Buying Everything

Another common mistake made around building insider threat programs is the compulsion to buy all sorts of technology right out of the gate. CSC's Reidy suggested buying absolutely no technology for the first six months of the program, focusing instead on talking to people and figuring out what information needed to be protected from insider threats.

"If you're not walking the halls, talking to people figuring out what you already have you're going to waste money and time. Once you're established there, then start evaluating technology," Reidy said.