A Malicious Insider Threats occur when an insider uses their administrative privileges to access and/or harm an organization’s data, systems, or IT infrastructure. This is the opposite of an accidental insider threat or incident, where an employee causes a security incident on accident. This has happened in a myriad of ways such as exposing a database without properly securing it, not patching critical systems that subsequently are exploited, responding to phishing attacks from hackers by sending them critical or sensitive information. The point being, insiders can cause security events through ignorance, inaction, and human error.
What does this mean for an SMB?
As an SMB, there are some simple and easy ways to protect yourself against accidental and malicious incidents from insider:
- Implement the Principle of Least Privilege;
- Monitor systems to see where data is coming from and who is accessing it;
- Enable Data Loss Prevention technologies in your email to spot critical or sensitive data leaving your environment; and
- Train employees on the security basics including how to spot malicious insider behaviors.