Insider Threats

Author: Andrew Booth
Date: July 2020

In Europe, more than 42% of large businesses have been victims of white-collar crime and with the advance of globalisation, the impact of white-collar crime (of which fraud, theft and money laundering are three significant contributors) extends around the world.

The overwhelming majority of businesses develop and deploy policy documents relating to white collar crime, anti-corruption, bribery and fraud in particular, and diligently mandate that employees complete annual training on identifying, reporting and preventing such illicit activity.

One of the mainstays of protecting businesses from the threat of fraudulent activity are the comprehensive pre- employment screening processes that a prospective hire will be required to complete during the recruitment process. But are these initial checks enough to mitigate the insider threat and protect your business?

White collar crime isn’t a new phenomenon, but it is one that businesses have struggled to grapple with; evidenced in the FBI’s estimation that white collar crime costs the US economy $500bn annually, which dwarfs the $15bn cost of personal property crimes. Clearly businesses don’t wish for employees to defraud them, but we see reports of fraudulent activity with such alarming regularity that it seems clear, as a community, we must evaluate our respective white-collar crime strategies and the tactics we employ to achieve them.

The reputational damage, not to mention the substantial fines, is significant and as a result, almost every multinational company now invests heavily in compliance.

One of the single most important factors that influence an employee’s decision to steal or to defraud their employer is likely to be whether they believe they are likely to get caught, or not. In criminology this is known as the question of deterrence. It is therefore important to understand the concept of deterrence and one of the key reasons that Synalogik propose that employees in relevant positions should be subject to ongoing personnel vetting processes or ‘aftercare’.

There will be much that contributes to creating an organisations desired culture, but the continual assessment of the risk posed by “internal actors” surely needs considering beyond the initial recruitment process?

Synalogik propose that there is deep value in the notion of ‘aftercare’. Aftercare being the commitment to care for the organisation after the employee screening process has been completed upon initial employment. This aftercare should become part of the security or compliance ecosystem for each and every organisation serious about mitigating white collar crime and there is research from academia and industry that tends to agree with an aftercare process.

For large businesses, the suggestion of continually vetting all their staff, or at least those with access and authority to release funds or make procurement decisions, seems time consuming and costly. The usual return on investment decisions need to be made of course and although it is Synalogik’s stance that aftercare would provide a return to the bottom line, it is important to note that beyond the financial implications, white collar crime can also impact morale and colleague relationships not to mention industry reputation.

Andrew Booth
Andrew is a security and risk specialist with experience in intelligence, investigations and transformational IT projects in security critical environments.