Understand the impact of insider threats

What to do

Keep an eye out for signs of insider threats. These are risks that come from a person within an organisation.

They typically happen when a current or former employee or contractor with legitimate user credentials misuses their access to our networks, systems or data.

Not all insider threats are deliberate or malicious, take steps to avoid unintentional insider activities in your day to day work.

How to do it

Knowing what to look out for is the first step.

Examples of intentional insider activities include:

• Sharing passwords or access credentials
• Publicly disclosing classified or privileged information.
• Sharing sensitive intellectual property with a third party for personal benefit.
• Deliberately accessing off limits areas without proper authorisation.

Report suspected intentional insider threats to the Cyber Team via cyberteam@monash.edu for further investigation.

Examples of unintentional insider activities include:

• Leaving your laptop or computer unlocked when you are away from your desk.
• Misplacing your security pass.
• Discussing sensitive information in public or at a social gathering where you could be overheard.
• Accidentally CCing the wrong person on an email containing sensitive information.

Remember to follow everyday cyber hygiene to minimise risks and make a report if you believe any of our work practices could accidentally lead to a security incident.

Why it matters

An insider can misuse their access to the detriment of Monash’s networks, research and data. This misuse could lead to cyber security incidents like data breaches.