Taking an Empathetic Approach to Security Investigations

Taking an Empathetic Approach to Security Investigations

It’s time for security to rethink how they handle employee investigations. Security investigations are often an attempt to persuade employees to confess to alleged wrongdoing. Instead of investigating employees in the same way as external risks, it’s time for organizations to adopt a more empathetic approach to investigations.

Empathetic investigations start with an inquiry free of prejudice and start the situation with a blank slate. Non-malicious or unintended actions account for the majority of data exfiltration events. For example, it could be that an employee is simply attempting to complete their work, making mistakes, or using shortcuts to move faster than the policy permits. As a result, treating them as though their actions were malicious on purpose is a bad idea that could backfire.

Because security teams have traditionally spent more time chasing external threats, it’s become a natural reflex for them to suspect something malicious is going on when they notice a document moving to, for instance, a personal cloud drive. However, they will benefit from developing a new habit of pausing before reacting too soon and putting their assumptions on hold until they can obtain more evidence – which they may need to obtain from the user. Here are four steps to building user and stakeholder trust. 

Connect to Understand the User 

When an event occurs, such as an employee transferring corporate data to their personal OneDrive account, the first step in reaching out to the individual can be as simple as really listening to their response. The most likely reaction will be surprise because they either forgot or didn’t realize it was risky or wanted to get their task done quickly, and this was the shortest way to accomplish it.

Reduce Employee/User Anxiety

Security teams need to go on to step two immediately; if it was simply an error, assure the employee that they are not in trouble. This is critical because the employee is likely to believe they are, which can lead to them wondering whether they will lose their job and a natural human urge to get defensive and deny the behavior. As a result, it’s critical to convince them that this incident can be reversed and that the security staff is available to help.

Also Read: Employees Are Losing Their Jobs Because of Cyber Blunders

Security teams should by bringing down the anxiety levels of the employee, which in turn can help them be more honest about what they were attempting to do and they will be better positioned to help. Perhaps there’s an existing solution they’re unaware of or access to another company-approved sharing or storage solution that they might seek. 

Data Destruction Attestation 

Security teams must work with the employee to ensure the data is quickly removed from the unsanctioned device or application, depending on what was moved and where it went. Security teams can request that the employee share their screen to help ensure that everything is done correctly. If necessary, the team can then email them a data destruction attestation to sign, stating that they are not aware of the data being outside the trusted network in any form or manner. After that, teams must work with their legal counsel to determine when and how to use an attestation.

Educate the Employees

It’s critical to equip employees with knowledge on how to proceed in the future. Giving advice at the moment of the mistake has a greater impact and is more likely to be recalled than, for instance, an annual training.

Companies can gain employee and stakeholder confidence, respect, and trust with an empathic approach to investigations. It will create and maintain a positive security culture at the company, but most importantly, it will result in fewer and fewer exfiltration warnings for the team.

For more such updates follow us on Google News ITsecuritywire News