Insider threat management is the process of preventing, combating, detecting, and monitoring employees, remote vendors and contractors, to fortify an organization’s data from insider threats such as theft, fraud and damage.

An insider threat is a malicious, careless or negligent threat to an organization that comes from people within the organization such as employees, former employees, contractors, or business associates, who have inside information concerning the organization’s security practices, data, and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, or the sabotage of computer systems.

Insider threat detection can be especially difficult—and the most dangerous—because password-protected users can easily reconfigure data for the whole system. Insider threat prevention softwares are designed to track systems for unusual or malicious behavior originating from password-protected user accounts.