Please fill in the form below to subscribe to our blog

5 Ways an Employee Becomes an Insider Risk (+2 You May Not Be Considering)

January 06, 2022

Stay Alert for These Key Indicators That You Might Have a Problem!


In the course of their work, employees are frequently faced with making decisions that can positively and negatively impact their company’s security. That’s why insider risk is a constant that must be accounted for in any security plan.  Insider risk was up by more than 40% in 2021. While insider risk is not something that can be eliminated completely, it can be mitigated. Businesses can uncover potential trouble spots and take action to smooth them out before they become problems if they know where to look. These five actions by employees can indicate the presence of an insider risk that needs to be mitigated quickly to avoid bigger trouble.  

Excerpted in part from our NEW eBook The Guide to Reducing Insider RiskDOWNLOAD IT NOW>>


Start the new year off on the right foot with this checklist of smart cybersecurity practices. GET IT>>


How Do Employee Actions Generate Risk? 

More than 60% of cyberattacks in 2021 could be attributed to insiders. That’s not a problem that will ever go away. As long as human beings are doing the work at a company, they’ll make missteps or take actions that harm the company whether they mean to or not. Accidental insider risk is just as harmful as malicious insider risk, and sometimes even worse. While some insider risk can be chalked up to the cost of doing business, other factors can be controlled – and smart businesses are making spotting those potential trouble spots a priority. 

Mistakes & Accidents 

Human beings will inevitably make mistakes. That’s why the number one cause of a data breach never changes: it’s always human error. Even your most conscientious employees will make security blunders like sending someone the wrong file. Human error is responsible for an estimated 90% of security breaches according to IBM’s X-Force Threat Intelligence Index. 

Social Engineering 

Today’s sophisticated phishing scams can be hard for even a seasoned professional to see through. Employees who are not educated on risks are prime targets for social engineering, especially if they’re fearful of the repercussions of missing a message or asking for help. Over 65% of accidental insider threats come from phishing attacks. 

Inattention & Neglect  

Employees can be inattentive to security protocol when they’re stressed, rushed, overwhelmed or just confused. Those mistakes are understandable. But employees can also be inattentive to security protocol because they just don’t take it seriously, and that’s a problem. Negligent employees create over 60% of security incidents. 

Credential Mishandling 

Credential misuse is one of the fastest ways for a company to have a data breach. Employees that are writing down passwords on sticky notes or sharing administrator passwords to eliminate bothersome approval steps are putting their company’s data security in danger. An estimated 70% of SMBs had employee passwords compromised in the last year. 

Malice & Revenge 

A disgruntled employee can wreak havoc fast. Beware of employees taking data with them when they leave or selling their still functional access credentials on the dark web. Malicious actors can also directly unleash a cyberattack by deploying malware themselves. Malicious insider actions are responsible for an estimated 25% of confirmed data breaches


Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work.  DOWNLOAD IT>>


Don’t Forget About Insider Risk Created by Remote Workers 


As the global pandemic continues to impact everyone, many companies are realizing that they’ll be supporting remote and hybrid work for much longer than they were anticipating. About 90% of IT executives in an IBM survey of remote workforce cybersecurity trends believe remote workers pose a security risk in general, and more than half believe that remote employees pose a greater security risk than onsite employees. Remote workers can more easily take actions like downloading data, selling passwords, accessing systems and data that they shouldn’t, connecting unauthorized devices to company networks and more. Remote workers are also significantly more likely to fall for phishing attacks.  

For many organizations, that means that the ad hoc security measures that they put in place in early 2020 are less of a temporary solution and more of a permanent necessity. More than 70% of respondents to a recent survey of IT leaders projected that at least one-third of their employees will remain remote for the next 18 months. In fact, Gartner reports that 85% of company leaders say that they plan to allow employees to continue remote or hybrid work permanently – which means that elevated insider risk because of remote workers is here to stay too.  


Can you spot a phishing email? This infographic shows you how to detect one! DOWNLOAD IT>>


Zombie Accounts Can Also Come Back to Bite Businesses 


Old yet still active user accounts are insider risks that businesses may overlook. IT teams must be vigilant about cleaning up and deactivating old user accounts and permissions as well as removing accounts for employees who have been terminated immediately. If they’re not, those zombie accounts offer malicious insiders an excellent opportunity to strike even if they no longer work for the company. Vengeance from disgruntled former employees is a major danger. Over 90% of malicious insider incidents are preceded by employee termination or layoff, and if that employee still has a valid access credential they can wreak havoc quickly. 

Zombie accounts are a serious data breach risk. Stolen data like sensitive client information, payment card data, records and proprietary information is very valuable, and it’s not hard to sell it in the booming dark web markets. Employees who are on their way out the door are one of the biggest risks in this department. An estimated 45% of employees download, save or send work-related files before they leave their job. Former users can also sell their access, opening companies up to intrusion by cybercriminals who have purchased a password for an old user account on the dark web. Stolen legitimate network credentials go for an estimated $3,000 to $120,000 depending on the company and level of privilege on the account. 


The Computer Security To-Do List helps companies build a strong security culture. DOWNLOAD IT NOW>>


Smart Solutions Can Mitigate Insider Risk 


Companies are quickly realizing that if they want to mitigate things like insider risk and bolster their cyber resilience to prevent future trouble, they need to make sure that the solutions that they’re relying on offer both great value and great functionality.  Almost 95% of security leadership respondents in a Statista survey said that securing Digital Transformation initiatives is a cybersecurity priority post-pandemic, opening up fresh opportunity for MSPs. ID Agent can help MSPs take advantage of it.  

Dark Web Monitoring 

If employees are going to sell access, data or other valuable information, they’ll be selling it on the dark web, where they can make a pretty penny. Dark Web ID enables companies to keep an eye on credential compromises from the inside. Get the power of 24/7/365 human and machine-powered on your side monitoring employee passwords, business and personal credentials, domains, IP addresses and email addresses 

Security Awareness Training 

Organizations that regularly conduct security awareness training have up to 70% fewer cybersecurity incidents. Give employees the tools that they need to spot and stop insider threats, avoid cyberattacks like ransomware and maintain compliance with security awareness training that can be tailored to suit the needs of every unique business with BullPhish ID.   

Don’t just take our word for it. ID Agent solutions help MSPs drive revenue fast. Hear what our partners have to say about the benefits of teaming up with ID Agent: https://www.idagent.com/case-studies/  

Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to partner with ID Agent. BECOME A PARTNER>>   


get cyber resilient to avoid healthcare ransomware attacks

Don’t let cyberattacks wreck your 2022! Start your journey on The Road to Cyber Resilience now! DOWNLOAD IT>>