaboration, information sharing and collective learning are emphasized and valued. These practices are great in a space where growing and sharing knowledge is a fundamental imperative. However, in a heavily regulated industry like financial services, we see the opposite mentality. Thus, the behavioral patterns that new hires carry into a new role may be counterintuitive to the nature of a corporate business. We have also seen major data exfiltration events involving individuals who came from a similar role in the same vertical, but from a company with far less stringent or controlled policies and procedures than their new employer. For example, one organization may invest heavily in a third-party cloud-sharing product while another might favor a centralized system that uses Microsoft technologies for data sharing. In summary, it |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | about access accidental actors adhere advice after aiming all already also amount another any anyone appropriate are arising assume awareness back bad becomes been before behave behavior behavioral board business but came can carry case cause centralized certain cloud collaboration collective college come comes common companies company compliance confirm consider control controlled corporate could counterintuitive course creates current data days days: delayed did different difficult dive doesn don down drive during duties easily easy edge education effective either emphasized employee employees employer employers enhance enhanced ensure entry environments especially evaluating even events ever everyone evident examine example exfiltration expectations express eye fall far favor financial find finds first flags forward four from fundamental get give goals good great growing had handle happily harm have healthy heavily help helps here high higher hire hires hiring honest honor hope how however immediately imperative important inability incidents individuals industry information initial initiatives insider insiders institutions intention interview invest invite involving job jobs jobseekers join joins just keeping knowledge lack learn learning lens less let level like looking loss love major make malicious manage management managing manipulation many may meeting mentality microsoft mid might mind mistake mitigate monitoring month more most move must namely national nature need new not now numerous officially often old onboarding one opposite organization out over pack party patterns patterns people perfect perform period person planned policies possibly potentially practices prepared prerequisite previous privacy probationary procedures process product professionals program progress proofpoint protect purpose put questions rapid real reason receive red regulated relates requirements risk risk risks risky role sabotage same security see seen sensitive series services sharing should similar skepticism skills someone sometimes source space speed starter steal stealing story straight stringent summary surfacing surprise system take talk team teammates technical technologies than them themselves these things think third though threat through thus tier tips today too topic toward traditionally training training try two type typically understaffed use users uses valued vertical visibility want way ways webinar weeks what when where which who why will work worked workers workloads worst wrong your |
| Tags | Threat Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.