Curbing Insider Threats Today Requires a Holistic Approach

October is Cybersecurity Awareness Month. It’s important to exercise sound cybersecurity best practices to protect your organization’s sensitive and valuable information against outside hackers and cybercriminals that are always identifying new ways to get to your data.

However, the biggest threats to your organization are often within your organization, not outside. While they are often not the primary focus of cybersecurity awareness, insider threats are a major cause of data breaches and cyber incidents within organizations today. Curbing those insider threats takes a holistic approach that protects your sensitive and valuable data up front, while also responding quickly to threats that are suspected or have been identified.

Challenges to Protecting Your Organization’s Sensitive Data

Protecting your sensitive and valuable data has never been more challenging, especially in a time with so many remote workers and The Great Resignation causing a reshuffling among workforces. Here are a few stats* to illustrate the challenges to protecting your organization’s sensitive and valuable data:

  • 83% of former employees said they continued accessing accounts from their previous employer after leaving the company.
  • 56% of former employees said they had used their continued digital access to harm their former employer.
  • 71% of IT decision makers in the US and UK said the Great Resignation has increased security risks at their companies.
  • 40% of American employees say they had taken data with them when they left their old jobs.
  • 74% of employers said they have been negatively impacted by an employee breaching their digital security.

One of the risks associated with insider threats is the potential for employees to access and steal your organization’s intellectual property. Even if the organization seeks and is granted relief by a court, the costs to litigate can be considerable.

A Holistic Approach to Curbing Insider Threats

Addressing insider threats today requires a combination of up-front measures to protect your data plus investigative best practices to quickly find the answers to determine what was exposed and what to do about it. Here are some best practices to protect your organization against insider threats:

Virtual Desktop Infrastructure

One of the biggest threats to the security of your data and documents is data proliferation – which has accelerated since the pandemic increased the number of remote workers in organizations. The best way to address that threat is the implementation of a virtual desktop infrastructure that controls access to the virtual desktop and prohibits storage of data and documents within remote endpoints, maintaining that data on enterprise servers instead.

Policies for Remote Device Use

The increased use of mobile devices may boost productivity, but it also increases risks of threats – both internal and external. Many organizations support the use of BYOD (bring your own device) mobile devices, but many of them don’t establish clear policies that set usage guidelines and clearly communicate the organization’s rights and interests in protecting their information. Those rights and interests may extend to the use of Internet of Things (IoT) devices such as Amazon’s Alexa when working at home, so it’s important to establish policies for the use of mobile and IoT devices that support your investigative rights to those devices if malfeasance is suspected.

Enterprise Content Management Security

The use of enterprise content management (ECM) systems to manage and protect your organization’s data is one of the best measures you can take to prevent insider attacks. ECM system security measures that protect your data can include:

  • Two-Factor Authentication: An extra layer of security if login credentials are compromised.
  • Document Level Authorization: Security to manage rights at the document level and ensure access to your most sensitive and valuable documents is limited to authorized personnel.
  • Encryption At Rest: Encrypting files at rest protects documents if the system is bypassed.
  • Intrusion Detection: ECM activity monitoring can provide notifications if authorized users attempt to access documents without authorization.

Proven Investigative Workflows

Conducting internal investigations discreetly, quickly and comprehensively is a task for experienced investigators with the right qualifications and certifications. An experienced investigations team understands how to leverage technology and proven investigative workflows to conduct the investigation quickly and effectively.

Internal investigations follow their own unique eDiscovery workflow that involves 1) custodian and data identification, 2) collecting potentially responsive data in a forensically sound manner, 3) applying advanced review and analytics techniques and technology to identify important evidence quickly, 4) quality assurance (QA) to ensure any data contradictory to the findings is identified and addressed, and 5) preparing a clear and concise report of the findings.

Time is of the essence when you’re looking to minimize the risk and damage associated with insider bad acts. Proven investigative workflows that effectively leverage technology position your organization to reduce or eliminate litigation expenses downstream while preparing your organization for downstream litigation if it is necessary.


Insider threats are often the forgotten threats to your organization’s sensitive and valuable information, but they are no less important, and the risks are just as great as they are with outside threats. There is no single measure that can address insider threats, but a holistic approach to address them which includes a virtual desktop infrastructure to centralize data for protection, policies for remote device use, implementation of an ECM system to maximize security measures for your data – plus the use of experienced investigators utilizing proven investigative workflows when insider bad acts are expected – will provide maximum protection for your organization against insider threats.

*Stats Sourced From eDiscovery Today

Published .