Insider threat - Managing people security
Published on 22 January 2020
Contents
- Introduction
- What is financial crime?
- What is ‘insider threat’?
- The Fraud Ratio
- Unusual behaviour in the workplace
- Risk areas
- What types of threat do organisations experience?
- What does the insider threat look like?
- Privileged users
- Robust recruitment
- Behavioural 'red flags'
- What can you do to protect your organisation?
- Conclusion
- Glossary of terms
- References and additional reading
Introduction
Public sector organisations have to manage an increasing number of risks to their assets, data and reputation. In the midst of this struggle, it can seem reassuring that all of our employees are committed to the same goals as the organisation. Unfortunately, evidence tells us that this cannot be assumed. The risk from a small minority of our own people is ever-present and its impact often reported in the media. This guide provides a framework for us to understand ‘people security’, also known as ‘insider threat’, with particular emphasis on financial and other acquisitive crime.
Financial crime committed within the context of, or against, the NHS and our other public services in Scotland not only results in the loss of resources but it erodes trust and confidence across society.
Every penny of public funding is vital to providing the services that the people of Scotland expect and deserve. Protecting that funding is not just a job for Counter Fraud Services or our partner organisations; everyone has a part to play in safeguarding those resources regardless of their role in an organisation or as a private citizen.
While the vast majority of people reading this guide are honest, professional and hardworking, we cannot escape the fact that there are those who, for a variety of reasons and circumstances, fall short of our expectations and who use their position for some form of personal gain. It is up to us to recognise the warning signs and safeguard the money and resources that should be used to provide the world class performance that we have come to expect from our NHS and other public services.
This guidance will introduce you to the threat that could be posed to your organisation by people on the inside; be they employees, contractors, consultants or business partners. It will draw your attention to common frauds experienced by public sector organisations like ours and will highlight the counter-productive workplace behaviours that you may encounter, including the red flags to look out for to help protect your organisation and employees from fraud.