April 9, 2020

Remote Work Enablement and Securing the Insider Threat

Matthew P. Miller — KPMG

Editor’s Note:

As part of our content series on cybersecurity best practices for remote work enablement, the following is a guest post from Matthew P. Miller, Principal, Cyber Security Services at KPMG.


Organizations today are trying to navigate through what is arguably unchartered business territory as their global workforces have shifted to a large-scale remote work model seemingly overnight. And while business continuity plans are developed for external events beyond our control, they aren’t generally intended to cover an entire global workforce going remote within a matter of weeks.

As enterprises assess the path forward in this new way of working, it is imperative to ensure that your CIOs and CISOs have the tools and resources needed to enable large-scale remote work enablement that keeps employees productive without sacrificing security. And through this exercise, organizations will need to plan to revisit decisions on access rights, entitlements and risk posture, particularly through an insider risk lens as your remote workforce is now the new perimeter you have to secure.

Following are my 10+1 best practices for managing risk in an extended Work-from-Home business environment to keep employees protected, informed and productive.

1) Deter disgruntlement – Be proactive in your interactions and be human. Use technology wisely and attempt to increase face-to-face visibility by turning cameras on. Consider how to turn everything you do to virtual.  

2) Communicate desired behaviors – with empathy. Guide your employees in how you want them to act. Understand that normal activities may become increasingly challenging and everyone is balancing work with their own personal situation. Be patient and understanding.  

3) ID areas of unacceptable risk – Identify business processes that in no circumstance should be conducted in an extended WFH situation. Initialize business continuity efforts on these activities.

4) ID controls that can be loosened – Revisit decisions on implemented controls. Consider opening up access to collaboration solutions, allowing remote print, email to personal addresses. Monitor any changes to infrastructure and policy.

5) Shadow IT – Use of non-approved technology will be pervasive and is likely unavoidable. Reiterate best practices to reduce your risk, particularly where sensitive data is involved.  Understand contractual requirements and the impact of recent privacy laws.

6) Behavior Based AI models – Any model based on employee behavior is now useless. Additionally, models may need to be retrained as there will probably be a new normal. Consider focusing detection efforts on high-risk scenarios and individuals. 

7) Control bypass – Controls will be bypassed, intentionally and unintentionally. Be ready to focus detection tactics on intentional/malicious.

8) Monitor the environment changing – Loosening of controls and the implementation of new technology will create blind spots.  Identify monitoring gaps and understand your risks.


9) Social distanced forensics – Be prepared to perform remote collection. Make sure your BYOD policy allows for investigation of employee owned and managed equipment.

10) Communicate threat intel – Threat intel will be invaluable in maintaining situational awareness.  Increase interactions with peer organizations, share both observations and lessons learned.

+1) Communicate undesired behaviors – with consequence. When inappropriate activity is identified act with conviction, inform leaders and educate your employees.


These best practices will not only help protect your employees and most critical data during this time, they can also serve as a smart cyber hygiene program your company can implement as standard practice ahead. There will be a long term impact on business as a result of these global events. And in applying lessons learned through implementation of new security best practices, businesses can come through these times with stronger security programs for today’s unpredictable modern threat landscape.

To learn more, please visit https://advisory.kpmg.us/articles/2020/covid-19.html

© 2020 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.

This article represents the views of the author(s) only, and does not necessarily represent the views or professional advice of KPMG LLP.

Matthew P. Miller - KPMG

Matthew P. Miller — KPMG

Matt is a principal in the New York office of KPMG LLP’s Advisory Services practice and is the U.S. Cyber Security Services Banking industry lead. With 20+ years of experience Matt’s focus areas include insider threat and internal fraud, 3rd party risk, quantitative and qualitative risk...

Read more articles by Matthew P. Miller — KPMG

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.