Risk Experts Train Companies on Insider Threat Management
Proven strategies to guard organizations against harm from within
As risk specialists, we have encountered numerous cases where trusted employees acted against the interests of a company for their own enrichment, wreaking havoc along the way. To guard against potentially devastating harm, companies must design and implement programs for insider threat management. NAFA’s experts draw on decades of experience to tailor effective programs to a company’s specific needs.
Who are the insiders and what is the threat?
An insider is any person within an organization who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems. Thus, an insider could be:
- An employee
- A board member
- A contractor
- A vendor
- A custodian or repair person
- A volunteer
The ways that insiders can inflict financial and reputational losses on an organization include:
- Breach of fiduciary duty
- Fraud
- Embezzlement and misappropriation
- Misrepresentation and failed compliance
- Trade secret theft
- Liability for employment law violations
The threat is that the insider will use access or knowledge to harm the organization, either intentionally or unintentionally. Therefore, an insider threat management program must guard against deliberate and inadvertent acts.
Essential elements of an insider threat management program
In designing an ITM program, NAFA helps companies to:
- Define insider threats within the organization — It may sound paranoid, but every time an organization trusts a person with key access to valuable resources, the organization creates an insider threat. But knowing this simple fact allows your company to understand where you are most vulnerable. Many points of vulnerability are universal, while others depend on the type of organization and the assets it controls. NAFA helps you conduct a complete inventory of risks related to insider access.
- Detect and identify insider threats — The whole point of an ITM program is to prevent risky behavior from ripening into harmful acts. At NAFA, we have seen correlations between negative behaviors and criminal conduct against an organization. For example, the employee who is chronically late and tends to leave early is more likely to be stealing inventory than the worker who clocks in early and stays late. Similarly, a manager who abuses subordinates is more likely to misappropriate company resources than a manager who demonstrates professionalism. NAFA educates companies in the key types of correlations that are red flags for insider threats.
- Assessing insider threats — NAFA performs risk analyses that enable companies to prioritize areas of concern, wherever the threat against critical business assets is greatest.
- Managing insider threats — NAFA works with companies to design and implement process controls to mitigate risk. Effective plans require both human and technological elements. Companies must also provide formal training throughout the organization, so that workers at all levels understand their roles and responsibilities. The program must include formal processes for responding to a perceived risk, communicating concern, and escalating the response so that effective action can take place before harm occurs.
An ITM program can stand alone, or it can be part of a more comprehensive corporate ethics program designed to improve your company’s overall culture. At NAFA, we believe in the power of culture to transform at-risk organizations into models of integrity and efficiency. Our programs have helped numerous client companies make ethical conduct a cornerstone of their operations. We’re ready to show you how.
Contact North American Forensic Accounting to learn more about Internal Threat Management
North American Forensic Accounting helps companies of all sizes assess their internal threat risk and take decisive steps to prevent harm. To learn more, call us at 347-286-4860 or contact one of our offices online to schedule an appointment. NAFA serves clients from offices throughout the United States, including in Philadelphia, Pittsburgh, New York City, Atlanta, Charlotte, Miami, and the Tampa Bay Area.