ArchiveOODA Original

Manage Insider Risk and Prevent ‘Big Brother’ Perception, Part 4

This is the final article in a four-part series focused on proactively managing corporate security culture and workforce expectations as your organization prepares to prevent, detect, and respond to insider risk incidents.

In Part 3 of this series, I provided four actionable steps for explaining the benefits of insider risk management to your workforce, read more here.

After sharing the benefits of insider threat risk management to your workforce, how can you solicit their assistance for helping manage this type of enterprise risk?

The fourth step in my workforce investment strategy is to solicit workforce help in managing insider threat risks, including:

  1. Establish both anonymous and confidential reporting channels for suspected insider activity to encourage employees to speak up who would otherwise say nothing. Setting up an anonymous reporting channel may be faster at first. Then once your leadership team has established policies for ensuring discretion of information for employees that do come forward openly to flag concerns, you can add a confidential reporting mechanism.
  2. Prepare your workforce to be your first line of insider threat defense. Train them on why they should be worried about insider activity and what it would look like in your office. Ensure that they understand which enterprise assets are most critical to protect and what the implications are to your organization if they are compromised.
  3. Equip your managers to recognize signs that employees may be undergoing stressful or lifechanging events—this does not mean that an employee will conduct insider activity, but could help divert other types of personnel issues. One organization’s problem employee may be another organization’s insider threat. Provide useful tools and tips for your leadership team to be able to engage in meaningful conversations with potential problem employees. This will help your management team more accurately assess whether the employee poses an insider risk to your organization.
  4. Offer your workforce an Employee Assistance Program (EAP) to help them cope with life-changing events. If your organization has an EAP in place, increase workforce awareness that EAP programs are confidential and do not require HR involvement. Highlight the value that EAPs bring beyond career coaching such as counseling on financial issues, stress-related illnesses, and more.


These actionable recommendations help strengthen your approach as an organization to managing insider threat risk by seeking assistance from and equipping your first line of defense—your workforce.

A determined intentional insider only has to be successful once to harm your organization while including your workforce in your strategic insider threat risk management approach could be key in helping prevent an incident at your organization many times over.

Crystal Lister

Crystal Lister

Crystal Lister is the Co-founder of Cyber at Global Professional Services Group (GPSG) where she engages with executive clients on cybersecurity and insider threat risk management. Crystal’s background as a former cyber threats and counterintelligence officer informing national security strategy in the federal space allows her to provide unique strategic context to risk management and security leaders at the intersection of human risk and technology in the workplace.