What it is
Insider threat is when someone who has inside knowledge of your business – like a current or former employee – uses their knowledge to undermine or attack your business.
How to protect your business
Implement a password policy
Don’t use generic passwords and logins — have a unique login for every user. If you manage your own network:
- review the rules around what kind of passwords your system will accept
- define rules that will stop the system accepting weak or common passwords.
If you manage your network on a cloud service, you might not be able to set the rules around password use. However, you can encourage staff to use good passwords and teach them why it's important.
Back up your data regularly
Make sure you back up your files regularly. This includes the files on your computers, phones and any other devices you have. You can:
- do an 'offline' or 'cold' backup. Back up the data to an external hard drive and then remove the hard drive from your device
- do a cloud backup to Dropbox or a similar online hosting service.
Limit and remove access as required
Limit your employees’ access to the systems and processes they need to do their job and no more. This is known as the principle of least privilege.
Avoid access creep — as people move into different roles within your business, make sure that their access changes to match what they need in their new role. Remove access to anything they no longer need.