Then there is the fact that the company might not have the in-house expertise or resources. Ferraro points out the difficulty in searching for criminal records. There is no comprehensive one-stop shop for all of the nation’s criminal records, so it often requires going straight to sources where the applicant has lived. Ferraro says that it might be easier for a third party, which already has relationships and an infrastructure that allows it to do those sort of checks.
On the Job
Preemployment screening is only a small part of the equation, however. Most insiders will pass any screens with flying colors because they aren’t a risk at the time of the screening. As stated earlier, insiders tend to develop their decision to do harm over time.
McGarvey says that what pushes someone over the line that makes them become a threat could be personal, like financial debt, or related to what the business is doing, which might be something like furloughs or salary cuts or actions that the employee dislikes or deems wrong, as appears to have been the case with Snowden.
And when there is movement from the idea of doing something to actually taking the action, such as stealing information, Stock says that it often begins about a month before the employee leaves the company. Companies needs to be vigilant about looking for signs of trouble to detect the move to action when it occurs. But what should they be looking for?
Behavioral changes may be one sign that an employee has become an insider threat. For example, a change in hours; an employee who used to work 9 to 5 will start working earlier or later and spending more time in the office alone. They’ll begin accessing data that they don’t need or that they never accessed in the past.
Stock adds that companies should look at what types of systems employees are accessing, who they are talking to, and what types of questions they are asking about information they normally would not be involved with.