Stacey Champagne

According to a 2018 Ponemon Institute report, two out of three insider threat incidents were found to be due to employee or contractor negligence. The annualized cost? $3.81 million.¹

When we dig into these cases, the “inadvertent,” “accidental,” or “negligent” insider typically has one of these three main excuses:

I didn’t know:

• We’re not supposed to use removable media devices.

• I shouldn’t send business documents to my personal email.

• The CEO wouldn’t ask me to purchase gift cards and respond with the barcodes.

• Who I should check with to make sure this email is legitimate.

I didn’t have:

• My work laptop because I left it at my house, car, at the airport, etc.

• The application I needed on my computer to open the file.

• The time to make sure that I was doing things securely. I just needed to get this project out the door.

There wasn’t a way:

• To securely move my personal photos off my computer.

• To work on this document on my iPad, or easily collaborate with a colleague.

• For me to report the fact that I just saw someone not acting like themselves, exiting with a large stack of printouts under their arm.

The good news is that these excuses are addressable AND they don’t necessarily require a sophisticated user behavior analytics (UBA) or data loss prevention (DLP) solution to have impact. While these ...