Cyber Security 101 – Insider Threat
OIT receives a lot of questions about cyber security, especially about what users can do to protect themselves. That is why we have an active security awareness program; we want to help users become secure and make the most of technology. Good Cybersecurity practices are actually not that hard; you only have to know and follow a few basic steps. First, we’ll take a look at Insider Threats.
An Insider Threat is generated by someone we trust who causes harm on purpose. One example is a frustrated employee who infects our network on purpose with a virus or a contractor who steals and sells university data to an unauthorized person(s). These types of incidents are very rare, but when they do happen, they can have a profound impact and can result in termination. There are indicators to watch for, but you must use caution. Some behaviors can be due to other circumstances, such as depression.
Indicators – Someone…
- Asks for information they know they do not have rights to access
- Works strange hours (Be careful! We work in a university environment where some services are running 24/7 and are operated by remote staff.)
- Asks others for their passwords or logs in “for” them
- Uploads/emails large amounts of data
- Has a radical change in mood, behavior or performance
- Has sudden access to large amounts of money
Again, use caution and always share your concerns with your supervisor or leadership. There could be legitimate reasons behind every one of these indicators. Sometimes, things happen just due to an oversight or a mistake/miscommunication. The gist is that “…things just don’t seem right.” If you see something, say something! These are just a few of the common indicators. Depending on someone’s role at the university, others may come to mind.
Here are some common tips for protecting against insider threats:
- Never share your password
- Do not give access to people who are not authorized
- Never store work data on personal devices
- Lock your computer and sensitive documents when leaving them for a period of time
An Insider threat is very rare, but it has a tremendous impact on our organization when it occurs. There are technical controls that can be put in place to monitor for insider threats, such as monitoring for excessive downloads across the network, but the best control is the human control; when we see something that doesn’t look quite right, it usually isn’t. Share your concerns with your supervisor. Don’t take the matter into your own hands.