The UAH Insider Threat Program Plan applies to all faculty, staff, and students with access to any government or contractor resources to include personnel, facilities, information, equipment, networks, or systems.

UAH is subject to insider threats and will take action to address threats and personnel at risk of becoming a threat. UAH will continually identify and assess threats to the organization and its personnel and implement a program with capabilities designed to reduce risk.

An Insider Threat comes from any person with authorized access to any U. S. Government or UAH resources who uses that access either wittingly or unwittingly to do harm. The best defense is an active one, which helps to identify the threat before loss of information and to serve as an effective deterrent. By reporting adverse information, suspicious activities, and other insider threat indicators, you will actively help to detect, deter, and mitigate the insider threat to UAH.

It is also key to stay up to date on your Insider Threat Awareness Training if it is required for your position.

Insider Threat Indicators:

  • Unreported requests for critical assets outside official channels
  • Unreported offers of financial assistance, gifts, or favors by a foreign national or stranger
  • Unauthorized downloads or copying of files
  • Seeking to obtain access to critical assets inconsistent with present duty requirements
  • Attempting to conceal any work-related or personal foreign travel
  • Frequently working after hours or at unusual times
  • Attempts to expand access
  • Changes in financial circumstances (affluence or financial difficulties)
  • Repeated and continued patterns of performance deterioration

DCSA emphasizes the importance of reporting suspicious emails and activities to help identify and mitigate cyber threats and protect national security. The protection of classified and proprietary information is in your hands; it is up to you to report. View the DCSA Suspicious Email Short for a more in-depth explanation.

How to Report:

If you receive a suspicious email, especially one related to security clearances or that seems to be a phishing attempt, report it immediately to ORS by doing the following:

  1. Expand the Header in accordance with our instructions.
    1. Google:
      1. Double-click the email to open it outside the Reading Pane.
      2. Click on More (three dots) next to the “reply” button on the upper right side of the email.
      3. Select Show Original.
      4. Click Copy to Clipboard on bottom right side and paste the entire header at the top of your original email and send to ORS.
    2. Outlook:
      1. Double-click the email to open it outside the Reading Pane.
      2. Click on File in the top menu.
      3. Select Properties.
      4. Find the header information in the Internet headers box at the bottom. You can copy this information by highlighting it, pressing Ctrl+C, and pasting it into a text editor.
  2. Forward the email to Janine Wilson at orsnotifications@uah.edu or janine.wilson@uah.edu
  3. Delete the email from your account.

If you observe any other type of suspicious activity or insider threat indicators, please promptly report this to Janine Wilson in-person, over the phone, or via email.

After all, you are the Center of Security!

Reference the following resources for more information:

Reporting the Threat

DCSA Insider Threat Resources