Confronting the Insider Threat

By Laura Spadanuta

This approach takes specialized training, however. “The training actually has to be in three different areas. You have to have training for the security officers so they understand what it is they’re dealing with and how to approach it. You have to have training for the general population, so they understand that this is not a witch hunt. And then you have to have training for the management, senior management, so they understand where you’re coming from on this and so that we can ensure cooperation with the other elements like human resources. So it has to be a very comprehensive program,” says McGarvey. 

Paying to set up and maintain this type of program, including the training and reporting mechanisms, is a cost effective option when compared to intellectual property loss. However, to keep costs down, companies must figure out how they can best implement these types of programs, possibly overlaying them with security structures that are already in place; for example, augmenting the hiring process to not just look for technical skills but also social fit with the company.

If an individual does become the subject of suspicion and the company’s threat assessment team and management decide to more formally monitor that person, the company must make sure that it works with legal counsel to avoid any charges of legal misconduct and privacy violations.

Employee assistance. Where possible, the goal of all this vigilance is to catch someone at the early stages of stress and deter them from going down the wrong path. With that in mind, there are some possible mitigation strategies that may be employed to prevent someone who may be frustrated with the company, dealing with a personal crisis, or who may start considering wrongdoing from veering over into the dangerous insider threat zone. Stock notes that many companies today have Employee Assistance Programs (EAPs), and those services might be able to assist employees.

According to the Deloitte report, the EAP “can make a critical difference in interrupting forward motion of a potential insider who is in crisis and whose solution is the intent to compromise information.” The report also recommends ensuring that management is engaged. But Stock notes that companies sometimes see the red flags, and, instead of offering help, “they have a knee-jerk reaction, and they terminate them.”



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.