Skip to main content

alpha This is a new site, your feedback will help us to improve it.

Insider threat - Managing people security

Published on 22 January 2020

Behavioural 'red flags'

There are a number of behaviours that could indicate that someone has become a threat to the organisation. Some of these behaviours could be misinterpreted as being those of a conscientious worker but it is important that we have an awareness of how these traits can be exploited to create opportunities to commit fraud. By identifying the risks early on, we can deal with them more effectively.

It is important to note that the presence of these indicators is not a guarantee that an employee is committing fraud, these are merely risk indicators; the more ‘red flags’ that are present, the greater the risk to the organisation.

Regularly works additional hours with no reason

This could indicate someone who is diligent and hard working. Perhaps someone trying to get ahead in their career.

It could also indicate someone creating space to commit fraud. Perhaps they are first into the office and the last to leave. If there is no operational reason for this behaviour, consider the reasons why someone is donating their time to the organisation.

Reluctant to take leave or days off

This could also indicate a diligent hard worker, or it could point towards someone who does not want their fraud to be uncovered so they look to maximise their time in the workplace.

Appear stressed with no reason

Everyone experiences stress, whether relating to work or private matters. Sometimes that stress can impact on our work and our behaviour. As employers, organisations have a legal responsibility to tackle stress and should be supportive of employees displaying signs that they are not coping. Fostering open and supportive workplaces where employees feel able to approach managers about stress and where managers recognise the early signs, can go a long way to creating a healthier working environment with fewer risks.

However, if someone appears excessively stressed with no apparent reason, we should consider whether other factors are present. The person may have deliberately done something, or are preparing to do something, which benefits them but disadvantages the organisation.

Alternatively, they could be in a position where they are unintentionally making poor decisions because of stress, making them an unintentional threat to the organisation. This is an indicator that must be treated with care and sensitivity but is one that we cannot ignore.

Secretive about work

Some people work best by themselves. They enjoy the satisfaction of knowing that they have completed a task completely on their own. Others don’t like to delegate because they lose control of outcomes and they prefer to retain overall control of a task so that it gets done ‘right’. This desire to remain in control can lead to a degree of secrecy around working practices which is not always intentional.

Secretive behaviour however could also indicate that there is something to hide. It could manifest itself in someone not taking work calls at their desk; always holding meetings off-site; locking files and paperwork away so they are the only one with access to it. All of these behaviours are indicators that something could be amiss.

Submits inconsistent expense claims

Everyone makes mistakes and we should allow for human error. However, where someone consistently submits questionable expense claims, we should consider whether this could be deliberate and think about reviewing additional areas where there could be other such inconsistencies.

Regularly breaks the rules

Someone who regularly breaks rules is a risk taker. There is a danger that such a person could make hasty decisions that pose a threat to the organisation without the intention of causing harm; or they may be willing to break the rules for personal gain. Either way, rule breakers pose a greater risk to the organisation than those who tend to do things ‘by the book’.

Interrogates systems unrelated to their role

If someone is accessing data unrelated to their role, questions must be asked about why that has happened and what has happened to the data. Remember that unauthorised access to computer material is an offence under the Computer Misuse Act 1990. It is also illegal to access material with the intent of committing a further offence.

Key management retaining hands-on control of work that junior employees should handle

High level frauds often involve employees in key senior positions. As bosses, these people have perhaps appeared to be sympathetic and fair; not wanting to overload employees so they do their own photocopying; manage their own diary; don’t let anyone else answer their calls.

People in senior positions often have the greatest access to organisational assets. They have knowledge of policies and procedures and of system weaknesses. They often have a degree of autonomy not afforded to other employees. This environment provides ideal conditions for fraud to occur if left unchecked.

It can be difficult address concerns if they involve employees at a senior level, but we must keep in mind that corruption can happen anywhere in the organisation, regardless of grade or position.

Unexplained wealth or change in circumstances

While it could be the result of an inheritance, a lottery win, or any number of other legitimate reasons, a sudden upsurge in wealth or lifestyle could indicate corrupt activity.

As this is a very personal indicator, it should be handled with care and we should keep in mind that the presence of any one of these indicators in isolation does not mean that someone is committing or has committed fraud.

Resigns shortly after joining the organisation

Not every newly recruited person will enjoy their role and some may choose to leave shortly after joining. However, others go through the recruitment process with the purpose of committing fraud and, having achieved their goal, will move on before getting caught.