Insider Threat (Accidental)

What You'll Learn in Insider Threat (Accidental)

• Identify the behavioral patterns that lead to accidental data exposure in email workflows
• Apply data classification labels to documents based on sensitivity level and audience
• Execute incident reporting procedures within the first 15 minutes of discovering a data leak
• Configure email safeguards including send delay, sensitivity labels, and recipient verification
• Distinguish between accidental and malicious insider threat indicators for appropriate escalation

Insider Threat (Accidental) Training Steps

1. A Busy Monday Morning

   Welcome to Brightpath Analytics! You are Alice, a project manager on the client services team. It's Monday morning and your calendar is packed. You have a compensation review meeting with HR on Wednesday, and a client proposal that was due last Friday. Your inbox is overflowing and you're already behind.

2. Confidential HR Data

   An email arrives from Priya Sharma in Human Resources with the Q3 compensation data Alice needs for Wednesday's meeting.

3. The Waiting Client

   Alice notices the confidential warning in the HR email. She saves the spreadsheet to her downloads for the Wednesday meeting.

4. The Rushed Reply

   Another message arrives - James Porter at Pinnacle Corp needs the project proposal by end of day. Under pressure, Alice rushes to reply. Both files are in her downloads - the confidential HR spreadsheet and the client proposal. In her rush, she grabs the wrong one.

5. DLP Alert

   Minutes later, an automated alert appears in Alice's inbox. The company's Data Loss Prevention system has flagged her outgoing email.

6. The Realization

   Alice's stomach drops. She just sent the entire Analytics department's salary data - names, compensation figures, bonus amounts, and performance ratings for 47 colleagues - to an external client. This isn't a phishing attack. There's no malicious actor. Alice made a simple, human mistake under time pressure. But the consequences are just as real as any cyberattack.

7. Reporting the Incident

   Alice knows she needs to act fast. She opens the Security Incident Portal to file a report.

8. Filing the Incident Report

   The incident report form asks Alice to describe what happened. She provides a clear, factual account - what was sent, to whom, and how it happened. The security team needs accurate details to assess the scope and begin containment.

9. Report Submitted

   The portal confirms the incident report has been submitted and assigned case number INC-2024-0847. The security team has been notified and will begin their response immediately.

10. Security Team Response

    An hour later, Alice receives an email from the Security Operations team with an update on the incident.