Skip Navigation

Why Mask Users While Conducting Insider Threat Analysis?

They are employees of our business, and we already have all their information; so why should we mask them? The more information the better, right? These questions make sense on a surface level. Masking users, however, is a necessary step to ensure that you investigations are defensible, transparent, and without bias. 

Bias must always be avoided when conducting investigations. Analysts should not have any preconceived notions about a user. To ensure that this does not happen we need to put layers of anonymity into each review. The name of a user, their employee identifier number, and even their location should be masked. This will serve to rebut claims that an employee was inappropriately targeted. 

The perception of impropriety also needs to be avoided. This becomes more pronounced when an investigation is actually litigated. All analysis and investigative efforts should be highly defensible, transparent, and above reproach. To that end, teams must make sure that they are documenting each step in the process so that they can prove that masking and potential unmasking was done properly.

Masking identities supports this process by ensuring that investigations are being conducted thoroughly. The best processes usually include a procedure of unmasking users when an analyst deems it necessary. This way you have a step in the investigation where another member of the team can look over the information of the case and either approve or disapprove the unmasking request. These are all layers that add to the legitimacy of an investigation. 

Everyone wants investigations to be as easy as possible. Identity masking is a speedbump, but a necessary one. It serves to ensure that investigations are unbiased and legitimate. We do not need to prove that legitimacy to ourselves, we need to prove that legitimacy to those looking at our insider threat investigations from the outside. 

Contact ITMG to Develop Strategies and Protocols Designed to Help Your Company Mitigate Your Insider Risk 

ITMG is an industry leader in helping organizations throughout the United States strengthen their insider risk management programs and secure sensitive data and intellectual property. Our team of bona fide experts has the real-world experience necessary to plan out and create holistic security solutions tailored to the needs and risks in your industry. Contact ITMG today to learn more about how we can help! You can also visit our Facebook, Twitter, and LinkedIn pages for more updates and insights into the world of insider risk management. 

This entry was posted on Monday, February 28th, 2022 at 9:28 pm. Both comments and pings are currently closed.