Insider Threats

Insider threat is generally considered the potential for an individual to use authorized access to an organization’s assets to knowingly or unknowingly do harm. The damage from insider threats can manifest as espionage, theft, sabotage, workplace violence, or other harm to people and organizations. Possible insiders include employees, contractors, vendors and suppliers.

How Do I Identify Insider Threats?

An insider threat is one that is posed by an employee or long-term visitor that has been given trusted access to business sensitive, classified data or other information of value to an adversary. For the safety and integrity of this University, all UNC Charlotte employees should be aware of how to spot insider threat indicators and warnings, and should be aware of where to report a suspected issue.

Executive Order 13587 (Oct., 2011), established a national insider threat policy for all government departments and agencies. These policy requirements flow down to personnel at UNC Charlotte. These requirements include the establishment of an insider threat program and insider threat training to keep researchers and administrative personnel informed of the signs of suspicious activities and how to report them.

Access is at the heart of understanding and characterizing insider threats. Without access, there is no “insider.” Organizations grant individuals different kinds of access, like physical entry to buildings or virtual access to computer networks.

What are the Potential Risk Indicators of an Insider Threat?

Individuals at risk of becoming insider threats and those who ultimately cause significant harm often exhibit warning signs, or indicators. Potential risk indicators include a wide range of individual predispositions, stressors, choices, actions and behaviors. The following indicators suggest increased vulnerability to insider threat, and may even be signs of an imminent and serious threat:

  • Unreported requests for critical assets outside official channels
  • Unreported offers of financial assistance, gifts, or favors by a foreign national or stranger
  • Unauthorized downloads or copying of files
  • Seeking to obtain access to critical assets inconsistent with present duty requirements
  • Attempting to conceal any work-related or personal foreign travel
  • Frequently working after hours or at unusual times
  • Attempts to expand access
  • Changes in financial circumstances (affluence or financial difficulties)
  • Repeated and continued patterns of performance deterioration

Insider risk includes:  espionage, sabotage, fraud and intellectual property theft.  See something, say something.

Whom Do I Contact?

To report suspected instances of insider threat indicators, please visit the anonymous Division of Institutional Integrity reporting tool. 

You can also report potential insider threats to the UNC Charlotte Research Protection Program, the Research Security Coordinator, or the Office of Research Protections and Integrity (ORPI).