Actionable security awareness tips on how employees can prevent insider threats

 A misplaced USB drive with confidential data. An opportunistic employee sharing confidential information with a competitor. An employee who accidentally clicks a phishing email. These are all examples of insider threats to your organization.

Insider threats unfortunately are not simply the stuff of movies and crime dramas. The reality is your employees are a real threat as you try to address cyber-security risks. This doesn’t mean you can’t trust your employees. It means you need to raise awareness through-out your organization of how and why insider threats happen.

In most cases, your employees likely don’t realize their actions are putting the organization at risk to suffer a cyber incident as a result of an insider threat. By keeping the conversation about security awareness going 365 days a year, you can help prevent insider threats and build a proactive cyber security aware culture by preventing and detecting potential insider threats.

What are Insider Threats?

Insider threats are threats from people with access to systems and inside information about your organization. This can include employees, former employees, temporary workers, partners, or contractors who have authorized access to your data, applications, files, etc.

Raising awareness of insider threats is important because these threats and associated data breaches can be intentional or accidental:

  • Malicious Employees: employees who deliberately steal, disclose or destroy company data or IT systems for financial gain, or to commit corporate espionage or sabotage. These people are influenced by anger, greed, revenge, or by people external to the organization who pressure them to act maliciously.
  • Negligent Employees: due to carelessness, these employees accidentally compromise company data or systems. These people don’t realize their actions are putting the organization at risk of a data breach or cyber attack. Insider threats from negligent employees can put confidential information in the hands of the wrong person.
  • Unsuspecting Employees: an insider can be an employee who has their login information stolen or their computer compromised. Cybercriminals steal employee credentials with a cyber attack and then use the employee’s identity to commit crimes. Unsuspecting employees are victims of targeted attacks. The goal of these targeted attacks is to steal information under the cover of the unsuspecting employee’s identity.

It is important everyone in your organization understands how easy it is to accidentally become  an insider threat and how to recognize deliberate insider threat behaviors.

Recent research detailed in the underscores the realities of insider threats for organizations, data, and employees:

  • The frequency of incidents per company has tripled since 2016 from an average of 1 to 3.2
  • The average cost has increased from USD $493,093 to USD $871,686 in 2019
  • 60% of incidents are related to negligence
  • 23% of incidents are related to criminal insiders
  • 14% of incidents are related to user credential theft

Insider Threat Warning Signs CISOs and Security Leaders Need to Know

To help prevent insider threats from affecting your organization, it’s critical you and line managers know the warning signs of insider threats so you can understand how insider threats happen.

As a CISO or security leader, you need to be aware of these 9 insider threat warning signs:

  1. An employee downloads or attempts to access data they don’t normally use for their day-to-day.
  2. Requests for network and data access to resources not required for the job.
  3. Downloading large amounts of files or data on personal portable devices.
  4. Searching for and accessing confidential data.
  5. Emailing sensitive information to a personal email account or to people external to your organization.
  6. Accessing the network and data outside of normal working hours.
  7. Employees who exhibit negative attitudes or behaviors.
  8. People who ignore security awareness best practices such as locking screens, not using USB or external drives, not sharing passwords and user accounts, or do not take cyber threats seriously.
  9. Disgruntled employees who are leaving the organization.

Knowing these warning signs can help you customize your security awareness training to address risks unique to your organization. Security awareness training that uses real-world examples of insider threats, helps employees understand how small actions can result in real damage.

It doesn’t take much for an insider threat to happen. For example, consider these insider threat actions, decisions, and behaviors:

  • Loaning a USB device with confidential information to a colleague who doesn’t have authorization to access this information.
  • Giving employees universal access to the entire network with no limits on permissions.
  • Leaving a laptop open, unlocked, and unattended in an office, co-working space, or coffee shop.
  • Repeatedly skipping security awareness training or brushing off cyber threats as a joke.
  • An angry colleague who starts logging in after hours to access and download company data.

Remember, anyone who has access to your network can be an insider threat. Insider threats are dangerous because they can originate from what appear to be innocent or harmless actions.

10 Security Awareness Best Practices To Help Prevent Insider Threats

These 10 security awareness best practices can help CISOs and security leaders prevent insider threats from damaging your organization:

  1. Establish strong internal network and system permissions for all employees. Only give access to systems to people who require it to fulfill their job functions.
  2. Ensure all employees, contractors, interns, etc. receive regular and consistent security awareness training. Use phishing and ransomware simulations to monitor awareness and understanding of cyber threat risks.
  3. Complete background checks on employees, particularly those who require access to sensitive data.
  4. Define strict data access controls, so employees only have access to the information they need. Carefully review and analyze requests for additional network or system access.
  5. Establish a data classification and handling policy and leverage data loss technologies for high risk data.
  6. Remind employees all network activity is logged and monitored. Make sure people understand user accounts and permissions should be used for business purposes only.
  7. Establish firm bring your own device (BYOD) permissions and rules on how data is used, shared, and stored.
  8. Make sure employees are aware of remote work cyber security best practices and mobile device security best practices.
  9. Define strict password policies and user account privileges. Regularly monitor accounts, ensuring all accounts are closed or updated when an employee leaves your organization or changes roles.
  10. Establish network access rules to limit the use of personal devices and the sharing of information outside of your corporate network.


*** Share This Section on How to Protect Against Insider Threats with Your Employees ***

10 Ways You Can Help Keep Our Organization Protected from Insider Threats

You are our first line of defense against insider threats and associated data breaches.

To keep our organization protected and secure, we want you to know and remember these security awareness best practices.

  1. Do not share your username/password with other colleagues. We have defined unique network and system permissions for your account and role. These help keep our network secure and protected.
  2. Always follow our security policies, guidelines, and procedures. Do not disable software or bypass security controls.
  3. Whenever you leave your laptop or mobile device unattended, make sure it is locked and protected by a secure password. Do not leave any devices unattended in coffee shops or other public locations.
  4. Be information aware. Think twice before sharing company information with colleagues. If a colleague asks you to send them files that they cannot access, contact us immediately.
  5. Do not use personal storage devices or cloud services. If you need to store or access information, talk to us about our recommended storage policies and tools.
  6. Never access systems, applications, or information using a colleague’s credentials or account. If you require additional privileges, talk to your manager.
  7. If you discover you can access information you don’t require for your role – please tell us.
  8. Remember to be aware of emails, phone calls, or text messages asking you to update passwords, click links, or download files. Cybercriminals use stolen identities to commit data breaches.
  9. Remember it is very easy to accidentally cause an insider threat incident. Double-check the recipient list on emails and file-sharing. Do not leave confidential documents on your desk or open and unattended on your screen.
  10. Alert us or your supervisor if you notice someone within our organization exhibiting suspicious behaviors.


If you see something that doesn’t feel right – speak up. It’s better to be safe than sorry. The tricky aspect to insider threats, is they can be triggered by small actions that do not appear to be dangerous or malicious.



Cybersecurity Hub

Cyber Security Hub : Access Exclusive Cyber Security Content

Take advantage of the free Cyber Security Hub – it is your one-stop cyber security awareness and knowledge center with one-click access to the COVID-19 Kit, Work From Home Kit, Password Kit, Phishing Kit and more.