How you can improve your company culture to stop insider threats before they happen
Insider threat incidents in the U.S. have doubled in the last two years, with businesses around the country facing 2,500 internal security breaches daily. Insider threats can cost an organization millions of dollars, but one way to combat these threats is through building a positive company culture.
With a strong company culture, coworkers will build relationships with each other. Through that, they’ll be able to recognize any strange behavior that can be a red flag for an insider threat. When this is paired with employees who are trained in spotting potential warning signs, your employees may be able to bring threats to your attention before they become a problem.
Some of these potential warning signs may include an employee keeping odd hours, getting in disagreements with coworkers, having a decline in their performance, or facing a new financial difficulty. Most insider threats will exhibit risky behavior before taking action to harm the company. While not all people who exhibit these behaviors are insider threats, a “see something, say something” mentality can help shield your company.
Sometimes the risk won’t be as obviously visible from within the workspace. In some cases, someone from the outside may try to “flip” an employee to become an insider threat by befriending them on the golf course or flirting with them at a bar. While this may not be visible within the company, coworkers who are aware of what’s going on in each other’s lives may be able to identify the potential threat before it becomes a problem.
Employee reports prove to be a key component in companies discovering insider threats. A survey done by cybersecurity company Kaspersky found that 47% of the time, companies became aware of insider attacks because coworkers reported them.
With insider threats on the rise, it’s crucial to create an environment where employees are able to recognize and report potential threats. While training is a key part of this, a positive company culture can help employees know each other well enough to identify potential threats early on. Here are three strategies a company can implement to build a better company culture:
Build a Bridge Between Security and Employees
One step companies can take is ensuring a positive relationship between security (or whoever insider threats would be reported to within your organization) and other employees. Security can be seen as the “bad guys” to employees if they’re typically punishing them for slipping up. Preventing insider threats is a cooperative effort, so make sure your security team is open to employees needing to ask questions or for clarification. If you can foster a positive relationship there, you may find there will be more reports and fewer instances of negligent insider threats.
Train Your Leaders to Create a Safe Environment
A study by the Ponemon Institute found that employee negligence is the most common type of insider threat. It’s also costing companies the most. It’s key for your company that employees feel safe to let security or leadership know when they slip up. People make mistakes. When mistakes do happen, it’s better to have a culture where employees know they can come forward.
Connect Employees to a Mission or Goal
Positive company culture can also help prevent malicious insider threats. A malicious insider can be someone who feels out of place or holds a grudge against your company. Strive to create a community within your workplace that makes employees feel a sense of belonging. Focus on commonalities, especially with your company’s core mission and values. If you can get your employees to rally together behind a common goal, you can foster a sense of unity. If an employee feels like they have a community within the company, they’ll be less likely to turn against it.
With these steps, you can start on the path to minimizing your risk of insider threat.
