Mitigating Insider Threat

By Dr. Jennifer Hesterman

There is a persistent lack of research and data analysis regarding insider threats, making it the least understood and appreciated danger to an organization or venue. Countering an insider threat requires a multi-faceted approach and starts with intense screening during the hiring process.

Is there an employee in your organization that poses a threat? How would you know?

Minimizing risk should be Job #1 for all leaders and managers in an organization. Even though the security landscape is already complex with a myriad of actors and tactics, it’s crucial to factor in the growing insider threat. When you ask a security professional what keeps them up at night, the threat of a nefarious insider is often the answer.

Unfortunately, there is a persistent lack of research and data analysis regarding insider threats, making it the least understood and appreciated danger to an organization or venue. Compounding the problem, there are organizational and cognitive biases that lead managers to downplay the risk of an insider threat.

Understandably, it is hard to wrap our minds around the fact that an employee may turn against the company and his or her co-workers, perhaps even with an act of violence. Consider Aaron Alexis, the Navy Yard shooter, who killed 12 co-workers and injured three others in a secure building on a secure military installation. Insiders present the most dangerous threat since they have physical access to the premises and knowledge of its vulnerabilities.

There is a myth that these rogue employees are openly disgruntled or have outward signs of hostility at work. While recently disciplined or fired employees instigate some of these attacks, many others come as a complete surprise. I always say people have their public lives, their private lives, and their secret lives. The latter is the one unknown to employers and should be the area of most concern, as it determines the threats employees could bring to your doorstep.

Good Hiring Practices—First Line of Defense

Countering the insider threat takes a multi-faceted approach and starts with intense screening during the hiring process. A thorough employee background check is absolutely necessary. I recommend using an approach similar to that used in the government’s security clearance process. When it comes to past employment, when calling past employers, don’t simply ask about the former employee’s work ethic and productivity. Use this opportunity to probe a little. Perhaps, in the name of securing your workplace and protecting your company and its employees, it would be a good idea to ask about the emotional state of the employee. For example, were there any signs of anger, frustration or disloyalty? At the end of the discussion, ask an open-ended question: “Is there anything else you think I should know about this person?”

You should also strive to apply psychometrics to your hiring process. There is plenty of information on the Internet about how to implement these practices. If this seems too daunting, you can always hire an external company to do all your pre-employment screening. Understand that the screening process itself has many flaws—deception experts believe that 40 to 50 percent of applicants lie on their resumes and job applications, and 80% lie during full screening interviews (Douglas Whetstone, Catch the Lie: Importance of Body Language Deception Detection for Security Officials, Whetstone Security Group Inc., 2014). The potential employee is likely trying to impress the hiring manager by inflating their past work experience and abilities. Or, possibly, he or she really does have something to hide that might preclude hiring.

For those who attempt to read body language during an interview, untrained screeners are typically 50 percent accurate, while body language deception experts are between 80 and 90 percent accurate. Therefore, pre-employment screening performed by an expert is a good front line of defense for your operation.

Don’t forget to apply equal vetting to your seasonal employees, interns, and volunteers, as they bring added risk—possibly even more than permanent employees.

Need Help Figuring It Out?

Call us! Watermark has worked in highly sensitive workplaces, and we have experts who know how to identify and mitigate the risk of insider threats. We can help you protect your organization from this growing, silent problem. Don’t hesitate to contact us for advice or to formulate a plan for your organization.