Increasingly organisations are becoming aware of the real threat of data breaches. Those at the top of their game are quick to realise that ‘insider threat’ is one of the causes of a data breach incident. Pre-screening employees is one way to support the organisation in reducing this risk.
Unknowingly many employees fall victim to the tactics used by fraudsters to gain access to valuable company, customer or employee information. Organisations and their employees face a constant barrage of threats when carrying out their day-to-day work activities, such as unwittingly saving a document onto a USB device and losing it or transferring sensitive data files; using unprotected cloud technologies; emailing documents to a home email address, printing and leaving confidential documents on a printer. These are a few examples, but all of these can pose the risk of losing sensitive information and can contribute to increasing ‘insider threat’.
Those who manage personally identifiable information or sensitive company information are at increased risk. The volume of emails received into our accounts each day and the constant flow of these means we are all at increased risk of the phishing email. Everyone needs to constantly assess the validity of an email – in the main employees have good intentions and want to support and help in any way they can to mitigate the actions of fraudsters. And it’s not just phishing emails – whaling emails, those well-crafted emails targeted at potential high value executives or those who are in control of finance and payments are increasingly a focus for fraudsters.
On a slightly darker note there are employees who are open to bribery and this can be linked to a number of different factors, including personal financial instability. Understanding the true details and facts about someone’s identity when recruiting can support your efforts in managing insider threat. Almost 40% of UK companies are not performing background checks during the recruitment process and the cost of ‘mis-hire’ is estimated to be between four to 15 times the annual salary.
The vast majority of organisations are performing checks on executives, directors and managers, however only half screen contract workers or hourly-wage employees. A quarter of organisations screen volunteers, yet these may be the very people who interact with sensitive information, customers or vulnerable groups. Those already employed should also continue to be an area of focus, especially when they are privy to high value or sensitive information – in reality people’s situations continually change. Putting aside ‘insider threat’ for a moment, employers also have responsibility to check whether a potential employee has the right to work in the UK – if they don’t obtain this evidence, they could be liable to pay a penalty of up to £20,000.
Organisations and those leading the recruitment and employment of new and existing employees have an opportunity to take a proactive stance to safeguard the organisation, customers and employees and manage reputational damage. Those leading these initiatives continue to play an essential role in background checking a prospective employee which could reduce the risks and prevent a data breach incident or cost of an unsuccessful recruitment, but also increase retention.
Below are a few steps organisations of any size can take to reduce insider threat:
- Pre-screen candidates prior to employment to check a person’s identity matches the information given during the interview and recruitment process. As well as their financial situation and criminal checks.
- Screen existing employees at regular intervals, especially those who manage high value information or assets – by performing background and adverse financial checks.
- Run on-going educational awareness programmes for employees around the risks posed to both the organisation and themselves – outlining how they can play an active role in managing threats and potential for ‘insider threat’.
- Develop and distribute a clear corporate policy along with insight around the clever approaches fraudsters take to intercept employees through email. This is a topic everyone will be able to relate to, both at home and work and play an active role in managing.
- Create a detailed data breach response plan and team of experts who can proactively take action should a breach of data occur.
How is your organisation preparing for insider threat? Together we can help each other to manage this increasing threat.
Business Management Daily “Employment Background Checking Guidelines”
Topgrading.com “The high costs of mis-hires”
Gov.uk 25th October 2016 (https://www.gov.uk/employers-checks-job-applicants)