Risk Assessment

10 Tips to Recognize and Prevent Insider Threats

Featured image for 10 Tips to Recognize and Prevent Insider Threats

Cybersecurity – 10 Tips to Recognize & Prevent Insider Threats

In 2014 I realized that it wasn’t just cyber-criminals who were the threat, it was now becoming apparent that the people using the computers were big contributors to the problem.


Social engineering is a tactic used by online scammers to trick people into giving over their credentials, personal or business information, or access to computers and data. 

Today more than ever, the bad guys are winning. Your employees are being challenged, especially via email, and those team members can be liabilities to the safety of your business data.

They are master storytellers, preying on our good heartedness, emotions, or fear. As much as 90% of successful breaches are a result of phishing emails where social engineering tactics have been used. With these stats, this most certainly makes our employees a threat, even if they are good people with good intentions.

Just look at the CIRA State of the internet reports.

But what about if they don’t have good intentions? And how would you know?

Internal breaches can be intentional or unintentional. Insider threats can be malicious (deliberately causing damage) or accidental (making mistakes, forgetting to secure something or otherwise accidentally causing damage).

They can be anyone.
It’s not just the everyday employees or higher-ups! An insider threat may be a contractor, a consultant, a vendor or a former employee.

They may have different motivations.
Money may not be the only obvious motivation. Malicious insiders may be motivated by perceived slights, political or religious leanings, job dissatisfaction or revenge.

They may act out of the ordinary.
They seek to work unusual hours, ask for access to restricted information or brag about sudden, mysterious financial windfalls.

Sometimes they will violate policies.
Insiders violate policies by definition, either knowingly or unknowingly. Policies are put in place to protect customers, data and the company, and an insider’s damage to the company will violate those policies.

What should you do? How do you prevent it?

Know and follow security procedures.
Accidental insiders can cause breaches not through malice, but because they make mistakes. Following established procedures, and noticing when procedures aren’t followed by others, can prevent potential mistakes. Here’s help.

Report suspicious behavior. If someone is acting suspicious or dangerous, management needs to know. Share your concerns with your supervisor. By reporting small signs, you could stop a problem before it becomes a disaster.

Practice good physical security and cybersecurity.
Maintain a clean environment, lock up sensitive documents and password-protect and encrypt important files.

Trust but verify.
If you suspect someone is an insider, be cautious. Verify their claims and maintain security until you can be certain of the situation: never share your password or access with a potential insider.

Know the signs of a disgruntled employee.
Is someone picking fights with coworkers or angling to get fired? A disgruntled employee is one who may become an insider threat.

Get training for both your team and especially you managers.

Todays cyber threats are coming at small businesses from every angle. It’s true you need great policies and procedures, but annual security awareness training is critical to ensure your team can defend your data. 

Get to know me