Insider Threat & Investigations

What is an Insider?

An insider is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.

What is an Insider Threat Program?

An insider threat program is designed to identify, prevent, and mitigate risks posed by individuals within an institution who may intentionally or unintentionally cause harm. institution. It focuses on monitoring activities, securing sensitive information, and ensuring compliance with security policies.

There are three types of insider threats:

Red Flags

Please be aware of “red flags” that you may notice.

  1. Unusual Access Patterns: Accessing sensitive information that is not relevant to their job duties.
  2. Policy Violations: Frequently breaking company policies or security protocols.
  3. Behavioral Changes: Sudden changes in behavior, attitude, or work performance.
  4. Excessive Downloading: Downloading or transferring large amounts of data without a clear business need.
  5. Bypassing Security: Attempting to bypass or disable security measures.
  6. Unauthorized Devices: Using unauthorized devices like USB drives or personal laptops.
  7. Disgruntlement: Expressing dissatisfaction or resentment towards the institution.
  8. Unusual Working Hours: Working odd hours without a valid reason.

If you See something, say something. Please reach out to [email protected] with any concerns you may have.