Insider threat - Managing people security
Published on 22 January 2020
Contents
- Introduction
- What is financial crime?
- What is ‘insider threat’?
- The Fraud Ratio
- Unusual behaviour in the workplace
- Risk areas
- What types of threat do organisations experience?
- What does the insider threat look like?
- Privileged users
- Robust recruitment
- Behavioural 'red flags'
- What can you do to protect your organisation?
- Conclusion
- Glossary of terms
- References and additional reading
What can you do to protect your organisation?
The first thing we must do is understand our assets. We discussed earlier the types of asset that could be at risk i.e. data, money and property. Once we understand how these assets could be targeted, exploited or misused, we can begin to identify the weaknesses and build our defences.
In every aspect of our business, we must adhere to our legal and compliance obligations. Take for example the introduction of the Data Protection Act 2018 and how that impacts on the way we collect, process and store personal data. If our processes are not robust enough and we lose control of our data, we could be facing serious monetary fines as well as negative publicity and reputational damage.
We must ensure that we have adequate policies and procedures in place to cover all aspects of our business. Equally importantly, we must ensure that we check compliance with those policies and procedures. All too often adopted practices vary considerably from required processes. If we are not regularly checking policy compliance, we increase the risk from mistakes or from the insider who realises that there are weaknesses that aren’t being monitored.
We should regularly review employee permissions to ensure that they only have the required access to carry out their job. This not only provides assurance that employees aren’t looking at information they have no business requirement to see, it protects them from being accused of inappropriately accessing data.
Separation of duties is a simple concept that prevents one person being able to complete an entire process in isolation. It limits the opportunities for someone to commit a crime against the organisation or to make a damaging error because there is always another person involved in checking and verification. This two-person process can be jeopardised when departments are short staffed but it is important that we do not let that happen as this opens the process up to unnecessary weakness.
Having better awareness of our organisation and its people strengthens fraud resilience. Supporting behavioural changes help us to identify deliberate or unintentional organisational threats.
We have a number of options to tackle suspicions of fraud and we must always bear in mind that suspicion is only that. There may be a reasonable explanation for the behaviours that we are noticing but we need to address our concerns to get to the bottom of the situation.