Beware of Insider Threats

Has this ever happened to you?

A person walks into your management company office and asks to see the office space you have for lease. He tells you what he is looking for and how much he wants to pay.

You hop in the elevator, show him three or four options that fit his needs and budget. He likes one of the units and says he would like to lease it.

Back in your office, you ask him for his personal information to run a credit check. It’s A-OK. He signs the lease and moves in the next month. However, here’s where things start to turn sour.

After a couple of months in the space, it becomes clear that your new tenant has no intention of paying a dime for rent. Contacting him proves to be useless, and you begin to suspect he misrepresented himself and supplied falsified information to determine his creditworthiness.

After three months, you file the necessary eviction paperwork. But it can take five weeks to two months to evict an office tenant in your state. Finally, under court order, he is out of your building, but only after having enjoyed your hospitality for five months scot-free.

But wait, that’s not the end of the story. Perhaps this has happened to your management company before, and now the costs are piling up. Why is this happening? A corporate security firm is brought in to investigate. After a few weeks, you learn the sinister reality of what is going on.

It appears one of your staffers has provided this man and others before him with the necessary information needed to lease an office in your building. In other words, one of your staffers is an insider threat, helping others cheat your management company.^[1]

Before we dig into this further, it’s important to realize that this is not an unusual occurrence.

According to a 2017 report by TransUnion, the consumer credit company, ninety-five percent of property management companies experience some form of fraud each year, including ways to work around credit checks. Further, “those committing fraud are becoming more clever and sneakier by the day. If they come after your company, your reputation and revenue could be on the line.”

The Big Why
There are several issues here that we can discuss. But the one we want to focus on first is the big “why.” Why would someone in your company do something like this? We could understand if they had recently been fired or had some “beef” with your company. But that’s not the case here.

The big why, as you probably have already guessed, is money. The insider is helping others get a foot in your door for payback of some kind. And they may not only be assisting tenants looking for a free short-term lease but may also be helping third-party contractors, vendors, even temporary employment agencies secure opportunities with your management company.

Worse, malicious activity like this doesn’t usually stand still. It tends to grow and expand. The insider looks for other opportunities and other ways to fill their pocketbook. And should they have a beef with your company while still working there, the possibility that they may cause much more harm can grow exponentially.

Understanding the Insider and Insider Threats
Those that are an insider threat to an organization look just like you and me. While they may drop clues that they are up to something, as we will discuss later, in most cases, you would never suspect them.

According to the U.S. Community Emergency Response Team (CERT), someone considered to be an insider threat to an organization is anyone:

With access to an organization’s assets who uses these assets in a way that would negatively affect an organization.

Here’s a definition we typically share with our clients. An individual who becomes an insider threat to an organization is often:

An employee, former employee, contractor, vendor, or business associate who conducts malicious, careless, or negligent threats to an organization.

Yes, there is such a thing as a “negligent insider,” also known as a careless insider. This could be someone who, for instance, shares their computer with someone else without logging out from their company network. Now it’s available to others.

One of the most horrendous examples of a negligent insider was when a data analyst – without authorization – took home a hard drive with the personal information of 26.5 million U.S. military veterans. There was no ulterior motive. The analyst was working on a project and needed the hard drive to continue his work at home. However, the hard drive was later stolen in a home burglary. Apparently, there had been a string of home robberies in the area.^[2]

Types of Insider Threats
While there certainly are negligent insiders, there are other types of insider threats as well. Among them are the following:

Malicious Insiders: These are employees of an organization who use their access to corporate information for personal gain.

Insider Agents: These are outsiders recruited by insiders to steal, tamper with, alter, or delete corporate data.

Compromised Insider: This attacker uses compromised credentials – often stolen credentials such as building passes – to access restricted areas in a facility or find confidential information.

Disgruntled Employees: Often, disgruntled employees who plan to leave an organization have one last thing they want to do before they leave: commit some form of a malicious act.

Before moving on, we need to clarify that insider threats do not just involve computers and company data. Far from it. According to the Cyber and Infrastructure Security Agency (CISA), insider threats also can include:

• Espionage (spying)
• Acts of terrorism
• Unauthorized disclosure of information
• Corruption or crime
• Sabotage (of property or equipment)
• Workplace violence
• Degradation of departmental resources or capabilities

The Clues
It can be difficult to spot someone that is or later may prove to be the perpetrator of insider threats. Very often, to find the culprits, a corporate security and risk management company must be called in, similar to what the property management company did earlier.

However, there are telltale signs of someone that might be an insider threat. For instance, they may:

• Ask for information beyond the scope of their duties.
• Photocopy or save large amounts of information on a thumbdrive, not needed to perform their normal work activities.
• Work unusual hours or on weekends.
• Regularly make negative comments about the employer.
• Have or appear to have a substance abuse problem.
• Confide that they have a large gambling debt (implies they are looking for ways to come up with some money).
• Display moodiness and transition from being happy, quiet or angry quickly.

As you can see, there is a lot involved when it comes to insider threats. What makes the situation so much more insidious is that very often, those that are insider threats are still working and trusted within an organization. When this breach of trust is revealed, it can be difficult to accept and understand the depth and seriousness of the problem as well as why it happened.

Because the risks can be so high, businesses are encouraged to have what are termed “risk assessments” conducted on a regular basis. Not only do risk assessments look into ways to protect people and property from outsiders – but from insiders as well.

Johnathan Tal is Chief Executive Officer of TAL Global Corporation, an international investigative and security-consulting firm. He served as a Military Field Intelligence Officer for the Israeli Armed Forces during the 1970s. As an intelligence specialist, Tal supervised and initiated behind-enemy-lines intelligence gathering relying on both hardware systems and personnel. Tal has also served as an anti-terrorism security specialist. He is a licensed investigator, former President of WAD (2000-2001) and holds a Bachelor of Science degree. He can be reached through his company website at www.talglobal.com.

^[1] Based on a TransUnion blog post.

^[2] “FBI Seeks Stolen Personal Data on 26 Million Vets,” CNN, May 23, 2006.