Inside the insider threat: A conversation with Sarah-Jill Lennard

Fraud and cyber-attacks may not be the same thing, but the guiding principles for protecting your organisation from both are strikingly similar. Following Cifas’ Insider Threat Week, we spoke with Sarah-Jill Lennard, a cybersecurity expert and Non-Executive Director at Cifas, to explore how a holistic approach – one that integrates both people and technology – is the key to tackling insider risk.

1. Insider threats are a major concern for businesses. What’s the best way for organisations to tackle them?

Whether you’re trying to stop a cyber-attack from within or outside the company or prevent physical theft by an employee, one thing is true: it’s always harder to deal with the consequences than to prevent the risk from materialising in the first place. Organisations should follow the ‘Prevent, Detect, Respond’ approach.

Prevent

• Hire smart – the recruitment process matters. Vetting checks should be in place not just at hiring, but across an employee’s lifecycle. When you take advantage of the help available to you – such as doing criminal record checks and verifying references – you’re much better able to look for negative indicators or unusual patterns that could indicate a risk.
• Share cross-sector data and intelligence – Cifas members can cross-check potential hires via the Insider Threat Database to help ensure they’re bringing in people they can trust.
• Set expectations from day one – make company policies crystal clear to new recruits and deliver the same messages to existing staff so it’s uniform. Employees should know exactly what they can and can’t do – whether that’s handling company data, using personal devices, or accessing certain systems. Consistency is key too, so make sure employees are reminded of the rules.
• Limit access where needed – if it’s easy to steal – whether it’s money, equipment or data – some employees may be tempted. Ensure technology safeguards are in place to prevent malicious downloads, unauthorised data transfers, and other insider threats.

Detect

• Use technology to your advantage – electronic systems are crucial for spotting suspicious activity. Ensure more than one person has oversight of key systems and accounts to identify anomalies.
• Leverage CCTV and entry logs/pass information – these can be invaluable when investigating incidents, especially if theft of cash or equipment on your premises is involved. Do make sure your CCTV systems are GDPR compliant though.
• Encourage open conversations – leadership should talk about the insider risk and make it clear that insider theft is not acceptable. Good managers make a difference, especially those who understand their employees and offer support when others might not spot concerns. Astute leadership and employee engagement can help to prevent issues before they escalate.
• Create a safe space for whistleblowing – employees are your first line of defence. Provide them with confidential channels to report concerns.
• Work collaboratively across internal departments – ensure your HR, IT, cybersecurity, fraud and legal teams work together effectively, to maximise your chances of detecting insiders.

Respond

If insider activity is suspected, there are a number of ways to react depending on the circumstances. For example:

• Evidence gathering – you need some proof not just vague suspicion before taking action.
• Follow the right process – work with HR and relevant teams to address the issue professionally.
• Don’t let the problem rumble on or escalate – ignoring it can lead to greater financial and reputational damage. The longer it goes on, the more will be lost.
• Involve law enforcement if necessary – if a crime has been committed, it warrants police action, so get your senior’s support to report it to the police.

2. Our Learning Survey research shows that 50% of key decision-makers in large businesses worry about insider threats. Yet not all organisations are actively addressing the risk. Why?

Unfortunately, some companies think they’re ‘too busy’ with front-facing priorities. Others might assume preventing theft is common sense – however, failing to implement safeguards leaves gaps open for exploitation.

There are also organisations where management finds the subject distasteful, preferring instead to claim, “we trust our employees”. Some individuals also avoid discussing the negative and prefer instead to focus solely on positive achievements. But fraud prevention and reducing insider risk is a good, strong step forward and needs to be a core part of any organisation. When it’s done right, it can in fact be a boost to a company’s culture and success.

Importantly, prevention doesn’t have to be expensive. Most solutions are cultural, not costly. Simple measures – like clear policies, employee screening, and using existing technology more effectively, as mentioned earlier – can significantly reduce risk and don’t require a huge investment other than a commitment to tackling fraud.

3. When employees steal from their employer, what’s at stake?

The impact of an insider threat can be significant. Making sure your business is water-tight and that vulnerabilities cannot be exploited by theft and other dishonest conduct is critical. If the opportunity is there, some employees will take from their employer, and individuals who didn’t start out intending to steal, may do so if it’s easy.

If a staff member becomes disgruntled, it can have a ripple effect on your organisation. Feeling undervalued can not only harm workplace culture but may also motivate individuals to carry out dishonest behaviour – especially if they’re facing financial strain and see theft as a way to make ends meet. Some may even justify their actions by convincing themselves they’ll pay the money back or that the company ‘deserves it’.

Organisations also store vast amounts of valuable data and assets, making them a tempting target – especially for employees preparing to leave. Some may take sensitive information with them to a competitor, putting your business at an immediate disadvantage.

Not only is financial damage at stake – and the loss of IP and personal data – but there’s reputational risk too which can seriously impact client trust. Insider threat should not be underestimated – a single significant incident can make life difficult for an organisation to recover.

4. How does Cifas help organisations stay protected from employees who steal?

Anyone can become an insider threat because circumstances change, and opportunities arise. Organisations need to stay proactive and aware.

Prevention is better than the cure. Through Cifas’ Insider Threat Protect solution, organisations can access the Insider Threat Database to help them screen employees and mitigate risks before they arise.

Cifas also encourages collaboration. Having the opportunity to share data and intelligence across different sectors is vital when spotting inconsistencies and trends. Different people working in different roles might identify suspicions that you’re not aware of, or that you might not even detect in your own organisation, so it’s important to discuss with those you might not work with on a day-to-day basis.

Finally, Cifas offers educational opportunities to enable organisations to mitigate insider threat risks and investigate concerns before it’s too late. For example, members can learn about fraud trends and emerging threats and build knowledge by attending the Insider Threat Week. Individuals can also upskill in fraud prevention through Cifas Fraud and Cyber Academy courses and the Digital Learning programme.

Addressing insider threats requires a holistic approach that balances people, technology, and strong organisational culture. By staying vigilant, fostering trust and transparency, and leveraging the right tools, businesses can stay one step ahead of insider threats and keep their workforces safe.