OIT receives many questions about cyber security, especially about what users can do to protect themselves. That is why we have an active security awareness program; we want to help users become secure and make the most of technology. Good Cybersecurity practices are not that hard; you only have to know and follow a few basic steps. Let’s take a look at insider threats.

An Insider Threat is harm generated by someone we trust; sometimes it’s on purpose, sometimes it’s not. Some examples of insider threats are a frustrated employee who intentionally infects our network with a virus or a contractor who steals and sells university data to an unauthorized person(s). While rare, these types of incidents can have a profound impact and result in termination. There are common indicators to watch for, but you must use caution. Some behaviors can be due to nondeliberate circumstances, such as depression.

Indicating signs of insider threats:
When someone

• Asks for information they knowingly do not have rights to access
• Works strange or atypical hours 
  (Be careful! We work in a university environment where some services are running 24/7.)
• Asks others for their passwords or logs in “for” them
• Uploads or emails large amounts of data
• Exhibits radical change in mood, behavior, or performance
• Displays sudden access to large amounts of money

Again, use caution and always share your concerns with your supervisor or leadership. There could be legitimate reasons behind every one of these indicators. The gist is that “…things just don’t seem right.” If you see something, say something! These are just a few of the common indicators. Depending on someone’s role at the university, additional indicators may come to mind.

Tips for protecting against insider threats:

• Never share your password
• Don’t grant access to people who are not authorized
• Never store work data on personal devices
• Always lock your computer and sensitive documents when leaving them for any period of time

An Insider threat is very rare, but when it occurs, it has a tremendous impact on our organization. Technical controls can be put in place to monitor for insider threats, such as monitoring for excessive downloads across the network, but the best control is human control; when we see something that doesn’t look quite right, it usually isn’t. Share your concerns with your supervisor. Don’t take the matter into your own hands; if you SEE something, SAY something!

While preventable, here are some unintentional threats from insiders that can be easily overlooked:

(Remember that not ALL insider threats are planned to cause harm.)

• Failing to patch or upgrade operating systems
• Clicking on a link in an email from an unknown source
• Leaving unlocked desktops (screensavers with passwords not enabled)
• Lacking a PIN or 2FA on mobile or personal devices

Are these threats? You bet! Are our faculty and staff guilty of doing one or more of these things? Absolutely! We all may have done one or more of these things at one time or another. ALL of these things, intentional or unintentional, threaten our information security. By not patching or upgrading a system, the university is vulnerable. By clicking on something in an unsolicited email from someone you don’t know, you compromise your account and any shared services you access. By leaving your desktop unlocked, you potentially expose the device to others whose actions may not be so pure. Sure, there’s no malicious intent, but they are still threats.

Next time you think about Insider Threats, ask yourself, “Are there things I KNOW I should do that I don’t?” and “Did I delay upgrading because I just didn’t have time?” We’re only as strong as the weakest link. It’s not just YOUR device or YOUR data. Your actions could impact an entire department, a college, a division, or a campus.

ANYONE with a NETID is a UTK-Insider. Will you be a threat, or will you be a responsible user and steward of the university’s device(s) and data? We’re all connected; what you do (or don’t do) matters.