What it is
Insider threat is when someone who has inside knowledge of your business – like a current or former employee – uses their knowledge to undermine or attack your business.
Protect your business
Kia pare i tō pakihi i kapatau rāroto
Protect your business from insider threat
People with inside knowledge of your business can use that knowledge to access your systems and cause issues for your business. Here's how to reduce this risk.
4 min read
How to protect your business
-
Implement a password policy
Don’t use generic passwords and logins — have a unique
for every user. If you manage your ownthe details you use to get into an online account, often a username or email address and password
:a group of connected devices
- review the rules around what kind of passwords your system will accept
- define rules that will stop the system accepting weak or common passwords.
If you manage your network on a
service, you might not be able to set the rules around password use. However, you can encourage staff to use good passwords and teach them why it's important.A term referring to services, software, or data that is online, rather than running on your device or stored on physical hard drives.
-
Back up your data regularly
Make sure you back up your files regularly. This includes the files on your computers, phones and any other devices you have. You can:
- do an 'offline' or 'cold' backup. Back up the data to an external
and then remove the hard drive from your device
The part of your device where all your data is kept.
- do a cloud backup to Dropbox or a similar online
service.
Storing a website or other data so that it can be accessed over the internet.
- do an 'offline' or 'cold' backup. Back up the data to an external
-
Limit and remove access as required
Limit your employees’ access to the systems and processes they need to do their job and no more. This is known as the principle of least privilege.
Avoid access creep — as people move into different roles within your business, make sure that their access changes to match what they need in their new role. Remove access to anything they no longer need.
-
Set up good exit processes
Have processes in place to ensure that when an employee leaves, their system logins and passwords are removed. If they have access to their emails from home, make sure that access is removed too.
Ensure that employees hand any devices, like iPads and phones, back when they leave, as well as any building passes they might have.
-
Educate staff
Make sure your staff know how to manage the risk of insider threat. Attackers will often use your employees to gain information and get access to your business.
Your employees might:
- provide information to an attacker thinking that it’s the right thing to do, or
- mention sensitive details in passing that could be overheard outside the office, for example in a cafe or bar. This is known as unwitting disclosure.
Current employees who pose a threat can also gather information through overheard conversations, or by shoulder surfing — watching over another employee’s shoulder to see login details or passwords.
They can use other employees’ details to access things that they shouldn’t, like the HR or payment system.
Get help
If you’ve been affected by insider threat, you should:
- review the access controls for your business or organisation. This means making sure that:
- everyone you employ has access only to what they need
- anyone who no longer works for you has their access to your network and systems removed
- educate your staff about insider threat so that they understand the risk it poses to your business.
Report the issue to CERT NZ
You can also report an online issue or security incident like this to us at CERT NZ.