How a positive hybrid work culture can help you to mitigate insider risk

As Vasu Jakkal recently shared, we are operating in the most sophisticated threat landscape ever seen, and coupled with the next great disruption—hybrid work—security is more challenging than ever. Protecting from external threats is only one part of the challenge, though. You also must protect from the inside out—another facet of “assume breach” in your Zero Trust approach. Insider risks can be malicious or inadvertent, but all impact your most important asset: your data.

As our recent Work Trend Index showed, people are collaborating, chatting, emailing, and sharing in new ways and greater volume than ever before. Between February 2020 and February 2021, the time spent in Microsoft Teams meetings more than doubled (2.5 times) globally, the average Teams user is sending 45 percent more chats per week, the number of emails delivered to commercial and education customers is up by 40.6 billion, and we’ve seen a 66 percent increase in the number of people working on documents.

That same report also found that people are burned out. One in five global survey respondents say their employer doesn’t care about their work-life balance, with 54 percent feeling overworked and 39 percent feeling exhausted. And there are trillions of productivity signals from Microsoft 365 quantifying the precise digital exhaustion workers are feeling.

Not only does this create challenges for productivity and engagement, but it also creates risk for the organization. A recent study out of CyLab, Carnegie Mellon University’s Security and Privacy Institute—conducted with support from Microsoft—found that of the organizations who participated in the research study, 69 percent had more than 5 malicious, high-concern insider incidents in 2020, 44 percent had more than 10 incidents, and 11 percent had more than 100 incidents, such as financial fraud, sabotage, data theft, or workplace violence. The report also drew a direct correlation between the stressors impacting employees and an increase in insider risk incidents. A positive corporate culture, in which employees are engaged, rewarded, and supported, can decrease both malicious and inadvertent insider risks, such as data loss, data theft, insider trading, and others.

“A well-balanced insider risk program can become known as an advocate for employee wellbeing and a means for a more productive, engaged, connected, and committed workforce.”—Carnegie Mellon University

What can you do to mitigate risk in your organization?

  1. Listen to and empower your people: As the Work Trend Index research shows, the pandemic has taken its toll on the workforce in ways never before imagined. Stressful events can lead to individuals feeling overwhelmed or burned out, which may lead to an increase in risk for the organization. To reduce this risk and support the wellbeing of your people, it’s important that you create channels and mechanisms to listen to their concerns, giving you an opportunity to get feedback and helping them prioritize. Most importantly, ensure your people know they are valued by the organization and that they play a critical role in keeping you and your critical data safe and secure.
  2. Embrace collaboration: Insider risk management programs often focus exclusively on implementing tools and technology without incorporating the necessary organizational, risk management, and cultural considerations. Technology plays an important role, but it is just one component of an effective program. Addressing insider risk effectively requires a collaborative approach across business leaders, HR, legal, and security. It also requires education and engagement with all people in the organization.
  3. Take a holistic approach: Identifying insider risks can be complex, and it often feels like trying to find a needle in a haystack. In working with customers, we’ve found that taking a holistic, purpose-built approach that can pull signals together into a cohesive view across your organization gives you a better understanding of the relevant trends in your organization and better risk reduction. In fact, we took this approach ourselves to ensure that it’s easy to get started, yet configurable to meet your wide variety of needs. In addition to the rich set of capabilities we announced at Ignite, we recently added new capabilities, including the user activity report and activity explorer, to our insider risk management solution to expand the analytics and reporting to ensure you have the broadest view of insider risks in your organization.

As you embrace this new hybrid work world, mitigating insider risk is more critical than ever. We’re here to help as you continue this journey.

Learn more

You can learn about insider risk management and stay up to date by following our insider risk blog. You can also listen to our podcast Uncovering Hidden Risks.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.