Each year hundreds of millions of dollars are spent on technology to ward off hackers, viruses, worms, trojan horses and other "barbarians at the gate." Yet as CISO for one of the nation's leading employee benefits organizations, it's not the threat of outside intruders that keeps me awake at night. Today, many of the biggest risks are internal — employees who through mistakes, mischief or malfeasance can cause serious damage to security of our systems and to sensitive data. This includes well-intentioned employees trying to do their job but who, by not following key policies, invite significant risk.