NPSA, the UK Government’s National Technical Authority for Physical and Personnel Protective Security, has published a case study which provides guidance on managing insider risk.
The case study looks at the activities of David Smith, a former Security Guard at the British Embassy in Berlin, who was sentenced to over 13 years in prison for spying on behalf of a foreign intelligence agency. It identifies the following lessons for reducing insider risk across your business:
- If you have people, you have insider risk.
- Insider risk mitigation needs to be an ongoing programme for it to be effective. Your programme must start with well understood leadership and governance structures which feed into your organization’s wider protective security risk management.
- Your business must have in place effective welfare mechanisms enabling staff to share and address issues before they escalate; this may include access to professional support channels for changes in life circumstances or regular communications through periods of significant disruption to help reduce the risk of potential staff disaffection.
- Consider how your business prepares for insider acts. Are you prepared to deal with such an incident occurring?