Site iconSite icon HospitalityLawyer.com®

Reducing the “Insider Threat” Risk

We recently provided guidance on reducing the all hazards threat to small business. Readers may remember that we touched on physical threats to your infrastructure and equipment stemming from broken or damaged structures, debris in hallways or access routes, faulty electrical lines, etc. We made brief mention of the “insider threat” but did not dwell on it since in fact it is so expansive and pervasive that companies must implement strict protocols in order to even begin to address this issue. The protocols must be followed and updated frequently to keep abreast of the dynamic nature of the insider threat.

The insider threat can be described as those hazards and risks-including physical, cyber, monetary and reputational, that are derived or stem from employees-even former employees-as well as contractors who have access to your products, patents, technology, strategic plans-including marketing plans and employee information.

Probably the most famous insider threat case is that of Edward Snowden, the former NSA contractor with broad access to some of the nation’s most sensitive secrets. Snowden, who has been indicted by the US Department of Justice on espionage and other charges, has sought asylum in Russia and has been living there for the past three years. His alleged insider activity includes theft of government secrets by downloading hundreds of thousands of classified NSA and CIA documents and subsequently disseminating them to the public through a journalist, Glenn Greewald, formerly of The Guardian. In committing the alleged activity, Snowden hurt national security by compromising sources, techniques and intelligence collection priorities and goals which are the exclusive property of the US government.

But what are some other types of insider threat activity? Consider the following possibilities:

The above scenarios are hypothetical but similar situations involving insiders have occurred in the past. The insider threat is one of the most dangerous but still it remains shadowy and hard to detect. What are some indicators that might suggest a person is or risks becoming a threat to your operations? What preventive measures can you take to protect your business? How much intrusion into or monitoring of an employee’s behavior on the job is legal?

We’ll address some of these questions in upcoming issues. In the meantime, follow us on Twitter for more advice on the insider threat and for all things security related.

Exit mobile version