The next key indicator to look for is a sudden change in performance. An employee who generally closes six new accounts per day, but is now closing only two could be illustrative of them deflecting information or accounts to competing organizations. Performance issues can also be surfaced by customers.

The third area begins to move into the space of effective controls. Effective controls aren't simply having written policies or enforcing the principle of least privilege, they are technological mechanisms in place to proactively identify risk. In today's competitive environment, businesses cannot simply lock down all users' access; however, it is necessary to have context over which applications and devices are being introduced by users.

The final piece of the puzzle is to truly understand how users are interacting with the data. In most organizations there are pretty strong controls surrounding who can access what data, but very little accountability over what they do with the data. We need to do more than simply log which records are

being opened by a user; we must have an understanding of when people are printing, uploading, sending, or saving sensitive data, particularly to at-risk destinations.