An insider threat is a type of cyber attack that originates from within your own business. For example, a disgruntled employee trying to cause malicious damage, or a partner or contractor trying to steal and sell your information to a competitor.

As businesses prepare to return to work they will be expected to show greater flexibility towards employees working from home. Remote working was already a growing trend in many businesses and has become even more popular since the pandemic struck.

There may well be some upsides to businesses offering employees the option to work from home, but one potential downside is the rise of insider threats.

To secure your business against insider threats effectively your security measures and policies must understand what insider threats look like to your business and be able to detect and prevent them proactively.

We’ve outlined some tips below that all businesses should consider now that more of their employees are working remotely.


Now maybe a good time to review which employees have access to which systems and with what level of permissions. Ask yourself “do they really need it?”. This is good practice for a business to get into on a regular basis anyway, but even more so now with more employees working remotely. Always follow the principle of granting least permissions, meaning only giving staff the minimum level of access they need to do their job.

Data Loss Prevention

Data loss prevention is a set of tools and processes put in place to ensure confidential or sensitive data is not stolen or removed from your organisation without your knowledge. For example, if someone tried to email credit card details or National Insurance numbers outside the organisation DLP would block this.

Rights Management

Control who can do what with files within your organisation with a Rights Management System (RMS). This can provide granular permissions on what staff can do with files and data. For example, you may want staff to have access to some sensitive files but not be able to save them to a USB stick or email them externally.

Monitoring and Alerting

Use monitoring and alerting systems to keep you and your IT team informed of what staff are doing and flag up any suspicious activity. It’s crucial to know what is going on, both historically and in real time.

If you require any help to secure your IT systems in this more remote world then we are here to help.

Greystone: Making sense of IT and software solutions