Warning: Insider risk – what to look out for and how to protect your organization:
Not all data breaches are from external attacks. SHI’s experts and Microsoft technology can help protect against inside threats.

 In |

Reading Time: 5 minutes

“Et tu, Brute?”

While many of us have not read Julius Caesar since high school, we may not realize this famous line also applies to today’s business environment. Your IT team is likely spending a ton of thought and resources to keep unwanted hackers and cyber threats outside of your environment. You have firewalls, require strong network passwords and constant virus scans, and keep your group policies and software patches up to date. You feel like you are more secure than Fort Knox…and you probably are – from outside threats.

But what about the potential threats inside your organization?

According to Microsoft Market Research, 25% of all data breaches are due to insider activity, and it takes an average of 77 days just to contain an insider incident. This does not include the collateral damage that could occur because of financial, reputational, or business risk after the breach occurs and information makes its way outside of your organization into the wrong hands.

Some of these breaches can be as simple as someone clicking on a phishing scam email link. However, there are also more sinister ways that your organizations data can be stolen. Employees could intentionally send confidential information outside of the company for their own personal gain. This could include insider trading, IP theft, fraud, or even malicious acts by employees who are about to be terminated.

If you have not given as much consideration to insider risks as you have given to your external threats, please consider the following scenarios.

Data risks from departing users

Whether an employee leaves the organization voluntarily or due to termination, the accessible company, customer, and user data could be at risk. While some users may assume that project data isn’t proprietary, others may take company data for personal gain, violating company policy and legal standards. In both cases, it’s important to monitor and receive alerts for suspicious activities, with and without malicious intent.

Actions and behaviors by disgruntled users

Negative and stressful events in the workplace can impact employee behavior and increase insider risks. These stressors could include a poor performance review, a position demotion, or the placement on a performance review plan. Though most do not respond with malice to these events, some disgruntled users take risky actions they may not typically consider during normal circumstances, from security policy violations to data leaks and theft.

Security policies for priority users

There are different levels of risk depending on an employee’s position, level of access to sensitive information, and risk history. Priority users may include the executive leadership team, IT administrators with extensive data and network access privileges, or employees with a history of risky activities. These cases require closer inspection and more proactive risk scoring, ensuring timely alerts for investigation and quick action.

Healthcare patient data

Protecting and detecting the misuse of health record information and patient personal data are vital to organizations’ security in the healthcare industry. These organizations must safeguard patient privacy and abide by compliance regulation, like the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Risky activities could include accessing privileged patient records and retrieving records of patients from family or close individuals with malicious intent.

Secure inside and out

As you can see, there are many reasons why you need to not just keep an eye out over your walls. So how do you protect yourself from those insiders? You may already have one option in your Microsoft estate, ready to be deployed.

Microsoft Purview Insider Risk Management provides you with a robust set of tools to keep your organization’s data safe and secure.


First, analytics tools help you look inside your organization for potential risks before you even start to set up guidelines and protocols. This helps you identify what you need to focus on before you start implementing a shotgun approach of policies that may miss the target.

Preconfigured workflows

Once you have reviewed the analytics recommendations and set up policies and alerts to address those issues, Microsoft Purview Insider Risk Management takes advantage of machine learning, best practices, and templates – giving you preconfigured workflows to monitor for suspicious internal activities and act quickly if something does occur.

Insider Risk Management comes included in some Microsoft 365 suites, and as an add-on to others. If you have one of the below Microsoft 365 suites, but have not configured Insider Risk Management, SHI can help you get started. If you don’t have the Insider Risk Management add-on, we can equip you with the technology that you need to stay secure.

  • Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)
  • Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on
  • Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on
  • Office 365 E3 subscription + Enterprise Mobility and Security E3 + the Microsoft 365 E5 Compliance add-on

You have help!

We deliver an end-to-end Microsoft experience, backed by in-house licensing and technical expertise to meet service levels, demonstrate innovation, and proactively manage your accounts and agreements.

SHI’s robust team can review your current licensing to make sure that you have the tools you need to protect yourself against insider threats. If you have the tools but have not deployed them, or are not sure where to begin or what policy templates are best suited for your organization, we can help you deploy and configure what you need to harden your IT infrastructure.

SHI has helped customers get the most out of Microsoft licensing for over 30 years, with vast experience supporting your internal and external security needs.

Protect your organization inside and out – connect with an SHI Microsoft expert to build your strategy today.