Making Continuous Workforce Risk Evaluation a Reality in Your Own Organization
Posted 03.04.2019 by AJ Cook, Enterprise Sales Executive
In a previous blog, we focused on insider threats as some of the toughest security problems any company can face. We also showed how success requires we leverage continuous insider risk evaluation alongside more traditional employee applicant screenings and cybersecurity protections.
Ongoing visibility into your workforce — including their circumstances both on and away from the job — delivers early insight into where and when employees may veer toward fraud, cyber breaches or other behavior that can damage your company. Nonetheless, even leaders who realize and embrace the value of such capabilities have tons of questions about implementation. So let’s take a closer look at some of the answers.
Navigating Implementation Challenges
As we consider the key issues and strategies to consider on the road to making continuous workforce risk evaluation a reality in your own organization, one thing that becomes clear early on is that, especially for larger enterprises, management of this workforce risk is not a DIY project.
In a world where even routine pre-employment screenings and background checks are typically outsourced, it simply makes no sense to try and mount the even more intensive and ongoing work of scouring countless criminal, civil, licensing, financial and other records for what might be a workforce of tens of thousands of people.
Even if you’re lucky enough to capture all that information, you’d need a powerful blend of automation and human expertise to wade through millions of possible risk events — looking for patterns and business-relevance among that flood of data to isolate the risks that are the most urgent and actionable for your company.
Amid these challenges, it’s clear that the answer to unmanaged workforce risk in your organization will likely involve finding the right partners to leverage the right strategies.
Three Big Priorities for Building the Right Solution
Many of the world’s most successful organizations have turned to Endera for uniquely powerful strategies and capabilities on continuous workforce risk evaluation. But whatever your specific approach, here are three major considerations:
Choose what to evaluate — Today’s enterprise business models play out not just at scale, but across a diverse workforce. That means you need to be selective and customized about what to evaluate. In the legal system, for instance, do you care about convictions vs. arrests, felonies vs. misdemeanors, violent vs. non-violent crime and so on? Those answers may vary depending on their relevance for the individual’s role like finance versus transportation, whether you’re scrutinizing full-time employees, part-time employees, contractors, vendors, temps or others who make up your workforce and extended supply chain.
Prioritize insights for business relevance — Even if you’re selective about what information to gather, you’re still talking about a lot of risk events. For example, Endera helped a major global airline monitor 85,000 insiders, including thousands of supply chain contractors. We detected more than 11,000 risk events in just four months. But when further analyzed for business relevance, we were able to prioritize just a small fraction of those events as critical.
Render insights actionable — From a pool of nearly 15 million possible risk events derived from more than 25 thousand data sources, Endera is able to isolate just 0.2 percent of those as actionable event insights for our clients overall. Whatever your specific approach, you should strive for that kind of advanced selectivity. Otherwise, you could get paralyzed by too many false positives or non-business relevant events that create employee privacy issues. Also, make sure you leverage architectures that align identity-focused evaluation, workflow management and risk insight reporting platforms to your own company-specific mitigation strategies.
These are just three of the top priorities as you look to make unmanaged workforce risk a thing of the past; a great start, but only part of the picture. Your approach to continuous insider risk evaluation will also have implications for compliance, organizational culture and many other factors that are worth considering. Fortunately, the right approach will bring ROI many times over in the form of enhanced operations, efficiency, safety and revenue assurance