These days, you should be at least somewhat familiar with the external data security threats that could pose a threat to you and your business. Every few weeks a new data breach is in the news. Hopefully, you’ve taken some security measures to protect your business network and stored data.

But what about internal threats? You might have 3 employees, or you might have 3000. While they might lack any intention of damaging your data, in these hyper-connected times they certainly have the ability to inappropriately share, misuse or just leave your business data vulnerable.

Here are a few steps that you can take, on top of your (hopefully) already-implemented security measures:

1) Keep an eye on the data. Data typically moves around your company on a daily basis. When you familiarize yourself with the typical patterns of when and how data is usually utilized and shared, you will also be able to see when something unusual happens. For instance, if a number of folders suddenly get moved off of one server and onto another. Or if there is an unusually high number of users accessing sensitive data.

2) Look out for “Shadow IT”. Shadow IT are applications and tools that have not been approved your IT teams for business use. Often times these are brought into the network by employees who assume it’s OK to do so. It is critical to have rules and regulations governing these kinds of actions, and important to have plans in place when these apps or devices cause issues.

3) Monitor endpoint security. Perhaps the most basic of policies. Always ensure that the devices your employees use for day-to-day business operations (laptops, phones, tablets), have the most-up-to-date and security applications installed and that the employee understands what they can and cannot do with them. This is especially important for devices that actually store data.

4) Build an asset management plan. As mentioned above, most devices have the capability of storing sensitive data. Devise a plan to implement in the event of a lost or stolen device. The plan should be based on the ability to immediately cut off the access between that device and the company’s network and sensitive data.

The reality of doing business today means that you and your employees will need to be increasingly connected to each other and to the digital world beyond your front door. It’s unfortunate, but threats do come from inside your business and from the people you trust the most.