Go Back Arrow

How To Spot an Insider Cybersecurity Threat

Cybersecurity is more than just protecting yourself from people outside your company; it’s equally as important to protect yourself from actions taken within your company.

Written by Adam Bovan

December 2021

How To Spot an Insider Cybersecurity Threat

Accidents and careless mistakes from your team are among the most common causes of data breaches. Moreover, you also may need to protect yourself from the negligence of third-party suppliers or disgruntled employees.

Below are some signs of insider threats and how to spot them.

Bad habits.

The most common insider threat when it comes to cybersecurity are careless mistakes made by well-meaning staff.

While your team members may not mean to cause a data breach, they still might increase your risk by clicking a wrong link, storing files on private devices or sharing passwords.

Keep your eyes and ears peeled for careless attitudes towards cybersecurity. This could be more subtle than you realise.

For example:

  • Has someone sent you a work file from their personal cloud software?
  • Have you been copied into an email thread where someone has shared a password with no thought to security?
  • Has someone told a colleague they’ve turned off two-factor authentication because it’s “too much hassle”?

It’s easy to forget or make a mistake, so in these instances, reinforce security policies and help people embrace a culture of cybersecurity.

Permission requests.

If a colleague asks for you to grant access to certain sensitive files, this could be a genuine request related to a job they’ve been asked to complete.

However, if it does seem out of the ordinary, it’s best to double-check whether they really need access to that file.

For starters, an unusual request could be someone with malicious intent trying to access sensitive data. Or, at the very least, giving full access to someone who doesn’t need it increases the risk of an accidental leak.

Activity logs.

If you use a secure programme like Microsoft 365, you’re able to view and track who accessed what files and at what times.

This data can give you a lot of insight into people’s behaviour in and outside of work.

Things to watch out for include:

Accessing and downloading files at odd times of the day – such as evenings and weekends.
Failed login attempts or access attempts.
Attempts to access data outside of their permissions.

Of course, if someone is working odd hours or has forgotten their password a few times, it doesn’t automatically mean they’re trying to breach security. But, it’s best to check in if you find their behaviour out of the ordinary.

Strange behaviour.

We’ve talked about strange work patterns, but what about behaviour towards colleagues?

Insider threats can often be picked up by a person’s change in behaviour or circumstance.

For example, unhappy employees looking to do some damage might have a negative attitude towards work, decline in work performance or even be over-enthusiastic about their projects.

Meanwhile, people abusing cybersecurity rules for their own gain may have an unexplained change in their personal financial situation, be talking to competitor companies or suddenly quitting out of the blue.

Again, these behaviours don’t automatically make a person guilty – but it’s best to be aware of the signs.

Do you want to know how you can strengthen your company’s cybersecurity? Get in touch today to find out more.

Expect more from your IT company

Don't let your IT go to waste, make the most out of your technology through our guidance, advice and services.