Understanding the five red flags of insider threats can help you educate your employees on the importance of a secure company
In the age of technology-centered work environments and remote-working employees, maintaining security and safety is an ever-growing challenge. While many security concerns for Facility Security Officers (FSOs) are based on minimizing the external forces revolving around an organization or company, what many don’t realize is the impact of insider threats, especially among those who have a Personnel Clearance (PCL).
The damage of insider threats is often hard to gauge, but the impact is clear. An analogy often used to explain the impact of insider threats is the board game Battleship. When an insider threat exposes classified information about a company or organization, the company’s game board becomes highly accessible for adversary companies to target and take down ships. Adversarial companies have an eagle eye view of the ships, while your company remains in the dark regarding the enemy’s board. That is why it’s essential for organizations/companies to develop an insider threat program to detect and prevent threats before they even happen. Disseminating information on the five red flags that could indicate an insider threat is the first step to creating and implementing a comprehensive program.
As a disclaimer, there are some important things to consider regarding the following red flags.
- The red flags of insider threats are based on behavior, not on appearance, gender, sexual orientation, religion, race or cultural background. As employees learn about these red flags, they must leave their biases at the door.
- Additionally, an employee exhibiting one of these red flags does not always equate to an insider threat. One red flag is something to take note of. When you start to see two or more, that’s when you should report it to security or local law enforcement.
Keeping these disclaimers in mind as you learn about red flags is essential to avoid negative stereotyping and a toxic and untrusting work environment.
The Five Types of Red Flags
Financial Indicators:
When employees get to know each other as coworkers, they gain an understanding of how much money each other makes based on their car, the food they eat, etc. When people begin noticing drastic changes in financial status, that can indicate a red flag. Whether it’s a clear increase or decrease in finances, it’s important to pause and question why this change may be occurring.
- Why and how did they come into new money?
- What are they using the money for?
- How is the decrease or increase impacting their behavior?
More often than not, people who quickly increase their finances are really bad at hiding it. Some examples of extravagant spending are picking up group checks, bringing in gifts, etc. This can indicate a red flag because it may be a sign that an employee is receiving additional compensation from an adversarial company/organization. In exchange for information, an employee may be getting extra funds at the expense of your company.
When it comes to decreasing finances, this is a red flag that may be more difficult to recognize but can be equally, if not more, dangerous. Adversarial companies or countries often capitalize on this vulnerable state to manipulate employees with money. The promises of debt relief can be more enticing than company loyalty which is why it is essential to be aware of how your employees are navigating times of financial gain and loss.
Criminal Conduct:
Past criminal conduct is not a red flag on its own, but unreported past criminal conduct can be a red flag. While all people make mistakes over the course of their lifetime, an employee who is not transparent about their past actions may be a red flag. Cleared employees with access to sensitive information must be willing to clarify their past experiences in order to establish a sense of trust and openness in the workplace. Additionally, repeated criminal offenses while holding a PCL should be reported and monitored.
Poor Performance or Negligence:
This red flag can often slip under the radar because it is most likely something the majority of employees unintentionally do. The simple decision to open emails from unknown sources or clicking on web links before thinking can result in compromising a company’s entire database and secure information. In fact, negligent errors accounted for 56% of insider threats in 2022 according to the Ponemon Institute 2022 Cost of Insider Threats Global Report.
For poor performance, a series of reprimands, complaints, suspensions and/or demotions are some of the ways to recognize this red flag. Exhibiting frustration or anger due to a single bad day is not cause for concern, but a series of emotional outbreaks or negative interactions with other employees should not be taken lightly. Another way performance can show up as a red flag is when an employee requests a dramatic schedule change. One of the most well-known insider threat cases in recent years revolved around former NSA computer intelligence consultant Edward Snowden. One of the red flags that Snowden exhibited was working odd hours. He intentionally requested a change in work schedule to access alone time with the classified information and fly under the radar.
Making a small mistake or shifting a schedule slightly may not be a huge cause for concern, but it is always better to be aware of changes happening within the workplace.
Substance Abuse and Addictive Behaviors:
Company security is built on the actions of each employee, and substance abuse can impact the reliability of employees in dangerous ways. When the behaviors of an individual are impacted by substance abuse or addiction, that employee typically becomes less reliable. Often, addictions come from a desire to chase a rush—doing something illegal or in excess can be exciting. But the broader impact addiction can have on a work environment is creating an unhealthy space. Addictions, if not controlled, can lead people down the wrong path with moral decisions swaying to the addiction. This is a difficult situation for a person to be in, even if they are high functioning amid their addiction. Not only should FSOs recognize the way this red flag can compromise security but also the well-being of this employee. Substance abuse and addiction should not be navigated alone, especially in an environment requiring a high-security clearance. FSOs must be intentional about helping their employees find the support and resources they need to keep themselves and the company/organization safe.
Foreign Connections:
Having foreign contacts or traveling for leisure are not red flags. Like the criminal record red flag, the issue comes into play when travel or connections are unreported. Cleared employees should realize the weight of the information they carry and represent; therefore, they must be transparent about how they intend to keep the information classified in environments outside of the work room.
Additionally, if an employee is going back and forth between countries and doesn’t have family or friends there, it is valid to question why. It is very easy for adversarial companies or countries to take advantage of employees especially when financial compensation is involved. Be aware of how travel can impact employees.
Invest in Your Insider Threat Training
It should be noted that the red flag list continues to grow and evolve as companies and organizations face new challenges each day. While this list offers a quick overview, it is essential for FSOs and Insider Threat Program Senior Officials (ITPSO) to be intentional in their insider threat programs and the way they help support their employees.
The National Industrial Security Program Operating Manual (NISPOM), now the 32 CFR Part 117, requires government contractors to maintain an FSO position and an ITPSO to create and teach an insider threat program to employees. If you and your organization are looking for more resources on identifying red flags and engaging employees with your insider threat program, Adamo can help through our FSO support services, including insider threat trainings. Contact us to learn more.
PREVIOUS POSTAn Acronym Guide for SCIFs and SAPF Construction
NEXT POSTHow to Improve Your Facility’s OPSEC
