1. Consider threats from insiders and business partners in enterprise-wide risk assessments.
Most companies protect the perimeter of their operations. You must protect inside the perimeter. Consider all persons with access to your critical assets as threats: Employees. Former employees. Contractors. Former contractors. Business partners. Many leave some "backdoor" way for them to get back in to your systems.