Topic 5 - Insider Threat
What is an insider threat? An insider looks like you or
me, an employee, contractor, or someone who has legitimate access to a computer
system. Most insiders misuse or exploit weaknesses in the system. Others, due
to lack of training and awareness, can cause grave damage. To see a profile
of an insider, or learn how insider threats can affect you and what you can
do, read below.
Profile of an Insider
All insiders have some degree of physical or administrative
access to the information system. Stress, divorce or financial problems are
some examples of what might turn a trusted user into an insider
threat.
How Does Insider Threat Affect Me
So, youre wondering how insider threats can affect
you? Take a look at these scenarios to see just how common insider threats are.
- You're a loyal employee due for promotion. It doesn't
happen because a disgruntled employee wiped out two weeks of personnel data
including the record of promotion.
- Your vacation is here and you plan on paying with
your new credit card. But, your credit card is at its limit and you haven't
used it. An employee used your social security number to access your credit
card records and provided accomplices with information needed to activate
and use those accounts.
- Instead of the expected refund at tax time, you get
a notice that you owe money. An employee has been changing records and pocketing
refunds.
What Can I Do
Although there are security programs to prevent unauthorized
access to information systems and employees undergo background investigations,
certain life experiences can alter a persons normal behavior and cause
them to act illegally. Here are a few suggestions for what you can do to help
in the fight against insider threat.
- Be a conscientious computer user. Log off when your
computer is unattended.
- Protect your access information and do not share your
password.
- Be aware of your surroundings and report suspicious
behavior such as "shoulder surfing" or unauthorized persons using
a restricted terminal.
- Report to your security manager or other authorized
personnel if contacted by persons seeking unauthorized access to information.
- When in doubt, do not discuss your concerns with co-workers
but contact your security manager or other authorized personnel.
- Activate the password protected screen saver function
on your computer.
Back
| Next
Module 2
Main Menu
Resources