Relational Security: A Paradigm Shift in Managing Internal Threats

We don’t like to consider it but whichever way we view it, the fact remains that sometimes people that work alongside us can do harm, to the work we do, the assets we have, the team and business we share and potentially to themselves, our colleagues and ourselves. In addition to catastrophic incidents of violent attacks against people within the workplace, a range of incidents exist which can harm an organisation. This can include the theft of intellectual property, the inadvertent disclosure of trade secrets and leaks about business activities which can result in physical and reputational harm.

Despite the belief that attacks only take place in a cyber domain, a lapse in security mindedness and vigilance by individuals can result in the loss of sensitive information. People may inappropriately share information with others who don’t need to know, may work in environments that are open to others observing their activities or potentially may provide information regarding patterns of life and work to observant and highly trained hostile actors who know what to look for. This can subsequently be used to harm our people, assets and reputation.

The COVID-19 pandemic and the stress attached to the resulting financial insecurity, mental and physical health complications, have potentially exasperated this situation. Despite reports of improved levels of employee well-being resulting from the increased opportunities to work from home, there are undoubtably difficulties attached to maintaining engagement and motivation levels within a workforce, located remotely across the world. This environment may require the adoption of an array of personnel security controls designed to proactively monitor user behaviours, in addition to the adoption of new team engagement and interaction methods on the part of managers.

The increase in disengaged, disenfranchised and disgruntled employees who were once highly motivated and productive individuals, can increase the risk of underperformance, the growth of discontent within other areas of the business and crucially increase levels of IP theft and infor