External Signals – A missing Gap in Insider Threat programs
In the realm of corporate security, the phrase “insider threats” often triggers images of disgruntled employees plotting to steal proprietary information or commit acts of sabotage. However, the reality is that not all insiders are threatening. More accurately, the term “insider threats” refers to potential risks that can arise from within an organization, irrespective of the source’s intentions. To better understand and mitigate these threats, a shift in focus is necessary—from just looking inwards to including external threat signals.
Traditional security measures such as pre-employment background checks have long been the first line of defense. These checks are designed to prevent individuals with questionable histories from gaining access to sensitive corporate information. However, while these measures are undeniably valuable, they are not infallible. The past is not always indicative of the future, and an individual who passes a background check may still pose a threat due to a myriad of reasons that arise post-employment.
Moreover, relying solely on pre-employment screening may engender a false sense of security, fostering the assumption that once an individual is hired, the threat is neutralized. This assumption is dangerous, as threats can manifest long after the hiring process has concluded, driven by factors such as financial stress, personal grievances, or ideological changes.
To mitigate this, an increasing number of organizations are supplementing traditional background checks with continuous evaluation, a more holistic and dynamic approach to assessing workforce risk. This approach involves regular, post-employment monitoring of signals that might indicate a potential threat. Many organizations develop a formalized continuous evaluation program, incorporating it into their broader security and risk management protocols. These programs, while varying in their specifics from one organization to another, typically involve regular checks on an array of factors like criminal history, arrest records, or civil infractions.
Continuous evaluation can encompass a wide range of signals, from financial irregularities to potential for workplace violence or fraud, that might otherwise go unnoticed. This does not necessarily mean surveilling every move an employee makes—rather, it means being vigilant about changes that could indicate risk, while maintaining respect for privacy and trust.
The practice of self-reporting is another vital tool in this context. Many organizations encourage employees to disclose any changes in their personal circumstances that could potentially impact their job performance or integrity. These changes might include financial struggles, personal conflicts, or associations with dubious entities. While self-reporting requires a high degree of trust, it also fosters a culture of transparency and accountability, further fortifying the organization against insider threats.
However, self-reporting and continuous evaluation should not be seen as punitive measures. Instead, they should be framed as supportive mechanisms to help employees navigate challenging situations. The goal is not to catch employees out but to create an environment where issues can be identified and addressed proactively, reducing the risk for everyone involved.
By implementing tools such as continuous evaluation and encouraging practices like self-reporting, companies can more effectively detect, monitor, and mitigate these threats, fostering a safer, more secure working environment. Remember, a comprehensive security strategy is one that goes beyond the point of hire and is constantly vigilant, not just of its workforce, but of the potential risk signals they may present.
While designing a continuous evaluation program may seem complex, a well-defined roadmap can make the process considerably easier and more manageable. For those who are keen to understand how to establish an effective insider threat program, our insider threat playbook is a guide to get started. From defining the scope and objectives to identifying potential risk signals and creating an action plan, this playbook offers practical steps to build a robust program.