malvertising

Signs an Employee Might Be an Insider Threat

Omer Aslim selfie
By: Omer Kaan Aslim
November 01, 2020
More than 34% of businesses around the globe are affected by insider threats yearly.[1]

Who is An Insider?

Insider Threat Example
“An insider is any person with authorized access to an organization’s resources to include personnel, facilities, information, equipment, networks, or systems.[2]”

What is an Insider Threat?

The insider threat is the risk an insider will use their authorized access, wittingly or unwittingly, to do harm to their organization. This can include theft of proprietary information and technology; damage to company facilities, systems or equipment; actual or threatened harm to employees; or other actions that would prevent the company from carrying out its normal business practices.”[2]

Insider Threat Warning Signs

gambling
  • Anger/revenge - wanting to retaliate against the company for reasons including a perceived lack of recognition, missed promotions, issues with management or co-workers, or a pending layoff
  • Compulsive or destructive behaviors - drug, gambling or alcohol dependencies
  • Family problems and other personal sterrosors
  • Removing proprietary information or seeking access to material outside the scope of assigned job duties
  • Working odd hours without approval
  • Taking multiple short unexplained trips
  • Making unapproved contacts with competitors or business partners
  • Showing interest in projects or work outside the employee’s job areas
  • Remotely accessing the computer network from home or vacation outside approved work routines
  • Unnecessarily copying large volumes of materials or transferring information out of company systems

Simple Methods to Mitigate Insider Threats

  • Train employees on recognizing the indicators of an insider threat
  • Identify important information at your company and implement strong access controls and auditing for that information
  • Conduct background checks on personnel before hiring them. Consider conducting background checks on your employees every few years
  • Include a non-disclosure agreement and non-compete agreement in your work agreements
  • Have an organized employee termination process that involves IT and HR

References

 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance