Insider Threat: Watch Out for These 3 People – National Security Institute

The Inside Threat: Watch Out for These 3 People

Innocently or with malicious intent, one of the ways criminals get access to your company’s data and computer networks is through the actions of company insiders. Here’s how to recognize them…

Rather than monitoring every activity by every user, many employers have begun looking at insider risk indicators to identify risky behavior. As it turns out, workers prone to causing breaches fall into three broad categories—and you can do your part by watching out for colleagues who fit these profiles.

1. The Over-Sharer. We all know a few—folks from the office who always seem to email a document to a wide distribution. Or they upload a file to a cloud service, or post sensitive information in an unauthorized application. They think they’re helping by giving people quick access to valuable information. These people aren’t malicious, but rather prone to poor judgment or human error. Nevertheless, their actions may result in costly data breaches that keep security pros up at night.

2. One Foot Out the Door. Make no mistake: people who’ve decided to leave the company and take critical information with them are only looking out for themselves. The data may consist of projects they’ve worked and want to save in their portfolio. Or a database of customers they could migrate to a competitor. Or even just a report with a great format they’d like to duplicate in their new job. Regardless, any info they take with them can negatively impact your organization’s ability to do business, compete fairly, and protect customer privacy.

3. The Troublemaker. While rare, these insiders are among the most disruptive in the bunch. There are a few varieties of troublemakers, including a mole or insider for hire. Troublemakers are often profit-motivated, simply selling corporate information. Or they may be engaged in corporate espionage. Maybe they have political motivations, seeking to disrupt or sabotage the company.

What you can do

Commend helpful people for their service mindset but also remind them there are criminals who make a living off of taking advantage of trusting folks. Better to slow down and think before sharing
Be mindful of odd requests from someone you know is leaving soon, for example “I need you to send me a download of..”
Don’t confront someone who you suspect of malicious intent. Instead contact your supervisor or security. You may or may not be correct in your suspicions so let the professionals investigate.

A Smart Allocation of Resources

Regulatory Compliance

Reduces Human Risk Factor

Well Received by Everyone

Accelerated Security Awareness

Easy to Implement

Concise and To-the-Point

Flexible & Easy to Use

Email the Fully Formatted PDF Newsletter

Deliver SecuritySense micro-training posts instantly by emailing the fully formatted PDF newsletter you receive from us on the first of each month like clockwork.

Upload the PDFs to Your Internal Website

Upload the entire newsletter. Upload individual micro-training posts to call out security issues you want your people to focus on that month.

Paste Our Content Into Your Existing Communications

Use the text version of SecuritySense micro-training posts to supplement other internal communications vehicles.

Integrate HTML into Your Internal Website

Use the HTML version of SecuritySense micro-training posts to easily integrate them right into your internal facing website.