1. Insider threats An insider threat occurs when individuals close to an organization who have authorized access to its network intentionally or unintentionally misuse that access to negatively affect the organization's critical data or systems.
THIS ARTICLE IS PART OF What is incident response? Plans, teams and tools
Which also includes:
10 types of security incidents and how to handle them
Careless employees who don't comply with their organizations' business rules and policies cause insider threats. For example, they may inadvertently email customer data to external parties, click on phishing links in emails or share their login information with others. Contractors, business partners and third-party vendors are the source of other insider threats.
Some insiders intentionally bypass security measures out of convenience or ill-considered attempts to become more productive. Malicious insiders intentionally elude cybersecurity protocols to delete data, steal data to sell or exploit later, disrupt operations or otherwise harm the business.
How to prevent insider threats The list of things organizations can do to minimize the risks associated with insider threats include the following:
Limit employees' access to only the specific resources they need to do their jobs;
Train new employees and contractors on security awareness before allowing them to access the network. Incorporate information about unintentional and malicious insider threat awareness into regular security training;
Set up contractors and other freelancers with temporary accounts that expire on specific dates, such as the dates their contracts end;
Implement two-factor authentication, which requires each user to provide a second piece of identifying information in addition to a password; and
Install employee monitoring software to help reduce the risk of data breaches and the theft of intellectual property by identifying careless, disgruntled or malicious insiders.
