What is really meant by ‘protect against insider threat’? At first, it may conjure up thoughts of movie-style scenarios, where organised crime rings infiltrate organisations to steal millions. But insider threat, although less theatrically dramatic, can often lead to huge reputational and f financial risks to businesses and their people. More subtle, everyday and often unnoticed, it manifests in the adding of a few miles on a work trip expense claim or altering a CV qualification to appear more attractive to employers. It may not be box office gold, but it has a major impact and is, to all intents and purposes, fraud. So, to be more precise, insider threat concerns a risk that originates from within an organisation and it is a constant battle.

First, here are some myths to tackle: “It is okay to claim extra expenses or inflate working hours on timesheets”. While this is not the same as being caught with a literal hand in the till, this is still fraud. A quick search online provides many examples of employees dismissed for lying about expenses. In a similar vein, falsifying a timesheet not only violates company policy, but it is a crime and is therefore punishable. Organisations should move away from manual processes and have systems that help to cross-reference against trips and working hours: “It is not my fault if there is a lapse in security, it is the IT department’s”. Security is everybody’s responsibility in the organisation. If there are gaps, employees must be encouraged to report them. It should not pave the way for staff to exploit inefficiencies for their own gain. This is an opportunity for HR departments to help educate employees on internal security measures so they can detect and report fraud. It is also a chance for staff to demonstrate honesty and further protect their colleagues and organisation before it becomes a bigger problem.

“That was my work, therefore I own it”. Despite individuals spending their time and effort working on a project – such as a coding or data-driven document – it still does not technically belong to them. Some employees who are leaving may even believe that their ideas leave with them. However, this is an example of theft of intellectual property. There are many ways to protect intellectual property, including implementing a data security policy and regularly reviewing who can and cannot view sensitive data and it is recommended that HR departments work closely with their info security/IT teams. Finally, in a cost-of-living crisis, as we are currently experiencing, theft will inevitably increase. While many employees may currently be struggling to put food on the table, pay bills or repay debts, there are also individuals who may be disgruntled at work and feel they deserve more – subsequently turning to dishonest conduct to inflate wages. Some may even provide organised crime gangs with personally sensitive information about their colleagues or companies in exchange for cash. Whatever the ‘reason’, it is clear the role of the HR team has never been more important and a critical voice in ensuring organisations invest in sufficient insider threat controls, processes and procedures.

*Data from Cifas Fraudscape

Asad Husain is the author of Careers Unleashed – Published by Rethink Press