One of the most complex problems and cause of economic losses for companies are internal security incidents, which involve personnel, own or outsourced, and are related to data, documentation and information systems themselves. The measures that can be established when such incidents occur are very diverse; however, most of them are usually merely reactive, once the incident has already occurred and the damage is done.
From Kymatio, a preventive position against the problems related to the internal incident of insider origin is promoted, considering a key factor that is often not being well evaluated: the psychology of the employee.
We are different
People, in our daily becoming, generate small signals about how we are, and how we interpret and inhabit the world. Some of us are more active, we move more, talk more and interact with more people, while others can be and behave the opposite way. It is easy to imagine two people reacting differently to the same stimulus, such as how to receive the same news. All this is very relevant within the patterns of interaction between individuals and, therefore, is also essential in the work environment.
The worker inside the company
Within a company we find people of very different types: the ones who communicate a lot and with many, those who are more reserved, those who need to take a walk every little time, those who are more attentive, those who are more individualistic, etc. We find all kinds of actions and attitudes that allow us to imagine the richness of the different human interactions reflecting the complexity of our ecosystems and pointing out the importance of the psychology of these workers, marking clusters of strengths and weaknesses within that environment.
If every person is different, it can be inferred that their problem will be too. That is, each person differs from the others in their interests and abilities, which is reflected in the functions they perform, and which is expressed in the way we afront different situations. It is important to know these differences, since they will help us to know in which state we are likely to find ourselves and how to work to identify the needs and levers of support that we must activate. In this way their positive aspects can be enhanced, and they can be supported in those points where their capabilities can be further improved.
Focus on: information protection
Thomas R. Peltier, expert and reference in the field of information security, indicates in his article “Social engineering: Concepts and solutions” for the Information Security Journal, that around 70% of incidents related to information leakage have origin in employees themselves. However, far from occurring intentionally, he argues that most of these incidents are due to errors made by the Insider Risk Group Negligence (IRG Negligence).
Knowing the psychology of the employees, their situation in their job, state of normative awareness or the degree of cybersecurity awareness among others, allows to determine the main IRGs to which they may belong and to take preventive actions conducting to the reduction of the risk related to these typologies.
This knowledge allows us to identify which workers are more prone to be overwhelmed, who are more carefree, who are more confident… knowing all this within the professional field contributed not only to reducing the likelihood of an insider incident, but also to improve employees’ capabilities, working with them in an individual and personalized way. For example, it allows us to track workers who may be more prone to the involuntary delivery of information, such as those belonging to the IRG Elicitation and who can be perfectly aware and strengthened in that direction, working one of the problems that are being more harmful to the companies.
However, this does not mean that we should disregard other environmental factors that may affect the employee, often in a negative way. They are the so-called stressors, which can have a high impact on a person’s behavior, which not only affects their wellbeing, but also that of the people around them and, ultimately, the company. Examples of these stressors could be family problems, problems with coworkers or financial problems; and can result, among other consequences, in an insider incident, whether it is intentional or not, and putting the employee and the company at risk.
Knowing the IGR typologies to which we belong is essential to determine the necessary recommendations for the mitigation of its associated risk.
If we have certain information about the psychology of a person, we can deduce that, facing the adequate stressors, they can lead to a situation of a greater risk. Therefore, it is essential to have the tools that help us obtain this knowledge.
This is why it is very important to know the company’s workers well, as well as their status, so not only possible areas of improvement can be detected, but also other factors that may be generating discomfort that, continued over time, could lead to serious consequences for both the employee and the company. An early detection of any of these aspects is essential to be able to propose solutions that strengthen the worker in their areas of improvement and offer the support they may need at a given time.
From Kymatio, multiple parameters such as the psychology of each employee are considered to identify the key areas that each worker could improve in order to reduce risk levels. Once the degree of risk and the aspects to be improved have been specified, recommendations and training itineraries are offered as “knowledge pills” that help not only the employee but also the company, so they make a joint effort in the strengthening of those areas susceptible to improvement that are identified. In short, Kymatio offers a preventive, efficient and early solution to the problem of insider risk in companies.
Conclusion
Within the labor ecosystem, the skill of a worker and their performance should not be the only aspects that should be considered from the company’s point of view. It is important to know how they are and how they feel within it, so all their innate qualities can be enhanced, strengthen the areas in which there is room for improvement and take care of them, so they are in an optimal state. This way the employee will benefit both personally and professionally and, therefore, the company itself.
Find out more about insider risk prevention and activation of human firewalls on Kymatio.com
Article initially published by Andrea Zamorano on Kymatio’s blog