Protect your business
Kia pare i tō pakihi i kapatau rāroto

Protect your business from insider threat

People with inside knowledge of your business can use that knowledge to access your systems and cause issues for your business. Here's how to reduce this risk.

What it is

Insider threat is when someone who has inside knowledge of your business – like a current or former employee – uses their knowledge to undermine or attack your business.

Learn about insider threat

How to protect your business

Implement a password policy

Don’t use generic passwords and logins — have a unique login for every user. If you manage your own network:

  • review the rules around what kind of passwords your system will accept
  • define rules that will stop the system accepting weak or common passwords.

If you manage your network on a cloud service, you might not be able to set the rules around password use. However, you can encourage staff to use good passwords and teach them why it's important.

Create a password policy for your business

Back up your data regularly

Make sure you back up your files regularly. This includes the files on your computers, phones and any other devices you have. You can:

  • do an 'offline' or 'cold' backup. Back up the data to an external hard drive and then remove the hard drive from your device
  • do a cloud backup to Dropbox or a similar online hosting service.

Backups for your business

Limit and remove access as required

Limit your employees’ access to the systems and processes they need to do their job and no more. This is known as the principle of least privilege.

Avoid access creep — as people move into different roles within your business, make sure that their access changes to match what they need in their new role. Remove access to anything they no longer need.

Where possible, split tasks between roles so that responsibility is shared by more than one person. For example, if it takes two people to approve an invoice (one to process the payment and another to authorise it) it’s less likely that anyone will be able to take advantage of the payment system.

Set up good exit processes

Have processes in place to ensure that when an employee leaves, their system logins and passwords are removed. If they have access to their emails from home, make sure that access is removed too.

Ensure that employees hand any devices, like iPads and phones, back when they leave, as well as any building passes they might have.

Educate staff

Make sure your staff know how to manage the risk of insider threat. Attackers will often use your employees to gain information and get access to your business. 

Your employees might: 

  • provide information to an attacker thinking that it’s the right thing to do, or 
  • mention sensitive details in passing that could be overheard outside the office, for example in a cafe or bar. This is known as unwitting disclosure.

Current employees who pose a threat can also gather information through overheard conversations, or by shoulder surfing — watching over another employee’s shoulder to see login details or passwords. They can use other employees’ details to access things that they shouldn’t, like the HR or payment system.

Get help

If you’ve been affected by insider threat, you should:

  • review the access controls for your business or organisation. This means making sure that:
    • everyone you employ has access only to what they need
    • anyone who no longer works for you has their access to your network and systems removed
  • educate your staff about insider threat so that they understand the risk it poses to your business.

Report the issue to CERT NZ

You can also report an online issue or security incident like this to us at CERT NZ.

Get help now