Organization Information

Information Security

Insider Threats: Danger from the Inside

Generally, most employees think cyber threats are external entities — outsiders trying to break into the United States Postal Service® network through social engineering methods. But, did you know that the people we work with every day can do just as much damage?

Here are two examples of possible insider threats within an organization:

1. Accidental insider: An employee who is an unintentional security risk violates security policies and does not follow cybersecurity best practices. Indicators of an accidental insider might include:

n Leaving computers or laptops not physically secured to a workstation.

n Leaving sensitive information on the desk while away from the workstation.

n Not locking the computer screen while away from the workstation.

n Allowing building entry to individuals who do not display verified identification.

2. Malicious Insider: Sometimes known as disgruntled employees, these insiders purposely try to access or steal sensitive data. Common indicators of a malicious insider might include:

n Unauthorized work at odd hours.

n Misuse of organization equipment.

n Reports of cyber harassing and bullying.

n Repeated rule violations.

n Changes in personality or wealth.

n Excessive copying of or downloading sensitive materials.

If an employee demonstrates signs of an accidental insider threat, remind them of USPS® policy for cybersecurity best practices. If the behavior continues, bring it to your manager’s attention.

If you notice activity that might indicate a malicious insider threat, immediately bring it to your manager’s attention, and send an email explaining the situation to the confidential insider threat reporting mailbox at insider_threat@USPS.gov.

For more information about cybersecurity best practices, visit the CyberSafe at USPS® websites on Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber).