Insider threat - Managing people security
Published on 22 January 2020
Contents
- Introduction
- What is financial crime?
- What is ‘insider threat’?
- The Fraud Ratio
- Unusual behaviour in the workplace
- Risk areas
- What types of threat do organisations experience?
- What does the insider threat look like?
- Privileged users
- Robust recruitment
- Behavioural 'red flags'
- What can you do to protect your organisation?
- Conclusion
- Glossary of terms
- References and additional reading
Robust recruitment
‘The first line of defence against fraud is to make sure you don’t employ fraudsters in the first place’ (CIPD, 2012)
Joiners
It is vital that we take the time to recruit the correct people into our organisation. The application process should allow the recruiting organisation to carry out sufficient vetting to ensure that the person being appointed is suitable for the role. Checks on identity, references, qualifications etc should be independently carried out and consideration should be given to having the candidate sign a declaration allowing their personal information to be used for fraud prevention checks such as checks with the Department for Work and Pensions, Her Majesty’s Revenue and Customs amongst others.
Enhanced vetting may be appropriate depending on the role, for instance someone with authority over a large budget should perhaps be subject to increased scrutiny to ensure their fitness for the role.
Movers
Moves and promotions also create an opportunity to tighten up processes. Internal applicants often have a level of trust with their employer and fellow employees by virtue of their past reputation but that does not mean that they do not pose a threat. Similar pre-employment checks should be carried out when someone is moving position within an organisation as would be carried out if they were new to the organisation.
Individual accesses should be reviewed in preparation for any employee’s move to ensure that employees are not accumulating access to sensitive materials or locations.
Leavers
Just as we need to manage people during employment, we also need to have robust processes in place when people leave our organisations. Leavers, particularly those who have become disgruntled, pose a risk. System access should be efficiently and promptly managed to ensure that this risk is reduced to a minimum.
When it comes to the recruitment process, Human Resource departments are increasingly acting in an advisory role. This means that there is increased responsibility on recruiting managers to ensure that they are aware of and adhere to all policies surrounding the recruitment process. It is also incumbent upon them to carry out pre-employment checks and to satisfy themselves that they are recruiting appropriately qualified and suitable people to the roles that they are trying to fill.