Skip Navigation

Remote Workforce Insider Risk Program Development

ITMG Provides Strategic Assistance in Developing an Actionable Program to Manage Emerging Risks from Your Remote Workforce

With the COVID-19 outbreak quickly spreading to all parts of the country, many American businesses have implemented remote work possibilities for their staff for the first time. The shift from staff working at a physical location to working remotely is a long-term trend that will continue even after the threat of the coronavirus has been contained. Therefore, it’s more important now than ever before to develop strategies to manage and deal with insider risk in your organization. Despite the clear benefits of evolving to a remote work structure, there are also serious challenges that your insider risk management program needs to adapt to in order to protect your critical data.

How Can You Successfully Manage Risk from Remote Employees?

Managing insider risk in the context of a physical corporate environment is difficult in itself, but the shift to a remote workforce and a “perimeter-less” workplace compounds these inherent challenges. There are four primary objectives of an insider risk management program – awareness, understanding, visibility, and protection. A perimeter-less workplace requires an adaptation and tailoring of traditional risk management methods.


Awareness means developing a clear picture of your insider population, providing insiders with resources to properly protect assets, creating a culture of transparency and responsibility, and developing workflows that foster the identification and mitigation of aberrant behaviors.

In the traditional workplace, training is focused on best practices for operating in an office environment and how to spot aberrant behavior from coworkers and how to protect against common email attacks. Insider populations are defined by those that have physical access to corporate offices and workflows are focused on identifying aberrant behaviors in the workplace. In the remote workplace, proper hygiene for accessing corporate information (fake hot spots, spoofing, shoulder surfing in public spaces, etc.) must be emphasized as well as properly handling information outside of office (printing, storage, transmitting). Use of file sharing sites, USBs, email security and device management (personal and corporate) are of particular importance in this environment. Reporting workflows must also adapt and utilize more hotlines to report suspicious activity to security. Insider populations must be understood from a virtual access standpoint since many employees may never step foot in the physical corporate facility. Lastly, workflows must incorporate methods and means to identify aberrant behavior outside of the workplace.


Understanding involves focusing on what is important to the company by identifying and defining critical assets, developing granularity about those assets, prioritizing them based on impact, and developing processes and procedures that foster knowledge of asset workflows and incorporating this knowledge into a risk management framework.

In the traditional workplace, the focus is on the corporation as “asset holder” (on corporate devices, networks, physical locations). By contrast, in the perimeter-less workplace, the insider is often the “asset holder” (storage on personal devices, USBs, file sharing sites, home office) and the spread of critical assets is even more pronounced. Working remotely, staff have a wide variety of mechanisms to handle and store assets. Risk models now must include threats and vulnerabilities concomitant with operating outside of the corporate environment.


Visibility involves monitoring insider behaviors that are indicative of a threat to corporate assets (network and off-network), monitoring interactions of insiders with identified assets, logging asset accesses and movements, and analyzing behaviors, interactions, and logs to identify risk.

In the traditional workplace, visibility is limited to corporate-owned devices and networks and behaviors at the corporate facility. By contrast, the perimeter-less workplace must include visibility on behaviors outside of the corporate facility (open source data sources), and understand how data assets are moved, transferred, and stored outside of corporate networks. To counter the loss of visibility into the ways that staff store, transmit and work on data, organizations need governance and workflows that enable the tracking of the flow of data and assets outside of the corporate network and domains. To counter the loss of visibility into staff behavior, alternate means for the early identification of employee warning signs are required. Open source data can provide insight into individuals’ behavioral stressors and actions and can help employers continuously examine an employee’s potential threat to an organization.


Security controls must be applied to both digital and physical assets (including information and personnel) to ensure the ability to safeguard assets wherever they are accessed, used, transmitted, stored, or located.

In the traditional workplace, the focus is on the device and human endpoint. Controls are designed to alert on events (post-action) and are limited to the corporate perimeter (network and physical). By contrast, in the perimeter-less workplace, data is the new endpoint. The focus must be on the digital asset itself as the new perimeter. Controls must be designed to manage access (pre-event) and invoke object-level end-to-end encryption.

Call ITMG Today to Help Develop an Insider Threat Program that Addresses the Unique Risks Posed by a Remote Workforce

ITMG is a leader in providing comprehensive insider threat program assessments, strategies, and solutions to help organizations manage risk from remote employees. Give us a call today to speak with one of our experts.