Print this page

Insider Threat Awareness Statement

Understanding the Trusted Insider

A trusted insider is any current or former employee or contractor who has legitimate access to either Vaxa or our client’s facilities and information. With this access, a trusted insider could pose a security risk by intentionally or inadvertently compromising operations.

Some insiders deliberately seek to harm Defence by leaking classified information, sabotaging assets, or granting unauthorised access. Others may pose a risk through careless security practices, failing to follow procedures and unintentionally exposing sensitive information.

External threat groups may also target trusted insiders, attempting to gain access to valuable information, weapons, or assets. Insiders can be manipulated, coerced, or influenced by foreign or domestic threats—including media organisations seeking unauthorised disclosures. Only authorised personnel may engage with the media.

Types of Trusted Insider Activity

A trusted insider threat can take many forms, including:

  • Unauthorised disclosure of sensitive or classified information
  • Corruption of processes that allow improper decisions or actions
  • Facilitating third-party access to assets or information
  • Physical sabotage of equipment, facilities, or operations
  • Digital or ICT sabotage that disrupts systems
  • Being intoxicated or affected by substances at work, which could impair judgement and security compliance

Our Responsibility

The best defence against insider threats is awareness and vigilance. Every industry professional has a responsibility to uphold security standards and report concerning behaviours.

Indicators of Concern

Signs that a colleague may pose a security risk include:

  • Appearing intoxicated or under the influence of substances at work
  • Unusual nervousness, anxiety, or erratic behaviour
  • A noticeable decline in work performance
  • Persistent interpersonal conflicts with colleagues
  • Expressions of resentment, dissatisfaction, or bitterness
  • Financial distress, such as creditors calling at work
  • Unexplained wealth or sudden changes in lifestyle
  • Unusual or excessive interest in sensitive or classified information

If you notice any of these signs, take a moment to check in with the person. A simple conversation could help them and prevent a serious security issue. If the behaviour raises a legitimate concern, report it immediately to our Security Officer. Ignoring security risks could endanger your colleagues, property, or even national security.

This is not the time to think, “She’ll be right, mate”, or “It’s un-Australian to dob in a mate.” Security is a shared responsibility, and reporting concerns is the right thing to do.

Reporting a Security Concern

If you believe someone may be a trusted insider risk, take action by following these steps:

  1. Speak with your supervisor or manager about your concerns.
  2. Contact your Security Officer, Curtis West, for guidance on reporting requirements.
  3. Complete Form XP168 – Report of Contact of Security Concern.

Further Information

For any security-related questions or concerns, contact:

  • Vaxa Security Officer, Curtis West: disp@vaxagroup.com
  • Defence Security Incident Reporting: security.incidentcentre@defence.gov.au | Phone: 02 6266 3331
Last modified March 3, 2025: Merge pull request #15 from vaxa-tech/add-munki-docs (6d10186)