In an earlier post we took a closer look at insider threats, including what they are. We defined them as:

A malicious, careless, or negligent threat to an organization from employees, former employees, contractors, or business associates.

Along with defining insider threats, we discussed who most often commits them and how insider attacks are not just confined to data breaches. Instead, insider attacks by staffers can involve workplace violence, sabotage to the employer’s facility and equipment, even spying and acts of terrorism.

However, something we did not mention is that insider attacks cost employers billions of dollars each year, and those costs keep climbing. Further, while the numbers have not been tabulated, they likely jumped significantly in 2020 and 2021, all due to the pandemic.

Fortunately, there are signs that suggest someone may be up to a malicious act that might endanger people, data, or property. And fortunately, some of these acts we can catch before they happen.

Here are 14 tip-offs or clues that someone might be or has committed insider threats to an organization.

People who have taken home proprietary information from an organization on a thumb drive or computer disk or transmitted this information in an email.
Anyone who asks for classified information such as proprietary information or information not necessary for them to perform their work duties.
Someone who expresses interest in areas beyond the scope of their normal work duties.
Someone found to be unnecessarily copying office material, especially classified information that, once again, is beyond the scope of their needs or work duties.
An employee that remotely accesses the computer network while on vacation, sick leave, or at odd times such as late at night or on weekends. (Obviously, this raised more concerns before the pandemic when employees set their own schedule. But we should still view this as a potential tip-off that something unsavory may be going on.)
Those who work odd hours, such as anyone who comes in earlier than most staffers, stays later, or works on the weekends. (Again, this raised more eyebrows before the pandemic, but as we begin to return to normal, this could prove suspicious.)
Someone who installs their own software programs on their computers against company policies and views restricted websites or conducts unauthorized or suspicious web searches.
Anyone who takes unusual, unexpected, or unexplained short trips to cities, local or international.
A staffer that has contact with people that is unusual, unexpected, or unexplained.
Someone who purchases things such as clothes, watches, or cars that a person in their position would not be able to afford.
Someone seen in places such as restaurants or bars with competitors, partners, vendors of their employer, or other unauthorized people.
Someone who shows an unusual interest in others working for the organization; related to this, anyone who asks questions about these individuals that are unusual or suspicious.
Anyone discovered looking into trash cans, even building dumpsters.
Someone who voices concerns to their supervisors that they believe they are being watched or listened to and asks that it be stopped.

My Take:

That’s a lot of clues. If it helps, we must remember that most people in a work setting are honest and know their work boundaries: what they can and should do, and what they can’t and shouldn’t do. It’s the ones that don’t we must be wary of.

But we must also remember that a malicious actor may engage in only one of the activities listed above. But just that one act is all it takes for an employer to become suspicious. With billions of dollars lost every year to insider threats and acts, they must.

As always, we value your feedback, which helps us shape our perspective on recent events, security, and the services we offer.

insider threats