Article

Is Your Company Protected Against Insider Threats?

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet892 viewsSign in to rate
The Hollywood portrayal of a hacker is a mysterious hooded figure sitting in a dark room, furiously tapping away at a keyboard in search of a back door into an organization’s system. However, the real enemy may be sitting in a brightly lit cubicle right outside the CEO’s office; insider threats pose just as much danger to organizations as outside hackers. According to a research study by Intel, 43% of data losses happen due to the actions of “internal actors” – about half being unintentional accidents or carelessness, and the other purposeful malicious activity. Security researcher Brian Krebs reports that some organizations are paying security firms or partnering with law enforcement to monitor the Darknet, a hidden online underworld that can only be accessed using special software that hides users’ identities and locations, in an attempt to stop disgruntled employees from selling privileged company information such as high-level system credentials. However, by the time an inside actor is snagged trying to strike a deal on the Darknet, the damage has already been done. Additionally, this monitoring does nothing to address the other half of insider threats, which are not the result of malicious intent but carelessness, negligence, or a simple lack of cyber security. For example, many high-profile data breaches, such as the Anthem breach, were the result of an employee inadvertently clicking on a phishing email. Organizations should take the following proactive measures to protect themselves against insider threats: Make sure you have a written acceptable use policy. A written acceptable use policy is a very basic step that many organizations overlook. It is imperative that specific rules be established regarding the acceptable use of company hardware, software, and network access, and the consequences for disobeying the rules. The policy should be in writing and signed by each employee. While a written policy won’t stop insider threats due to malicious acts, it will provide leverage for a company to take disciplinary action against an employee who, for example, removes a tablet from the premises without authorization, shares their login credentials, or logs into the system from an unsecured device. Establish user behavior baselines and monitor your network for deviations. While it’s important to have an acceptable use policy and train employees on cyber security awareness and best practices, the “human factor” in preventing insider threats only goes so far. Technical defenses are also necessary, including 24/7 monitoring of your organization’s system. Baseline patterns should be established for each user, and any changes in user behavior, such as a user logging into the system from an unusual location or attempting to access a part of the system they don’t need to do their job, should be flagged and investigated. Restrict system access as appropriate. No employee should have a higher level of access to the organization’s system than they need to do their job. A salesperson has no need to access employee tax and salary data; employees in the human resources department wouldn’t normally need to access the billing system. Limiting system access not only protects against malicious insiders but also prevents hackers from obtaining the “keys to the kingdom” should they manage to steal credentials from a lower-access employee.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026