Insider Risk Management

The recognition of insider risks in companies and organisations is growing now outside defences are becoming more mature. As technological defences are strengthened, little to no further measures are taken internally, with the consequence of the insider threat increasing and thus becoming imperative to tackle. Signpost Six views insider acts holistically throughout the employee lifecycle (from recruitment to departure or promotion) and against the key themes of people, processes and technology. We focus on the people and processes aspects and work closely with technology partners to achieve all-encompassing solutions.

Data theft or other malicious acts of espionage, fraud or violence don’t just happen spontaneously. It’s a process that takes place over time and entails a common set of factors and similar patterns of individual- and organisational behaviour leading to such acts. Signpost Six calls this “the Critical Path to Derailment” as described by Shaw and Sellers’ in “Application of the CriticalPath Method to Evaluate Insider Risks”. This fortunately implies opportunities for interventions early on, both within the organisation as for the individual.

Baseline risk & threat assessment

The first step towards a solution starts with a baseline assessment of the risk profile of an organisation and risk prevention and mitigation readiness. This is captured in the seven steps of the Signpost Six quick scan. This assessment is the basis for the  tailor-made road map facilitating  proportionate and risk based improvements within your organisation.

Top-up screening process

Signpost Six offers integrity and personality screening for the recruitment and selection of employees in risk prone positions, either in physically high risk environments or employees in positions dealing with sensitive materials or data.

Auditing programme

Signpost Six provides auditing consultancy services to review an organisation’s readiness for preventing, detecting, and responding to harm from insider threats against 19 best practices. This incorporates the employee life cycle set against people, processes and technology aspects.

Critical path e-learning programme

Critical path e-learning programme for employers and employees: Recognising the need for organisations to come with scalable solutions, Signpost Six has designed an e-learning programme focusing on ‘co-worker’ and ‘supervisor’ awareness of behavioural risk signs. This is set within the context of the critical path to derailment, including the required management activities and efforts. The programme will support early recognition of concerning behaviours and therewith the mitigation of the risk of insiders within an organisation.

Organisational change

The ‘critical path to derailment’ is a person- situation interaction. Beyond screening and auditing we support organisations in implementing the right processes and procedures to manage insider risks. This also entails having the right whistleblowing programmes to channel legitimate concerns within organisations.

Case management

We provide consultation on insiders committing data breaches, sabotage, workplace violence, and espionage. Signpost Six provides organisational support to identify individuals at risk in an organisation and provides insights into their ‘critical path to derailment’. We support organizations and individuals managing such issues in a sustainable manner. For further information on behavioural threat assessment, please also see the ‘behavioural threat assessment and anonymous threats’ section.