"Being a patriot doesn't mean
prioritizing service to government above all else. Being a patriot
means knowing when to protect your country, knowing when to protect your
Constitution, knowing when to protect your countrymen, from the
violations of and encroachments of adversaries. And those adversaries
don't have to be foreign countries." Ed Snowden
One
could wonder whether even just one of the individuals working with your
organization internally or externally has the same or similar mindset
of "Ed". The question is, what are you doing as an Operational Risk
Management(ORM) leader, to be legally proactive in your "Insider Threat"
approach with employees, partners and your extended supply chain?
The
adversary working with you inside your company, agency or partner,
doesn't always start out to bring loss events to your enterprise. It
could take years, or months to develop a real justification in the
adversaries mind, yet even when the activities and behaviors are
evident, they are all to often missed, never understood or just too late
to interrupt:
The National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task Force (NITTF) are today partnering with federal agencies across the government to launch “National Insider Threat Awareness Month” during September 2019. Throughout September, the Office of the Director of National Intelligence, the Department of Defense, the FBI, the Department of Homeland Security, the Department of State and other federal agencies will be holding events to emphasize the importance of safeguarding our nation from insider threats and to share best practices for mitigating those risks.How could you and your organization improve and adapt your current practices to raise the bar of excellence? What can you do each day to make the quality and the results of your programs even better?
First, begin to understand the process by which events can trigger new behaviors in an individuals perceived stressors and lack of personal control. Second, expand your proactive organizational toolkit, to include such proven technologies such as sentiment analysis for marketing purposes.
These same tools with the proper legal oversight and "Acceptable Use Policy" can be effective in your early warning systems. Enterprise Risk Management also incorprates oversight and protections for privacy and civil liberties.
Here are five steps to be proactive at your organization in the U.S. this month of September 2019:
- Create, refine and share your organizations "Insider Threat Program "(InTP) vision.
- Educate, clarify and communicate the authorities, roles and policies of the program.
- Validate tools, models and sources of information.
- Plan ahead for the utilization of automated tools and human behaviors observed.
- Seek better solutions to a continuously changing enterprise & supply chain environment.
