5 Resources To Get Started With Mimecast Incydr

Data leaks stemming from inside the organization are a big—and growing—problem. A growing number of savvy security leaders are seeing how Mimecast Incydr™ gives their teams powerful visibility, context and control to manage insider threats and stop data leak and IP theft. But even as you move toward deploying a solution, you might find yourself worried about strain on your team or wondering if you’re not prepared internally. Let’s address this common question: 

How do we get started with Incydr?

Building on the Incydr Proof of Value: Common Questions

The Incydr Proof of Value (POV) is an eye-opening experience for most security leaders. The POV often reveals significant insider threats and data protection issues that were previously hidden, hard to fully understand and difficult to investigate and remediate. 

But while the POV allays any technical concerns around the deployment and use of Incydr, the POV often brings up questions from security leaders around the logistical and administrative considerations of deploying Incydr, such as:

• What are the legal considerations of deploying Incydr in my organization?
• How do I get buy-in from key stakeholders like HR, legal and IT?
• How do I communicate Incydr (and an Insider Risk program) to all users in the organization?
• How do I help build and foster a security-aware culture to support Incydr?

5 resources for simple and successful Incydr deployment

Insider risk is complex. But getting started with Incydr is not complicated. Mimecast has helped hundreds of organizations of all sizes and across industries, build an insider risk management program around Incydr. We’ve honed a set of best practices and resources to ensure a smooth deployment and seamless success — for both security teams and end users.

Here are five great resources to help you get started.

1. Corporate communications script template

The first step for transparency is clearly communicating the rollout of Incydr to the rest of the organization. How this message is conveyed has a significant impact on how Incydr is perceived by users and other key stakeholders in the business. This simple script template gives you a starting point:

• Setting the stage for why it is critical to protecting users, protecting customers and protecting the business.
• How you’re balancing security concerns against the priority of empowering users with trust, flexibility and speed.
• Outlining exactly what is being monitored — and ensuring users that monitoring follows all laws around employee privacy.
• Establishing the assumption of positive intent — the essential foundation of a positive security culture based on trust.

2. Acceptable use policy template

Incydr isn’t a policy-based tool — it doesn’t require the painful, time-consuming policy-creation step in implementation. But your people do need policies stating what’s allowed and what’s not. 

Their everyday compliance is your biggest frontline protection against data leaving your organization. Your employees’ understanding of acceptable use is critical to avoiding the big brother feeling and making them feel trusted and empowered. This resource gives you a template for building an acceptable use policy for your organization. It includes the most essential elements, along with the most common considerations based on Mimecast best practices, so you can easily edit to fit your organization.

Of course, every organization is unique — in terms of the data they’re working with, how they’re moving that data and what constitutes risk. That risk lies in the nuance of everyday productivity vs. risky behaviors. As you’re building your acceptable use policy, make sure you’re fully considering those gray areas, so you can bring maximum clarity to your users.

3. Log-on banner example

Humans are forgetful. Gentle reminders go a long way. A log-on banner is a great way to remind your users quickly and consistently about their expected level of privacy and nudge them toward compliance — right at the point of action. The log-on banner should align with your organization’s security and employee privacy policies. But the following example can provide a good starting point:

"This system is monitored, recorded, and audited for carefully considered, specific, and targeted purposes (see Employee Privacy Statement). Your use is consent to these legitimate and proportionate activities. Unauthorized use may be subject to criminal and civil penalties.”

4. Attestation template for unauthorized data transfer and deletion

The reality we all know is that users are going to break the rules of your Acceptable Use Policy. Sometimes it’s intentional and malicious, but often it’s just the result of trying to get work done more efficiently. One of the most important — and often most awkward — parts of responding to a user putting data at risk is having a user attest to their actions. This is critical from a legal liability standpoint and is often required by data security and data privacy standards. This resource gives you a template for an attestation document, which should be reviewed by security, legal, and HR leaders and amended to fit your security and employee privacy policies.

5. CISA tabletop response exercises

The unique and varied nature of insider risks make insider risk alerting complex, but this also means that responding isn’t a one-size-fits-all matter. Response needs to be right-sized, always needs to be collaborative (including a legal, HR and business unit leader — not just security), and most importantly, needs to be planned out ahead of time.

How do you plan for potentially unforeseen scenarios? The Cybersecurity & Infrastructure Security Agency (CISA) provides a comprehensive set of resources to help organizations conduct tabletop planning exercises. The CISA Tabletop Exercise Packages (CTEPs) cover more than 100 scenarios, from cybersecurity to physical security and everything in between. Each CTEP includes:

• Templates for tabletop planning exercises
• Discussion questions and key considerations 
• Best practices for response protocols

The CTEPs are a great starting point for conducting the planning exercises needed to build your own insider risk response protocols. And these tabletop exercises shouldn’t be limited to the implementation phase of Incydr. You should use these templates to regularly evaluate your incident response protocols, as the specifics of the data, apps, workflows and risks in your organization evolve over time.

The resources above have proven to be incredibly helpful to security leaders as they roll out Incydr and build an Insider Risk management program. But they’re just the beginning: Mimecast provides a vast range of resources and support to help make implementation of Incydr as smooth, simple, and successful as it can be for your organization. Don’t hesitate to reach out with questions, or to tell us how we can help.

Additional resources:

• 5 Lessons Rakuten Learned Implementing an Insider Risk Management Program
• What To Expect During Incydr's Free Trial