Since you're reading this guide, it's likely you recognize the threat insiders pose to an organization and the need to proactively build a plan to monitor, detect, and respond to potential and active threats. Insiders pose a real threat - 28% of data breaches are perpetrated by insiders, and institutional fraud is almost always an insider.

Organizations focused on security threats tend to focus on the external attacker. Solutions used to secure the perimeter, endpoints, email, and data are put in place. While absolutely necessary, they organizations lack the ability to equally protect against the insider - the employee that puts the organization at risk through either malicious intent or negligence.

Someday, sometime, an employee with access to sensitive data, intellectual property, or trade secrets is going to leave your company, which makes their departure risky to the organization. Sure, you've "trusted" them as part of their employment, but when the time comes to change jobs, you can't always be certain about the motive for the move.

The results of the SANS survey on insider threats show that organizations are starting to recognize the importance of protecting against the insider threat but struggle to deal with it; as one might expect, larger organizations are more likely to have provisions for responding to such threats.

The class of cyber actor with the greatest capacity to cause harm to organizations is not the so called state-sponsored hacker or cyber-terrorists. It is the "insider" - the company's employees, ex-employees, and trusted vendors.

There are many reasons why employees work from home. For some it's about removing distractions and finishing work. For others, productivity is thought to be higher overall. And for some, it's about maintaining a work-life balance.

Organizations seeking to meet HIPAA requirements are expected to demonstrate proper use of patient data through appropriate administrative and technical safeguards. While most organizations focus their efforts on implementing safeguards that revolve around an EHR system already designed to be HIPAA compliant, today's computing environments facilitate the ability to repurpose accessed patient data in an unauthorized fashion, quickly, easily, and conveniently.

Nearly all financial services companies and financial institutions are subject to a number of compliance mandates. The Gramm-Leach-Bliley Act (GLBA) and the Dodd-Frank Wall Street Reform and Consumer Protection Act both provide specific guidance on how financial services organizations need to protect consumer data within financial systems.