An article in The Wall Street Journal today begins: “The biggest threats to information security often don’t come from hackers. They come from a company’s own employees.”The Journal raises a valid point, and though it’s easy to picture some bandit behind a mask and a keyboard when imagining information security threats, in today’s fast paced, fraud-invested world that’s simply not the case.Insiders pose the biggest threat because, unlike some hacker off in the Czech Republic, you’ve already bestowed upon them a powerful tool, one that is prone to exploitation: Trust.As Scott Charney, Microsoft’s chief security strategist, told The Journal, “You’ve given them the keys to the castle. The more important they are to the organization, the more access they have.” The article suggests eight precautions to take to protect your company from the enemy within. They are as follows:1) Know Your Risks. Examine and understand exactly where and how your company may be vulnerable to the misdeeds or mistakes of its employees. 2) Know Your Insiders. Perform background checks before you hire potential candidates.3) Teach Security. Most insider-related security issues are unintentional. Educate employees to avoid these mistakes.4) Classify Your Data. There is a reason why the U.S. government uses Confidential, Secret and Top Secret classifications. The key is making it simple for employees to comprehend and use the classification system.5) Limit Access. After a comprehensive classification system is developed, companies need to set access controls so the good guys get and in and the bad folks don’t.6) Use Encryption (Wisely). Scrambling your data so that it can’t be read even if someone illegally accesses it is never a bad idea. You’d be wise to encrypt any and all sensitive data.7) Monitor, Filter, Block. There is software out there that monitors, filters or blocks e-mail from employees and other related computer activities. If the Big Brother overtones don’t bother you, employing these types of software certainly doesn’t hurt. 8) Hold Employees Accountable. Employees need to know the rules regarding information security at your company, and it’s equally important that they know and understand the repercussions of breaking-or even bending-any of those rules.The Dangers Within. For the complete Journal story, read Don’t forget to keep checking in at our CSO Security Feed page for updated news coverage. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe