Insider identification

Apply for SearchInform DLP TRY NOW

K irill Medvedev, HR Director of SearchInform, in an article for Harvard Business Review Russia lists the signals that indicate the psychological readiness of employees to cheat, and provides an algorithm of actions that will help keep employees from unethical behavior.

The word “insider”, which is used in relation to an employee who steals information from his company and sells it to competitors, has long been included in our speech for a long time and, no doubt, for a long time.

Insider attacks - leaks of personal and confidential information - among other cybercrimes have the highest latency (concealment) and lowest detection rates.

Depending on the level of preparedness of the "drain", insider can be divided into:

  • Situational . A new employee goes to work, he has the opportunity to steal, his moral principles allow him, and he commits fraud. Or another example: a specialist has been working for a company for a significant period, but does not receive due recognition. Or he gets it, but not to the extent that he expected. Naturally, the employee is not happy. By stealing information, he is trying to “compensate” for himself what, in his opinion, he was undeservedly deprived of.
  • Planned . The simplest example is industrial espionage. Most modern people know about him from films, books, less often from the press. A less typical example is when an employee "leaks information" out of revenge. He clearly plans his actions, he is familiar with how he will be caught, he is familiar with the internal security protocols. This is the most difficult crime to solve.

Maybe it's all about psychology?

An insider is primarily a fraud. It would seem that the personal determinants of fraud (factors that determine the propensity for it), due to the long history and prevalence of this phenomenon, should have been studied by psychological science up and down. But it was not there…

To study the personality of a criminal until the mid-70s of the 20th century, legal psychology traditionally used the theories and methods of the dispositional direction (the structural theory of Hans Eysenck and the factor theory of Raymond Cattell).

In Eysenck's theory, criminality is considered as a personality trait, with the main emphasis on an actively asocial, psychopathic criminal. Fraudsters were not considered in this theory.

Cattell, in his factor theory, also failed to identify combinations of basic or derived personality traits that would be determinants of crime in general and fraud in particular.

There are other theories that have tried to uncover the internal moral and psychological factors of fraud (the behaviorist model of Albrecht, Wentz and Williams; the cognitive theories of Piaget, Kohlberg, Tapp). However, none have been able to confirm the link between moral and cognitive development in fraudsters and other nonviolent criminals.

The final diagnosis is as follows: science cannot yet provide a convincing explanation for the existing contradiction between the high general level of personal and professional development of fraudsters and their focus on obtaining material benefits in immoral and criminal ways.

If science is powerless, then how to determine which employee is inclined to insider?

Let's reformulate. If you cannot directly tell the fraudster in the face: “You are an insider!”, Then maybe it is worth quietly mentioning to yourself “the presence of some inclinations in some individuals”.

A person's tendency to fraud, as noted by Christopher Barnes, can be identified by studying his personal moral values, the peculiarities of making moral decisions, self-regulation, determining his attitude towards himself, other people, to work, to money and to the norms of the law.

People prone to cheating are distinguished by:

  • domination of universal values, formed on the basis of individualism and pragmatism;
  • greedy attitude to money;
  • denial of the importance of fair and productive labor;
  • ignoring traditional moral and legal norms;
  • adventurism of moral self-regulation;
  • destructive cynicism, impulsivity and risk taking in decision-making;
  • selfishness.

The high development of these signs indicates a person's psychological readiness to cheat. But it is also important to remember about a healthy atmosphere within the company itself.

“The business world exerts tremendous pressure, forcing to act contrary to the rules of a healthy and authentic society - and gradually the moral foundations of a person are eroded. He gets used to living a lie, believing in one thing but doing another, he understands how important a long-term relationship with a client, but acts as if there is only one thing that matters all over the world: the quarterly report , ”writes Roger Martin.


“There is an opinion that unethical behavior at work is the lot of a few spoiled people. This leaves many organizations unaware of the obvious fact that we all run the risk of dishonesty under certain circumstances, even if honesty is generally accepted as the norm. And at the same time, drastic measures are not required to prevent unethical behavior , ”says Francesca Gino in her study.

So what does it take to prevent fraud and insider confusion at work?

What is the best way to organize everything?

To conduct testing, HR departments use specialized software products that automatically analyze and interpret data, which greatly simplifies the diagnostic process.

In general, the work can be built according to the algorithm:

  • The HR department conducts testing upon hiring / in the course of the next certification.
  • Test data is transferred to the information security service.
  • An information security employee identifies employees who are prone to insider information.
  • If the employee is the owner of a pronounced type, included in the "risk group", then priority control of his activities is provided.

What to do besides this?

1. Clearly outline the positions conditionally attributable to the risk group: who works with confidential information, personal data, documents containing commercial secrets, etc.

2. Develop regulations that explain how employees in these positions should handle sensitive data.

3. Decide on the profile of the position: what competencies the personnel officers would like or would not like to see from a specialist in a specific position.

4. Select methods for diagnosing moral and psychological qualities.

5. Take preventive action: use data loss prevention solutions (DLP systems).

6. Implement a data protection policy by monitoring unauthorized use of confidential information. Inform employees about violations - this will help increase employee awareness by deterring them from stealing data.

7. Conduct constant explanatory work: the presence of only one policy, without understanding and effective application of it by employees, will not work.

8. Remember that theft is preceded by key premises: the core motivational problems of the insider arise even before the theft takes place.

9. Do not lose sight of the fact that the employee can be “nudged” by other employees. This often happens in the event of a demotion or when career expectations are not met.

10. Ensure that management, HR, and information security personnel are informed of all cases when an existing or terminated employee accesses critical data, downloads it in an unusual way, etc.

By following these rules, you can largely protect yourself and your company from turning people who are potentially inclined to insiders into full-fledged, established insiders.

[page link = "/ promo-block-kib /"]