Preventing insider threats: Actions to help protect your business

David Pollino
Posted by David Pollino

It’s widely known that internal staff can be one of the biggest threats to a company’s information and security. I’ve recently published a detailed article on this topic in CIO Banking Outlook, and this blog post summarizes several highlights.

Sixtysomething man on the phone while peering through blinds out the window, observing something suspicious outside the window.Two types of “insider threats” have been identified by many security experts: the Accidental Fraudster (good employee, breaking bad) and the Career Criminal. These two problems need to be addressed differently.

Accidental fraudsters

The leading theory of occupational fraud asserts that three factors must be present for fraud to occur: pressure, rationalization, and opportunity. Removing just one of these factors makes it less likely the fraud will occur. An approach we’ve implemented here at Bank of the West is “Be Noisy” to help reduce the perceived opportunity.

Make noise

Banks have multiple controls, but they are not always evident to insiders; therefore they may perceive an opportunity to get away with fraud. Call out unusual behavior with your controls by sending email alerts to employees and managers. Here are some examples of using existing controls in a “noisy” way:

  • Odd-hours access: Nefarious activity commonly takes place after business hours. Create an odd-hours access alert and send an email to the team member, copying the appropriate level of management to ask for an explanation about why access is necessary at that time of day.
  • Excessive fee reversals: Research indicates that negative activity tends to start small and escalate. Finding potential policy violations, like excessive fee reversals, can catch and stop negative behavior before it escalates.
  • Exfiltration of data: Data can be stolen in many ways (e.g., email, web or cloud uploads, and through removable storage). When you see attempts to send large amounts of data in these channels, send an alert to the team member so that the activity is logged and reviewed.
  • Accounts payable: Analysis of accounts payable data cross-referencing employee information may turn up potential conflicts of interests or misappropriation of funds. Investigating phone, address, and other personal information may turn up interesting connections.

These processes only take a few minutes for all parties involved, but they promote the best outcome: Keeping the honest employee honest.

Career criminals

Career criminals will steal from you quickly. Try not to hire them. This is best addressed through good interview methods and background screening. Noisy monitoring can help catch negative behavior early and thus mitigate the damage of a career criminal. These will normally be the true positives in your noisy monitoring system.

I would encourage you to be innovative. The technology investment for these approaches is minimal; in most cases you may be able to leverage existing controls and data.

Reminder: All comments are moderated prior to publication and must follow our Community Guidelines.

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Change Matters site. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Change Matters site.