You Can’t Control Your Insiders

Trust is earned—we all know that—but how often do you verify that trust? Different industries have different propensities for different types of insider threats; however, they all have one thing in common—those who commit insider fraud have been in the organisation for an average period of five years. And in that time, they have built enough trust to commit a crime undetected.

This naturally leads me to this question: Can you trust every insider who works for you?
When a new candidate successfully lands a role within an organisation, that new employee is granted significant trust simply by being given access to corporate assets.

At that point, they could use their phone to take a picture of sensitive data or use an email address list to send phishing emails and viruses. Your belief that this person will represent the organisation in the best way could be betrayed within a matter of minutes.

For most firms there is a process where a new employee is placed on a temporary probation period, during which the employee and employer can consider each other’s suitability for the role and determine whether the employment relationship should continue. After which, if the new employee successfully proves their worth over the probation period, that employee will be given full trust. Sometimes this means access to greater levels of security, or simply to be in the office on their own late at night or early in the morning. They may be given keys, passwords or other kinds of access rights.

Then what happens is, from that day onward, this person’s trust will never be judged unless that person has committed some wrong.

In business, we develop trust by demonstrating our expertise and capabilities. We build credibility based on the frequency and quality of our results. To build trust, we keep showing up. Over and over again.

Yet, this merely scratches the surface of that entire human being. Who are they really? What are their intentions? What are their motivations? Are they loyal? Are they dependable?

In general, we are not particularly observant in relation to the nuances of human behaviour. In the workplace, this tendency can be more engrained, especially when there is no obvious disruption to the daily routine. As long as someone is in the office, occupying their desk or on a Zoom call, we assume everything is okay. In fact, even when someone’s behaviour is “screaming” that something is wrong, the red flag may still be ignored or overlooked.

There have been some recent steps to address mental health in the workplace, which is great, but again, the process is usually dependent on the suffering individual identifying themselves and explaining their situation. We have barely scratched the surface of human behaviour. There is still much, much farther to go.

Even in the most controlled circumstances, in the jobs where personality profiles, psychological testing and other forms of control are used, identifying how someone will behave in the future is impossible.

Someone who has been trustworthy for decades may encounter unforeseen life circumstances that overwhelmingly increase the level of risk. And this can happen in a matter of days. A doctor’s diagnosis, the death of a loved one, the burden of financial pressure… these adversities can all turn your life on its head in seconds.