3.2.3 — Provide Security Awareness Training on Recognizing and Reporting Potential Indicators of Insider Threat

Your people are your best sensors for catching insider threats. But they need to know what to look for and have a clear way to report it without fear of retaliation.

Example 1: Include a dedicated insider threat module in your security awareness training. In KnowBe4 or your training platform, assign the "Insider Threat" module that covers warning signs: unusual after-hours access, copying large amounts of data to USB, expressed disgruntlement, or unexplained wealth. Require an annual refresher and quiz with a passing score of 80% or higher.

Example 2: Establish a reporting mechanism — this can be as simple as a dedicated email address (e.g., insider-report@yourcompany.com) or a tip line referenced in your Insider Threat Policy. Post reminders in common areas and include the reporting procedure in new-hire onboarding packets. Document that the reporting mechanism exists and that employees were informed about it — your assessor will check for evidence of both.