How Practical Vision deals With Insider Threats

Most Law firms recognise the need to protect themselves from cyber security and data breach issues originating from the outside world. Most will have things like firewalls, email encryption etc. There is an alarming growing trend however that is much harder to spot – The insider threat.

Approximately 75% of cyber incidents are caused by insiders. These tend to fall into 1 of 3 categories

  • Careless insiders are perhaps the most common. These employees pose risks such as having weak passwords, leaving equipment unattended.
  • Malicious insiders are much less common but the level of damage that they can inflict is amplified by their desire to cause harm.
  • Exploited insiders are often well-meaning and totally innocent employees that are tricked or engineered into providing data that they shouldn’t.

It’s difficult to find the balance between protecting your business assets and making staff feel trusted and valued. Here’s how we protect ourselves.


Absolutely no one who enters the business is issued with any equipment or passwords until they have completed some basic Cyber Hygiene training. They are shown how to create strong passwords, taught how to spot phishing attempts and briefed what to do if they think they have been compromised or have clicked on something they shouldn’t. Cyber Security is on the agenda for nearly all of our management meetings and all staff are given ongoing training and support.

Background checks 

It’s really important to know who your employees are. We run a background check on all employees who join us regardless of the level of seniority. This includes a DBS check as well as obtaining at least 2 references.

A strong access control policy 

Standard access levels are granted for each role. If a member needs elevated permissions, they must obtain authorisation from the CISO. Admin privileges are not granted during probation periods.

Robust HR Procedures

One of the most risky times for insider threats is when someone joins/leaves or changes role within the business. We operate a series of checklists which are signed off by 2 people. Contained within the checklists are items such as checking back in and wiping all equipment, removing all access rights, reassigning records to another owner etc.

Communication with staff 

Openness is key. Staff need to feel comfortable in reporting that they accidentally clicked on the malicious link but at the same time should be aware that knowingly causing a serious breech will be dealt with seriously. It’s about finding the balance.

Use gut instinct 

If someone is using their admin credentials whilst on holiday, logging on in the middle of the night from home or performing activities that just don’t feel right, this warrants investigation. Often just asking why is enough to make a malicious insider feel like they’ve been rumbled.