Growing Concerns Emerge Over Internal Security Controls
In a recent poll completed by the auditing firm, KPMG, it was discovered that 31 percent of those polled identified internal controls as a primary concern. As discussed in last week’s newsletter, the human elements adds additional risk to any company. Unfortunately many times these individuals are not properly trained on phishing scams, or how to adequately keep data safe and secure. So what internal controls can be implemented to mitigate the risk of security breaches? The list is limitless, but essentially can range from ensuring proper access administration and monitoring privileged access users to installing adequate security tools to patch security gaps.
Implementation of internal controls continues to remain a struggle for over 70 percent of those who participated in the survey. One of the best ways for internal procedures to be analyzed is from a third party perspective, meaning someone who is not familiar with the process but is familiar with IT infrastructure. This person does not necessarily need to be outside of the company, but could just as easily be an internal employee. By explaining the process to them, not only will they ask questions about why things are done the way they are, but also allows for exploration on how to enhance the process by both the third party and the employees who are involved in the process on a day to day basis.