Did you know that most Security & Compliance teams will focus on protecting against external threats whilst largely ignoring or being unaware of the risk posed by insiders with legitimate access to business data and apps?
Understanding modern internal threats is a challenge that every organisation needs to consider, and a modern risk management framework is needed to respond to such threats.
What is meant by an Insider Risk?
Insider risk is an activity or event carried out by a user(s) within your organisation which would constitute unethical, unauthorised, or even illegal behaviour. Examples of such activities include:
- Data leakage and spillage
- Breach of confidentiality
- Theft of Intellectual Property
- Health record misuse
Some such activities will undoubtedly be malicious, but equally alarming is that many instances can also be unwitting or inadvertent, with users not realising that they are putting business data at risk.
So how do you respond to Insider threats?
Microsoft Purview is the new umbrella term for all compliance solutions within Microsoft 365. Insider Risk Management is one such solution which enables Compliance Administrators to detect, investigate and remediate malicious or inadvertent activity in your organisation. With Insider risk policies, you can define the type of risks that you need to identify and detect and quickly take action to ensure users are complying with your organisation's regulatory obligations.
Insider Risk Management uses the following workflow to identify and resolve internal risks.
Microsoft Purview Insider Risk Management is based on the following principles:
- Privacy by design architecture to balance user privacy vs organisational risk
- Configurable policies based on industry, geographical, and business standards
- Integration with other Microsoft Purview solutions (such as eDiscovery)
- Actionable insights
How do I get started with Insider risk Management?
To learn more about Insider Risk Management and how it can help your organisation, sign up for our free webinar <Insert link>, register for one of our Microsoft Purview Compliance roadshow events <insert link> or contact CPS to arrange a call with one of our Microsoft Certified Consultants.
Peter is an Office Apps and Services MVP with over 25 years’ experience working with Microsoft technologies. He has specialised in the Microsoft 365 platform since 2014, initially focusing on Exchange migrations but in recent years has shifted his area of focus to SharePoint, Teams, and in particular, Security & Compliance.
Peter has worked in both internal IT Management roles and as a consultant or Architect and has delivered Microsoft cloud solutions across the UK and beyond to organisations looking for guidance with their digital transformation journey.