Insider Threats: Employee Types Who Could be Putting Your IT Network at Risk


From Sony to Home Depot, no business seems to be immune from data breaches. However what many companies don’t realize is that an insider data breach poses a much greater risk, and in some cases, it’s the reason why these larger incidents happen.

In 2014, 50% of enterprises were using some type of data loss prevention (DLP) solution. However, these DLP solutions can only do so much — and sometimes they even hinder employee productivity. They can stop specific actions taken by employees on a particular network, but they can’t identify trends in suspicious behavior.

A more effective approach involves taking a closer look at user behavior. User behavior often provides context to activities that are flagged by network monitoring technologies and endpoint monitoring, making them more effective at catching potential threats.


The Rule Breaker

They’re the CEO or the “higher up” who doesn’t understand IT security. If they did, they wouldn’t be strong-arming your IT department into fulfilling their latest demand. They wouldn’t be asking to use a jail-broken device on your network or asking to forego a tedious, but necessary sign-in process. Because they’d already know that doing so not only breaks company policy, it puts your data at risk.

The Doer

The most important thing to the doer is getting the job done. And nothing is going to stand in the way of that — not even your company’s security policies. They’ll store their data on personal devices, use unauthorized cloud platforms to send data files and use free WiFi while they’re traveling. What they don’t realize is their convenient work-arounds could be exposing your company to potential threats.

The Rogue

The rogue is really the only one on this list who has bad intentions. They usually take the form of a disgruntled employee or a former employee. They’re the IT guy (or gal) who quit and left your IT systems in shambles as a going away present. They’re the salesperson who took all of your clients with them. Or maybe they’re working for you right now, and selling your trade secrets for some extra cash. Will your network pick up on the signals before it’s too late?

The Newbie

The newbie just got a new set of keys to your computer network and they’re ready to take it for a drive. Unfortunately, you gave them an all-access pass, instead of restricted access. So, they took it upon themselves to check out all the places where people store their files and oops, they actually deleted a few by mistake. Hopefully, you have backup.

The Goof

Like the newbie, the goof doesn’t have any bad intentions — they just don’t really know what’s going on. If there’s a phishing scam going on, they’ll fall for it. If they’re shopping online, they’ll give their credit card to an illegitimate site, if someone tries to slip into the office behind them without a security card, they’ll hold the door for them. The goof doesn’t mean it — really, they don’t — but he or she will continue to pose a significant threat, if your company doesn’t take the time to educate them on its security policies.


The right partner to help you combat an insider security threat is a trusted advisor, an IT guardian, a data protector. Someone who specializes in one thing and one thing only — your company’s security. To reach one of these security specialists, you only have to make one call. The number is 1-800-882-9919  and the company is, of course, UDT.

From 24/7 proactive monitoring, intrusion detection and protection, to customized alerting, reporting and employee training, UDT’s IT Managed Services offering takes a comprehensive approach to managing insider threats. Contact us to learn more.

Focus time, money, and effort on what really matters

Let’s build success together. 

More to explore

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:


  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,