We mustn't forget that this economic downturn has had a significant impact on people's personal lives - the threat of redundancies and pay freezes can push people to extremes in order to compensate for financial shortfalls. Having a good set of policies is key, but they need to be clearly articulated to staff on a regular basis so that they understand what is and is not, acceptable behaviour. Then of course staff need to be vigilant, in particular line managers as they are probably best positioned to spot any potential issues early.
Although statistics show a broad profile of the most likely employee to present a security threat, the truth is there is patently no universal giveaway- otherwise the problem would no longer exist. There are however some pointers, some a lot more obvious than others. The whole key to stemming any attack from the inside, as stated above, whether malicious or unintentional however, remains awareness. Awareness of how damaging sending sensitive data via non-encrypted methods can be, and awareness that a member of staff's change in circumstance or work habits could flag up something potentially of wider concern.
But line managers may not always be able to stop an obvious candidate for wrongdoing slipping through the net, staff culture is the key. It's not about providing a snooper's charter, but it's essential that staff know how and to whom they should voice their concerns in a confidential setting. More than that, they also need to know the potential consequences for the individual concerned and the organisation if they do not take any action.
There is a famous case of a CIA agent, Aldrich Ames who was a high-ranking and prolific double-agent in the late 1980's. Despite a major investigation which began in 1986 into how the Soviets were able to identify five agents recruited by the CIA, Ames was not arrested until 1994 and this was despite him and his wife living a luxurious lifestyle complete with two large houses, flashy cars etc- all on his $70,000 annual CIA salary. It was reported at the time that CIA officials were reluctant to investigate their own employees who they regarded as like members of the family. Between April 1985 and November 1993, Ames and his wife spent over $1.4 million, an incredible amount to overlook.
Change of Circumstance
That happily married man you employed three years ago - how's he getting on? Looking forward to celebrating another anniversary or has the wedding ring disappeared? A change in personal circumstances can put hidden pressure on anyone. Perhaps his divorce is causing financial hardship, or maybe an ill-judged relationship has left him open to blackmail. Is a relative abroad in trouble? Clues can show up in signs of stress in a previously sanguine personality.
Change in behaviour
A reluctance to take holidays or a preference for working long hours, logging on at odd times or working alone, could all be signs of a conscientious employee or at the opposite end of the scale, nefarious activity.
Lack of progression within the company
Some employees are not especially career motivated, but others who want to progress can feel disenfranchised and increasingly demotivated if repeatedly passed over for career advancement. In a small number of cases this could lead to bitterness towards an employer to the extent that profiting from information or causing damage to the brand could be a temptation.
This is the most common cause of security breach. Staff awareness and education is everything. Implement a 'clear desk' policy so that important information is not available for any passer-by to access.
And the last word
Communicate on a regular basis with your staff about policy pertaining to your company's particular business.
Bernadette Palmer is the senior communications consultant with The Security Company