Why do you need a multinational MRI program
Insider Risk or Threat Management (IRM) The programs are quickly becoming essential for global organizations and businesses. The risk of losing customer information, trade secrets and other sensitive data to negligent and malicious actors poses a real threat. The rise in the super malicious insider, recruitment campaigns by international hacker groupsand the loss of visibility into “at risk” employees targeted by ransomware and phishing attacks makes understanding and stopping insider attacks critical.
While the threat of malicious insiders extends across borders, there remains a tendency to view these programs as domestic. After all, if you are based in the United States, you must comply with US laws. Few companies are more isolated. As organizations expand their operations into new countries, they cannot assume that their national IRM program can simply be applied “as is” in new jurisdictions.
IRM programs must consider the legal requirements of each jurisdiction where the company operates. It can seem intimidating. The increasing application of the EU’s General Data Protection Regulation (GDPR) and the rapid introduction of “GDPR-like” data privacy laws in many different countries can make it difficult to navigate data privacy requirements. an IRM, even for organizations with staff skilled in compliance, risk, privacy, and SOC teams.
For example, the company’s ability to review and process personal employee emails sent on work devices varies by country. In the US and UK, employers have the right to monitor private emails to determine if the content is business related. If the emails are clearly personal, the content should not be discussed unless there is suspicion – and evidence – of misconduct. In the EU, due to the GDPR, it is illegal in most cases to process the content of private emails. An employer may be permitted to open an email to establish whether it is business or personal, but processing must be halted if the email is found to be personal.
Multinational IRM policies must also consider captured data about a user’s activities. An important part of insider risk management is visibility into user activity. This of course includes the applications they use, the data they access and the actions taken with that data. A typical MRI surveillance-oriented system can capture much more, including screen images and keystrokes. How and what the system captures has a significant impact on employee privacy and the steps needed to protect employee privacy vary from country to country.
To avoid breaching stricter employee privacy regulations, your multinational policies and solutions should avoid intrusive monitoring tools. It is possible to protect sensitive data from insider risks while protecting user privacy, just requires a different approach.
There is much more to understand about how to build a multinational MRI program. Contact our team today to schedule a meeting to discuss guidance for your multinational organization on insider risk management and employee privacy.
*** This is a syndicated blog from the Security Bloggers Network of DTEX Systems Inc. written by Jonathan Daly. Read the original post at: https://www.dtexsystems.com/blog/why-you-need-a-multi-national-irm-program/