As a Trusted Advisor and Business it is your responsibility to be aware of new security threats to ensure your clients remain protected at all times. And I’m not talking about electronic security threats – this is about human beings. One bad employee can ruin your company’s good reputation. There are simply some things a computer cannot do, including judging an individual based on the information provided. Here are five tips to help you avoid insider security threats.
1. Background checks and employee pre-screening – The first and most obvious way to avoid hiring a person whose ethics may be questionable is by investing the time, energy and money in full background checks as well as other forms of employee pre-screening. Each potential employee should be vetted according to the position they are applying for within the company. Positions which carry larger responsibilities as well as exposure to sensitive information should require a more in-depth background check. Employees should understand that they have to pass a background check in order to be awarded the position – and keep it in the future. Background checks should include, but not limited to financial and criminal history.
2. Initial and periodic drug screening – You certainly don’t want to hire an employee that fails a drug test – and periodic screening of all staff can identify potential issues before they become problems.
3. DISC and PIAV behavioral profiling – I remember clearly how hit-and-miss our success at hiring the right staff used to be before we discovered the value of utilizing DISC behavioral profiling in our hiring process. Based upon the groundbreaking work of William Moulton Marston Ph.D. (1893 – 1947) in the (then) emerging field of psychology, DISC measures four dimensions of normal human behavior:
- Dominance – relating to control, power and assertiveness (how we respond to problems or challenges)
- Influence – relating to social situations and communication (how we influence others to our point of view)
- Steadiness (submission in Marston’s time) – relating to patience, persistence, and thoughtfulness (how we respond to the pace of our environment)
- Conscientiousness (or caution, compliance in Marston’s time) – relating to structure and organization (how we respond to rules and procedures set by others)
We have not only been able to significantly improve our success rate at hiring the right staff since implementing DISC behavioral profiling, but we have used DISC profiles to help in team-building efforts.
The Personal Interests, Attitudes and Values Profile (PIAV) shows why a person works. It describes the traits that drive a person to work; that motivate action or create resistance.
The PIAV Profile ranks a person’s attitudes based on the following six core motivators, which reflect a person’s primary interests:
- Theoretical–Truth, knowledge, objectivity.
- Utilitarian–What is useful, what will work, what will make money.
- Aesthetic–Expression, experience, harmony, beauty.
- Social–People, relationships, nurturing.
- Individualistic–Advancement, getting to the top, assertion of self.
- Traditional–Finding the highest values in life, living according to an unquestioned set of rules.
A person’s attitudes play a major role in motivation. The PIAV profile describes the major categories of motivation in terms of interests, attitudes and values. The insights gained through the PIAV profile show us why people are moved to work hard, or not, on the job. Understanding these motivators helps managers handle employees in a more productive manner in order to get the best possible work out of them.
~Integrating DISC and PIAV behavioral profiles into your hiring process will provide you a with insightful information to insure you not only get the right people on the bus, but also in the right seats on the bus – to borrow a phrase from Jim Collins. Visit MSP University to find out how to get a complimentary DISC behavioral profile for yourself.
4. 2-Factor Authentication Tokens – Implement a 2-Factor Authentication solution for all staff requiring access to sensitive internal, as well as client network and data access. Assigning tokens to your staff that support this functionality allows you to avoid providing them the administrator passwords of any devices and services supporting this ability (most newer devices and operating systems do). Review Scorpion Software for more information.
5. Make these actions a part of the company policy – Running background checks, drug screens, behavioral profiling and requiring secure authentication for potential new hires and existing staff is not the beginning and end of your responsibility as an employer. It is imperative that your company have a detailed policy which explains the rights and responsibilities of your organization as well as those of each employee. There should be no grey area as to what information is off limits or highly sensitive. The policy should also list what the repercussions are of crossing these boundaries. Security must be a part of the culture of the company.
Train managers to spot risky behavior- Managers must be in tune with the staff in order to spot changes in behavior that might indicate a security risk. While it is important for managers and employees to have an open and hopefully friendly relationship, close personal relationships should be avoided. Small companies have the advantage of fewer employees, yet any size company must make it a point to pay attention to changes in the behavior of their workers. Recognizing personal, financial and emotional problems in employees may be the best way to address and eliminate a security risk before it becomes a major problem.
Technology improves each day and in many cases makes our lives much easier; however at the end of the day, the human factor remains the one thing that technology cannot control. Therefore it is up to the owners and management team to create an atmosphere which stresses the need for security and the consequences should employees fail to meet that requirement. It is also important to remember not to treat your employees in such a negatively security-conscious manner that it creates disgruntled and unsatisfied employees who then become the very thing you are trying to avoid – an insider security threat.
A happy workplace with specifically documented policies messaged consistently will create happy employees and happy employees are less likely to risk their job and their freedom with risky behavior.