What Threats May Be Lurking Inside Your Business?

Not all those that seek to harm our businesses come from external sources. Sometimes the threat comes from within. When this happens, it’s commonly known as an insider threat. An insider threat comes from a person with authorized access to data, computer systems, or security practices who misuses their privileges in a way that harms the organization.

Individuals that could pose an internal threat include:

• Current or Former Employees
• Custodian or Maintenance Workers
• Vendors or Partners
• IT Representatives

It’s important to note that internal threats can be intentional or unintentional. An intentional insider threat is deliberate and planned and is for the personal gain of the person taking the malicious action. Sometimes, a person with malicious intent may take their stance to right a perceived injustice. Turncloak is another name for a bad actor who poses an internal threat.

Examples of intentional internal threats include:

• Unauthorized disclosure or selling of sensitive company data, including PII or PHI
• Purposeful evasion of company security policies or procedures
• Theft or tampering with company equipment or data
• Workplace violence

The motives for turncloaks can vary, but common examples include:

• Lack of appreciation from co-workers or leadership
• Termination, demotion, or a missed promotion
• Monetary gain or personal enrichment

Intentional insider threats come with serious consequences, including job loss and criminal remedy.

While most people within an organization don’t seek to cause it harm, everyone needs to be vigilant about potential internal threats. This isn’t to say that you need to police everyone you work with constantly, but you should remain observant and take note of anything that appears out of sorts. Not speaking up can be dangerous to your organization and possibly those who work in it. Addressing internal threats takes discretion, so boldly confronting an ill-intentioned actor is often not the best first strategy. Consult with leadership for guidance. You can never be too careful when a threat is lurking.

For more help addressing threats inside and outside your organization, consider contacting a professional cyber security training company like Athreon. Athreon is one of the best cyber security training companies you can partner with to help you protect your business. Why not contact Athreon for more details and a complimentary cyber security consultation?