Membership life in NITO
Scene from a lecture with Kim Svarem from NSM
Medlemslivet i NITO Sikkerhet og beredskap

A happy employee is a lower security risk

That was the main message during the breakfast meeting on security and insider risk: "You are the insider!" arranged by AFRY and NITO.

Translated by AI

Because even though our values are digital information, and many attack surfaces take place digitally, people of flesh and blood still pose an insider risk. Humanity and good relationships can reduce this risk, simply because it is more difficult to influence someone who has a good relationship with their employer and colleagues.

Kim Svarem, enhetsleder i NSM

In other words, from Kim Svarem (pictured), head of unit at NSM:

"If you are dissatisfied at work because the employer does not see you, does not exploit your potential, or does not take care of you, then there is guaranteed to be someone who will listen to you.

"An insider is understood to be a current or former employee, consultant or contractor who has or has had legitimate access to the company's systems, procedures, objects and information, and who misuses this knowledge and access to perform actions that cause damage or loss to the company."

From NSM's thematic report on insider risk.

It could be me, it could be you. Consciously and unconsciously.

Conscious insiders:

  • Self-motivated
  • The infiltrator
  • Recruited

Unconscious insiders:

  • Without intention
  • Seduced

Keep insiders on the outside

Fortunately, there are concrete measures to prevent insider incidents.

Finn Børre Hilen, sikkerhetsrådgiver i AFRY

Here is how Finn Børre Holen (pictured), security advisor at AFRY, keeps insiders on the outside:

  1. Rekruttering

    Skriv i stillingsannonse «vil bli sikkerhetsvurdert, tilknytningsvurdering vil gjennomføres».

  2. Under rekruttering

    Identifikasjon, bakgrunnssjekk, tilknytningsvurdering.

  3. En del av onboarding

    Taushetserklæring, tilgangsstyring, opplæring.

  4. Daglig sikkerhetsledelse

    Sårbarhetsbarometer, e-læring, «god ledelse», arbeidsmiljø. Klassifisering av informasjon, tilgangsstyring.

  5. Ved avslutning av arbeidsforhold

    Rutiner for ryddig avslutning, sletting av tilganger.

"A non-disclosure agreement is more than just signing a piece of paper, you have to make sure that the employee understands what this entails, and what risk sharing information can pose," Holen explains.

«Insider threats cannot be prevented and detected with technology alone.» - The Cert guide to Insider Threats.

Share Facebook LinkedIn Instagram