Insider threats in cyber security

Insider threats come from people within your organisation, such as employees, contractors or partners, who misuse access to your systems or data. This misuse often happens by accident rather than deliberate action. It can compromise operations and cause major financial and reputational damage - read more about the impact on your business.

Types of insider threats

Most insider threats fall into three categories:

• the malicious insider - deliberately misuse access to harm the business or steal data
• negligent staff - make avoidable mistakes like clicking phishing links or losing devices
• the third party contractors - lack the same training or oversight as employees

Insider threats often arise from everyday activities that create cyber security vulnerabilities. Watch for these common risky behaviours in your team:

• browsing unauthorised websites
• visiting social networking sites
• sharing confidential information in a social network environment
• opening spam or suspicious links and email attachments
• accidentally sending sensitive information to the wrong people
• accidentally transferring viruses or malware
• choosing weak passwords and never changing them
• using the same password on multiple accounts
• installing unauthorised programmes on the employee's machines
• uploading files to an online file-sharing service, personal cloud or storage network
• downloading unauthorised files (eg music, films or photographs)
• misplacing or losing property (eg laptops, mobile phones, USB devices)
• providing information to a third-party, eg suppliers or vendors
• transporting company information via unsecured portable devices
• sending sensitive work documents to personal email addresses
• using unsecured mobile devices to share work data or access company information
• accessing your business' virtual private network via public computers and public wireless hotspots

You can prevent many risky behaviours with clear cyber security policies, training and controls.

How to reduce insider risks

Many unintentional employee mistakes are avoidable. Keep your workplace secure by taking these steps:

• Screen new starters: check references, qualifications and identity before giving system access.
• Set clear rules on acceptable use and data handling in written IT policies.
• Enforce strong password practices.
• Block unauthorised websites and devices.
• Restrict software installs and data access permissions
• Review email, internet use, remote working and bring your own device standards.
• Train staff regularly on risks and incident reporting.
• Monitor logs for unusual activity and audit access rights regularly.
• Raise cyber security awareness across the business.
• Use contracts and non-disclosure agreements for sensitive data access.
• Build in security compliance and disciplinary measures into employment contracts.
• Use cyber breach detection to spot risky user activity in real time and alert teams.

Help employees understand their roles and responsibilities in keeping data safe. Use sample IT policies, disclaimers and notices to set expectations.

Even with best practices, understand that incidents may still happen. Review your cyber security risk management processes and develop an incident response plan, to allow you to quickly and efficiently deal with cyber incidents.