Throughout an employee's time at your company, their access to data may pose more or less risk. For example, a new employee may unknowingly break company policy by using a thumb drive, or an employee who put in their notice may plan to take company data with them when they leave.
To be sure your data remains secure, use the Code42 risk detection lists to monitor the file activity of employees with higher risk profiles or employees who are departing.
For detailed steps about how to add employees to risk detection lists, see the following articles:
Add current employees to the High Risk Employees list
While having access to your high-impact data may be critical for an employee to do their job, this access can leave you vulnerable for potential data loss. Use the High Risk Employees list to monitor the file activity of employees that may have a higher risk profile, and keep your data secure.
Use the High Risk Employees list to monitor employees with the following risk factors:
- High impact employee: Employees who have a special role or broad access to high-value data
- Elevated access privileges: Employees who have elevated privilege or access to sensitive systems
- Performance concerns: Employees who are dissatisfied or on an improvement plan
- Flight risk: Employees who are active job seekers or potentially leaving the company
- Suspicious system activity: Employees who tried to access sensitive systems or raised alerts in other security monitoring systems
- Poor security practices: Employees who violated internal data or physical security policies
- Contract employee: Employees who have a contract or temporary status
Add employees who are leaving to the Departing Employees list
When employees have given notice that they intend to leave, they pose a risk to your data. To help mitigate this risk, add these employees to the Departing Employees list. Not all employees take data with them when they leave, but organizations are often surprised by how many do.
Adding an employee to the Departing Employees list provides you with insight into their file activity, to be sure that they are not syncing files to unsanctioned cloud services or moving files to removable media, for example. Employees added to the Departing Employees list are automatically added to alerts, to notify you when data might be leaving your organization.
More tools to identify insider risks
In addition to the risk detection lists, the following tools and resources help aid your insider risk detection program:
- Use the User profile to check an employee's file activity ad-hoc, to verify that you don't have data leaving your organization. Based on what you see on the User profile, you may determine the employee should be added to a risk detection list.
- Risk indicators call attention to potentially risky file activity from an employee, such as a file extension mismatch or file activity that occurs when the employee is typically not active. Risk indicators are available from the User profile.
- Look at all the file activity across your organization on the Risk Exposure dashboard.
- Add trusted domains and IP addresses to help you focus on higher risk activity.
- Create alerts to notify you when specific file activity behaviors exceed your thresholds.
- Add data sources to get alerts about file activity in your designated cloud services, such as Google Drive, Microsoft OneDrive, or Box, and email services such as Gmail or Microsoft Office 365.
For more information about how you can use Code42 to detect, investigate, and respond to insider risks, see Detect and respond to insider risks.