Are YOU an Insider Threat

As a security professional, I spend a lot of time talking to businesses about how they can create more safe and secure environments. Lately, I’ve been talking a lot about insider threats and what companies’ large and small need to do to keep themselves protected. But, this month, I am changing gears a bit. Instead of talking to businesses, I’m talking to you—yes, YOU as an individual.

Unintentional insider threats have cost U.S. companies millions of dollars and even the best of employees can become an insider threat. According to an article from, here are 5 things you can do to make sure YOU are not the cause of your own insider threat.

Be mindful of devices with company data on them

Whether its work-related emails on your phone or a company laptop out of the office, you need to be careful not to let this information get into the wrong hands. Don’t store unnecessary data on your devices, avoid connecting to external networks, and always immediately report a lost or stolen devices.

Encrypt data at risk

“Most people only think about encryption when they are transferring data to a third party, but data that is sitting unused in storage is also at risk,” writes Andrew Wild Make sure sensitive data stored on mobile devices, personal computers or even external hard drives is encrypted.

Use good password practices

As Andrew writes, “sensitive data is only as safe as the password you use to protect it.” Use passwords that are at least ten characters longer with some measure of complexity such as a mixture of uppercase and lowercase letters, numerals, and symbols. It is a best practice to change your password often and do not use the same password for everything.

Beware of social engineering

The most common example of social engineering is phishing. This is where you receive a cleverly crafted email that looks legitimate but is actually trying to get you to divulge valuable information such as passwords or install malware on your devices. Currently, this same type of practice is happening via phone too. If you feel something is suspicious, check with your company’s security team before proceeding with sending information.

Ensure you don’t have unnecessary access privileges

You may not need access to all the data on your company’s network. Limiting access has been shown to dramatically reduce the reach of a potential data breach, so if you discover you have access to data or systems that you don’t need in order to do your job, notify your tech team.

Make sure you are not becoming your own worst enemy when it comes to keeping your company safe from insider threats.


Please leave a comment, we live for them !!!!!

Who Should Be on Your Insider Threat Risk Team?

Who Should Be on Your Insider Threat Risk Team? As a security professional, I have written a lot about the growing risk of insider threats—especially for small- to medium-sized companies who may not have the resources to dedicate one team member to this issue. Does your company fall into this category? Even if you don’t…

Why Protecting Against Insider Threats also Protects Against Workplace Violence

Why Protecting Against Insider Threats also Protects Against Workplace Violence   According to the Occupational Safety and Health Administration (OSHA), nearly 2 million employees are victims of workplace violence each year. An even more startling statistic is that between January 2009 and July 2015, there were 133 mass shootings in the workplace. No wonder violence…

Security Clearance Salaries on the Rise

Security Clearance Salaries on the Rise  According to a recent article from, those currently holding security clearances could see their salaries increase in 2017.  You ask Why?  Several factors are having an impact on security clearance salaries including:  OPM Breach—this caused some to leave the market creating a “backlog of background investigations.”  If you…

New Executive Order Updates Security Clearance Process

New Executive Order Updates Security Clearance Process As President Barack Obama prepared to leave office on January 20th, he signed an executive order that updates the structure and process for issuing security clearances. According to Federal News Radio, the order more clearly outlines the Office of Personnel Management’s (OPM) responsibilities in this process including: Open…

New Change to Psychological Health Question on the SF-86

In November, the Director of National Intelligence James Clapper issued Revised Instructions for Completing Question 21, Standard Form 86, “Questionnaire for National Security Positions,” ES 2013-00242 in hopes of making it clear that “mental health treatment is not a detriment to holding or maintaining a security clearance.” Section 21 of the SF-86 has long been…

Insider Threat Monitoring Rules for Federal Contractors

Insider Threat Monitoring Rules for Federal Contractors Reminder that your must certify to DSS that your company has appointment an Insider Threat Program by Today – November 30, 2016.  All Federal contractors holding facility clearances face new insider threat monitoring rules that will require them to gather, integrate, and report relevant and available information indicative of…

Could Your Company Handle an Insider Threat?

If you’ve been following my writing, you know that I believe one of the biggest security threats a company may face is not from outside sources—it’s from their own employees (or former employees). Many companies think they are prepared to handle an insider threat, but are they? Here are the 5 things your company should…

Who’s In Charge of Keeping Your Company Secure?

Even if your company has strategies in place to handle malicious attacks on your security, you may still be at great risk for insider threats.  Why? According to a Forrester study, “insiders” were involved in 39 percent of data breaches—of that 39 percent, 27 percent came from inadvertent misuse of data by employees, making your…

The Threat of File Sharing

The Threat of File Sharing A surprising number of companies suspect their employees are using online file-sharing services to store and share company files. This is a dangerous situation. How dangerous? It really depends on how sensitive, regulated and critical the documents are. However, many of the companies are unaware that employees are even using…