Latest News

5 Best Practices to Prevent Insider Threats in 2019

Published

6 years ago

April 8, 2019

5 Best Practices to Prevent Insider Threats in 2019 Reading Time: 4 minutes

Data breaches caused by insiders cost enterprises millions of dollars. According to the Ponemon Institute, every year, companies lose up to $8.7 million due to insider threats. To ensure an appropriate level of enterprise data protection, security officers continuously look for ways to improve their current insider threat management solution. With the following insider threat management best practices, you’ll be able to protect your sensitive business information and keep malicious insiders at bay.

1. Consider access controls

It’s essential to keep your critical assets inaccessible for malicious insiders. First and foremost, deploy multi-factor authentication (MFA) for the most valuable systems, applications, and services. Your goal is to make sure that any malicious insider won’t be able to borrow a password from their colleagues and get a hold of the data they aren’t supposed to have access to. Therefore, you need to look for an insider threat management solution with a built-in MFA functionality.

By implementing MFA, you can make sure that the person attempting to enter the protected perimeter are who they claim to be. At the same time, the use of MFA makes it way harder for malicious insiders to access your company’s sensitive information.

It’s also important to have a good password management policy in place. The most basic recommendations include forbidding the use of default and simple passwords and changing passwords upon certain events (say, employee resignation) or after some periods of time (say, every month or every quarter).

2. Limit access whenever possible

Once you managed to make sure that only the right people can get access to your network and critical assets within it, it’s time to think about the access permissions each of your company’s employees has. It’s best to take some technical measures to mitigate insider threats and deploy the so-called least privilege principle when employees only have the exact access level they need to do their job.

But today, more and more companies go even further and deploy a zero trust security model. In a zero trust network, there’s no general protected perimeter that distinguishes trusted insiders from untrusted outsiders. Instead, each critical asset or system is fully protected from both insiders and outsiders, thus mitigating internal and external threats to cyber security.

Such an approach works best for the companies that cooperate actively with third-party vendors and subcontractors. It’s also a great solution for the enterprises with a bring your own device (BYOD) policy in place, allowing their employees to use personal devices for work purposes.

3. Monitor employee activity

User activity monitoring is the basis of many insider threat protection techniques. You need to be able to see what’s going on within your network, in real-time at best. When choosing among the solutions to protect against insider threats in cybersecurity, pick the one that allows to see a particular user session and terminate it if necessary.

Many companies also look towards User and entity behavior analytics (UEBA) as the key to effective threat monitoring and protection against insider threats. Advances in machine learning technologies allow building user profiles that include normal baseline behavior patterns for particular users or roles. Registering activities that deviate from these patterns may help detect malicious insiders and mitigate possible threats at an early stage.

4. Analyze logs and respond to security incidents

Continuous user activity monitoring is meant to give you full visibility across the enterprise network and provide you with detailed data for further analysis. Depending on the user monitoring solution, user activity logs may contain different types of information:

Names of files and applications opened by the user:

URLs to the visited websites;
Logged keystrokes;
Recorded sessions, and more.

The proactive incident response also plays a significant part in building an effective insider threat cyber security program. There’s no point in detecting a malicious action if you’re unable to respond to it properly and, therefore, prevent a data breach from happening.

Look for an insider threat prevention solution that allows you both receiving real-time notifications about the detected security incidents and automating responses to the most common types of incidents. For instance, if the system registers, say, three unsuccessful login attempts, the account a user tried to access will be blocked.

Finally, if you want to be able to analyze all of the logged information on a deeper level, make sure that your insider threat prevention solution supports forensic data export.

5. Pay special attention to third-parties

Remote access control and protection is an essential part of the modern insider threat management program. Today, more and more organizations hire remote employees and grant access to critical corporate resources to third-party vendors and contractors. But, as reported in a 2018 study by the Ponemon Institute, third-party vendors were the cause of nearly 60 percent data breaches.

If granting third-party vendors access to business-critical data, systems, and application is a common practice for your organization, make sure you have an appropriate third-party management solution in place. Leverage all of the above-mentioned tools and practices to protect your corporate data from unauthorized access and use.

If your third-party subcontractors are using a shared account for accessing your corporate network or business applications, it’s preferable to add secondary authorization as an additional protection layer. This way, you’ll be able to clearly associate each session initiated under the shared account with a particular user.

And, finally, make sure that your third-parties are well aware of your organization’s cybersecurity policy and know what cybersecurity rules they must follow.

Conclusion

Insider threats have one of the biggest impacts on enterprise cybersecurity. In order to mitigate the risks related to insider threats, organizations should deploy complex solutions that include monitoring and audit of user activity, granular access and privilege management, and effective incident response.

This article is a contribution from Marcell Gogan. Marcell is a specialist within digital security solutions, business design and development, virtualization and cloud computing, R&D projects, establishment and management of software research direction – working with Ekran System. He also loves writing about data management and cybersecurity.

Source: Latest News on European Gaming Media Network
This is a Syndicated News piece. Photo credits or photo sources can be found on the source article: 5 Best Practices to Prevent Insider Threats in 2019

Related Topics:gambling industry in Europe

George Miller

George Miller (Gyorgy Molnar) started his career in content marketing and has started working as an Editor/Content Manager for our company in 2016. George has acquired many experiences when it comes to interviews and newsworthy content becoming Head of Content in 2017. He is responsible for the news being shared on multiple websites that are part of the European Gaming Media Network.

Prague Gaming & TECH Summit 2025 (25-26 March)

Click to comment

You must be logged in to post a comment Login

You must be logged in to post a comment.

Latest News

1 Reddit Post = 1,120 FTDs — No Site, No Backlinks!

Published

2 hours ago

September 10, 2025

George Miller

Reading Time: < 1 minute

Who says SEO has to be slow, boring, and backlink-hungry?

One of our partners cracked the code:
“Can Reddit posts rank like SEO pages?”

Answer: Hell yeah! Here’s the breakdown

The Playbook:

No website
No backlinks
Just Reddit + killer keywords

They warmed up a few Reddit accounts and dropped smart, review-style posts in top subs:
→ r/onlinegambling
→ r/CasinoBonuses
→ r/GamblingCanada

Posts like:

“Top Aussie pokies that actually pay”
“Best no-KYC casinos for Canadians 2025”

No spam. No hard sell. Just real talk + clean links to SlotsGem & HellSpin.

The Twist:

Google loved it. Reddit’s authority (DA 90+) shot those posts to the top 5 for juicy queries:
best crypto casino Australia
new no verification casino Canada
fast payout slots AU

No backlinks. No long hang. Just rankings.

The Payoff (in 2.5 months):

21,000+ organic visits
3,400+ offer click
1,120 FTDs
Avg CPA: $100
$100K+ partner revenue
Top GEOs: AU, CA

Big Takeaway:

You don’t need a site to crush SEO.
One smart Reddit post can outplay months of content.

Want in?
HellPartners is ready. Let’s make it loud and hot as hell! Try now

The post 1 Reddit Post = 1,120 FTDs — No Site, No Backlinks! appeared first on European Gaming Industry News.

Latest News

DeepDive launches AI platform to strengthen Enhanced Due Diligence for gaming operators’ anti-money laundering efforts

Published

5 hours ago

September 10, 2025

George Miller

Reading Time: 2 minutes

DeepDive today announced the launch of a revolutionary AI platform for Anti-Money Laundering (AML) compliance teams that conduct Enhanced Due Diligence (EDD) and player investigations.

AML teams at gaming operators face an impossible trade-off, they can either conduct thorough investigations that take days, or fast investigations that may miss critical intelligence. On top of that they have to be able to assess source of funds on customers all over the world. DeepDive combines multi-language web search and global regulatory compliance data checks to extend the reach of EDD. Compliance teams can now sift through the digital ocean of open-source data including public records, corporate filings, court documents, news archives, social media profiles and PEP, sanctions and watchlist data to build customer intelligence.

Using a unique combination of search tools, natural language processing, entity resolution and generative AI, DeepDive enables EDD research to go further and deeper, accessing more sources, in any language or alphabet. Instead of analysts spending hours clicking through search results and manually cross-referencing information, DeepDive’s AI processes hundreds of sources simultaneously and presents EDD reports viewable by timeline, alert type or risk category. Analysts can then interrogate the body of knowledge with the built-in chatbot to get to the heart of the matter, helping them make more informed risk decisions.

The team behind DeepDive is staffed by industry veterans that have previously launched, scaled and exited several fraud investigation and KYC platforms.

“DeepDive addresses the pain points facing compliance teams such as time-intensive manual research, incomplete data, language barriers, false positives, and the challenge of processing vast amounts of information at scale,” said David Pope, COO at DeepDive.

“We’ve now completed a successful six-month beta with MLROs and outsourced EDD providers. DeepDive has helped them build deeper intelligence on high-risk customers from all over the world, in a fraction of the time. Not only are we uncovering intelligence that the manual EDD approach misses, but with the time saved, gaming operators can extend EDD across a wider set of customer transactions.”

DeepDive strengthens EDD by creating multiple search permutations across publicly available data and targeted compliance databases in relevant languages and local search engines. After creating the most exhaustive possible dataset for analysis, entity resolution refines the data pool to remove false positives. Multiple generative AI tools are then used to build a structured intelligence report with full citations to original sources and an audit trail.

The DeepDive report covers personal background, legal issues, financial integrity, compliance history, and key relationships, revealing financial insight, known associates, locations, company linkages, political connections, and criminal activity—all structured for immediate analysis.

The post DeepDive launches AI platform to strengthen Enhanced Due Diligence for gaming operators’ anti-money laundering efforts appeared first on European Gaming Industry News.

Latest News

iRace Media extends partnership with The Hong Kong Jockey Club in Asia

Published

6 hours ago

September 10, 2025

George Miller

Reading Time: < 1 minute

iRace Media has announced the renewal of its long-standing partnership with The Hong Kong Jockey Club (HKJC) ahead of the new season commencing on 7 September.

The partnership will ensure racing fans can continue to experience uninterrupted access to high-quality Hong Kong racing content across Singapore, Malaysia and the wider Asia region. iRace readers and customers will have access to expert guides, results, tips and trusted analysis from one of the world’s premier racing jurisdictions.

Scott Bailey, Commercial Manager, iRace Media says:

“Hong Kong is a benchmark for racing globally; it’s fast, competitive and deeply followed throughout Asia. iRace has collaborated with the Hong Kong Jockey Club for many years now to deliver a trusted experience for racing enthusiasts, and we are thrilled to build on the accuracy, depth and speed that fans have come to expect.”

iRace Media’s extended partnership with the HKJC will explore new ways to enhance the racing experience through its digital platforms, offering real-time insights and driving fan engagement across the Asia region.

Get set for the new season by visiting the iRace website and register for free to access trusted editorial and data-driven racing coverage.

The post iRace Media extends partnership with The Hong Kong Jockey Club in Asia appeared first on European Gaming Industry News.