Make it business as usual during COVID-19... Enable your workforce to work remotely with 3CX.

Insider attacks: the real cost – and how to prevent them

A Major Threat To Your Business's Security Could Be On Your Payroll...

You may not realise it, but you might have a colleague working for you that is also unknowingly helping some of the most renowned and successful cybercriminals from around the world. Unintentionally acting as a ‘double agent’, your employee is giving over your classified information, business credentials and sensitive data, and soon enough, they will take your business down from the inside out.  

So what does this mean for your business? …

Well, this may mean your computer systems might be hacked and infected by malware or your business’s sensitive information might be wiped clean. One unfortunate scenario could be you & your business being held to ransom by one of these ‘cyber crims’ in order for you to regain control of your data. Or worse yet, you may end up losing all your valuable company information, possibly permanently, if you don’t have proper data backup processes in place. 

Having to inform your customers that their personal information has been stolen would obviously have long lasting and detrimental effects on your business, brand and image. This would most certainly negatively impact your reputation well into the future and there’s no doubt that you want to avoid this situation at all costs!

insider threat to your business
cyber security

It definitely sounds like a movie plot, doesn’t it?! Although it may make for an exciting thriller, this is a very real threat that could greatly impact your business and ultimately, your livelihood. There are three main factors that can potentially lead to this. These include;

  1. One of your employees is an unintentional ‘double agent’
  2. You have a real life rogue insider working for you who knows the value of your data and sensitive business information 
  3. Credential or identity theft where fraudulent access is granted to sensitive data – an authorised person such as an employee has access to your credentials & uses them to retrieve your business data and pass it onto an unauthorised person
  • REASON 1. – Your employee is an accidental ‘double agent’.


This is one of the most common scenarios, with a prime example of ‘insider negligence’ occurring within your team. Employees with little or no cyber security training typically fail to notice any warning signs and may not realise they have visited an infected website, opened a phishing email, clicked on a dangerous attachment or come across disguised malware. 

Your staff’s lack of training can potentially lead to one or many of them unknowingly clicking on a dodgy link or opening a suspicious attachment, ultimately leaving you and your business vulnerable. Your business is then left wide open to a potential malicious attack.

It support & disaster planning to maximise your profits
data and cyber security
  • REASON 2. – You’re working alongside an ‘insider’ in your organisation.

This reason is more alarming as one of your team members who knows the true value of your data, how to easily access your sensitive data and knows where the weaknesses in your business’s cyber security are, is purposefully infiltrating your entire network and organisation. An insider with malicious intentions is usually motivated by monetary gain, but may also be out for revenge if they are a disgruntled current or former employee.

  • REASON 3. – Credential or imposter theft occurs – when an authorised person such as an employee has access to your credentials and uses them to access sensitive business information. 
Credential theft can be the most costly form of attack to recover from, with Australian business owner’s losing over $128 million to business email compromises in 2020. Due to extensive monitoring and surveillance, ongoing investigation, escalation, incident response, containment, post-attack analysis, and remediation, the costs associated with protecting and recovering from such a scenario are extremely high and definitely something you would want to avoid!

Imagine how much damage you would suffer if your company or small business was attacked like this… 

As loyal as your team are, and as much as you think they know about cyber security, as business owners, we simply can’t afford to think like this. While you might think your team knows a lot about cyber security and are aware of the signs, as business owners, we simply can’t afford to think this way. Unfortunately, your team’s credibility, loyalty and trustworthiness are not enough to survive a ransomware attack or virus stronghold. Insider attacks are a very real threat to businesses of any size, and they are happening more and more regularly every year.

IBM’s security research and analysis of 204 US organisations in 2016 reported over 4,700 insider attacks occurred over 12 months whilst a recent 2020 survey report by the Ponemon Institute revealed that the “average cost of insider threats rose by 31%, from $8.76 million to $11.45 million, from 2018 to 2020. The frequency of incidents also spiked by 47% over those two years”. 

Notably, the emergence of the remote workforce, resultant of the COVID-19 pandemic, is creating numerous new opportunities for insider attacks to be carried out. Many organisations are struggling to cover any security gaps they may be facing due to the rapid changes to their workplace and work conditions, as well as trying to deal with the various challenges relating to COVID-19 related issues. 

According to the Ponemon Institude findings, negligent employees created approximately 62% of these security incidents, averaging out to a $307,111 price tag each. Some of the fastest growing industries for these insider threats include the retail sector, which experienced a 38.2% rise from 2018 to 2020, and the financial sector, which saw a 20.3% increase over the two years. Interestingly to highlight, it took companies approximately 77 days, on average, to contain an insider threat, with irresponsible employee conduct and minimal business vigilance being the main reasons behind them.

So…how can we, as business owners, help mitigate and prevent the damage caused by such attacks? 

One of IT Leaders’ top recommendations would be to create a personalised ‘insider threat strategy’ for your business. By closely adhering to this, you & your employees could drastically minimise the risks that are posing to your business. 

In your strategy, it is vital that you address the below five key areas. It’s important, however, to remember that every company or small business is different. Consult a trusted IT support partner like IT Leaders to design a customised strategy that fits your needs and requirements perfectly.

  • Key Area 1: Regular professional training & development

In order to avoid negligent insider attacks, training your team is critical. Every employee, from the newest member of staff to top level management and the CEO, needs to go through cyber safety and security training. In this way, senior management shows that it is taking its responsibilities seriously.

In saying this, research shows that senior management tend to make technical mistakes more often than others. Since they have a higher level of access to sensitive data, they are also generally more prone to being targeted by hackers and malware.

team cyber security training

It’s important to remember that cyber security training is not just a one-off thing and should be continuously implemented to ensure your team remains up to date. In recent years, cyber attacks have become increasingly sophisticated. Criminals will unfortunately exploit and use any situation to their advantage: whether it be a global pandemic, a major legislative change, or even just the start of a new tax year. Cyber criminals will tailor their attempts to fool you and your team in any way that they can, and hence, your business as whole needs to be vigilant and always on the look out for any red flags.

It is imperative for you and your team to be aware of each and every red flag to look out for so they’re not able to trick any of you and go on to infiltrate your computer systems, IT network or access your sensitive data. Therefore, it is essential that all staff understand their obligations when it comes to data security. It is everyone’s responsibility to be aware of any warning signs, potential security risks and follow the policies and procedures that are in place to deal with these accordingly.

tailored IT cloud security
  • Key Area 2: Multi-layered security tailored to your business needs

It goes without saying that security software is vital to businesses of any size. Taking care of and maintaining the confidentiality of your clients and employees’ sensitive data is a huge responsibility. Ensuring that privacy is safeguarded at all times is of paramount importance.

If you want to protect your business’s private information, it is important that the cyber security, related software and apps you use are specifically tailored for your individual needs and customer base. It should include multi-layered protection and implementing two factor authentication can also go a long way in ensuring the safety of all information on your network & computer systems. Using this method, the user’s identity and credentials can be confirmed using a login code generated on a separate device. 

The use of biometrics across your devices could also be helpful as well, such as incorporating fingerprint, eye or palm scanners or full facial recognition to grant access. Keeping this in mind will help you to determine how encryption and erasing data remotely will help you mitigate risks. If you really want your data to be fully protected at all times, you need to follow the recommendations of a trusted IT expert. A leading professional IT partner such as IT Leaders can offer you the best advice when it comes to high level data protection, cyber security software and safety solutions that are suitable for your business and team.

  • Key Area 3: Access control

Within your business, do you know who has access to which files? Are your files accessible to everyone or only to those with the right access?

According to the 2019 Global Data Risk Report, 53% of employers found their employees were able to access more than 1,000 sensitive documents. 

The more people that have access to a file, the greater the likelihood of that file being breached and it increases its risk of being compromised or hacked. Ensuring that all files and sensitive business data is encrypted and restricting file access to those who need it is of utmost importance. Preventing access to files from those without the necessary permissions needs to be implemented, as well as having password protection for your most sensitive information.

importance of data protection
  • Key Area 4: Employee protocols upon leaving the business 

Insider threats may be malicious in some cases, and more often than not, these malicious attacks are the result of past, fired or disgruntled employees who are about to leave the company. So, what’s your current policy for employees who are leaving your organisation?

Creating one is a must if you don’t already have one. Any employee leaving the company must comply with the following:

  • Access is blocked from all accounts
  • Previously accessible files can no longer be retrieved; especially if they were previously accessed via a personal device
  • Any company-owned device/s must be returned 

The previously mentioned Global Data Risk Report also found that 40% of companies still maintained over a 1,000 unused user accounts despite not needing them activated anymore. The possibility of malicious attacks is not surprising if an employee termination or resignation precoedure is not implemented and abided by.

regular staff cyber security training to ensure microsoft 365 data protection
  • Key Area 5: Effective communication

Most likely, you already communicate effectively with your staff. For security reasons, however, it is imperative that you regularly explain the specific steps and relevant policies and procedures that are in place and the reasons behind following them.

It is possible for an employee to give the password of a restricted file to a fellow colleague out of ignorance and not understanding the ramifications or reasons behind password protection for security purposes. Employees who don’t understand why a multi-factor authentication or password manager is used may work around them, posing a security risk to the company.

It is absolutely imperative to have clear communication across your whole business in order to safeguard the sensitive data within it. Having people knowing what to do but not knowing why they’re doing it poses a much higher security risk for your business. Communication of security information on a consistent basis is therefore essential in order to ensure everyone is on the same page.

You can develop an insider threat strategy by focusing on these key areas, however it’s important to remember that other risks may exist, depending on the type of business you run, the clientele you serve and the kind of data you manage. The IT Leaders team are experts when it comes to cyber security and data safeguarding. We can help you through the entire process as well as offer continuous support packages for you and your team. 

One of IT Leaders’ primary goals is to ensure businesses remain safe when faced with data security threats of any kind. So…how can we help you? Speak to one of our friendly team today!


If you think your business may be at risk and you need professional advice regarding insider threats & cyber security, then don’t delay and contact our team of experts at IT Leaders today. We have a range of cyber security & IT support packages that are suitable for businesses of any size.

Get in touch with IT Leaders now to discuss how we can help you, your team & your business be more cyber secure!

Read More IT Leader Articles

Copyright © 2022 IT Leaders.