One of the big concerns in the world of industry today is the potential for attacks to cause all kinds of monetary and brand damage to respective companies. Usually we think of the big monetary hits first - cases like Target where millions of dollars are stolen and brands are hurt because they didn’t do their part to keep their customers safe. The Target attack came from the outside, but there are many other stories of insider attacks resulting in serious breaches as well. A good example was the insider attack at AT&T last year where a call center agent was compromising the information of customers that called in. These are scary because employees are the most important asset a company has - the job just can’t get done without feet in the field after all. So how do you protect your customers from employees who might be planning to do unsavory things?
The first thing to consider, from an HR standpoint, is what history might exist to showcase a new employee as a potential threat, so that the danger isn’t on-boarded into the organization. Using Edward Snowden as an example for companies that work in the government, it was noted in some of his older positions that he had concerns about the actions being performed by the government. These concerns were never caught by background checks when he moved between companies, and the rest is history. Be sure to engage in comprehensive background checks - not everyone is going to release company secrets or try to put their hand in the cookie jar, but do the due diligence of reaching out to previous employers to find out if there is anything that needs to be known. This also applies to employees transferring within organizations.
For current employees, keep an eye out for employees that might be disillusioned by the organization or made upset for a multitude of reasons. They might still perform their duties, but it is important to make sure that these employees don’t get the opportunity to ‘get even’ with the company, as this can cause some problems. There was a case a few years back where an employee successfully generated thousands of dollars’ worth of gift card codes before quitting the company they were at, and then a few years later they began to distribute said codes. Using this case study as an example, it is important to keep the records of employees that might be performing funny business or have the potential to perform it in the future at hand so that HR can provide authorities the information they might need to stop either a breach or an attempt to steal product after the fact. Other warning signs might be performance issues or cases with unstable behavior, so they might not necessarily be an employee that actively appears upset with the company; they just have needed some coaching or had some odd quirks in their behavior. Specific industries might have other things to look into as well; for example, in government or those that work with government, traditional spies might be a consideration, as well as those tricked to work for those agencies. Another example would be companies that work in energy - they might want to watch for those as well in addition to activists who might have a grudge against them for other reasons.
Now these, these are behaviors to watch out for, and in some cases you might suffer a breach or attack before you can stop it. It is always better to prevent a breach from ever occurring versus being ready to plug holes in your system when they do happen, even though plans should always be in place to do both. So how do you prevent the breach from every occurring? This is an incredibly important question to ask, and at this point we leave the HR side of the business and move towards the IT department to apply controls and restrictions to prevent data theft, while leaving enough freedom for employees to actually do their jobs.
The first thing to keep in mind for IT is to have the ability to identify who has access to what, and what information and data is sensitive enough for someone to want to steal it - we will be using payment card information as an example, though any company secrets or sensitive data need to be protected as well. After looking at all potential targets for attackers, look at ways that they can be attacked. For example, are there remote servers that store payment card information at remote sites, such as retail stores? These servers need to be considered as attack points for those wishing to acquire that data. This means tools such as encryption or firewall services should be in place to protect that data when it is at rest as well as in transit in the network. Understanding network logs and what looks out of the ordinary for a specific set of employees is a good idea as well while looking at network issues. Finally, be sure to test these tools and see if there is any way you can break your network - remember that if you can do it, an attacker can as well, and if your organization has the resources to hire a 3rd party white hat hacker to test your defenses, all the better.
Of course, not every employee is an insider trying to rob your company blind or expose industry secrets - most employees are there to perform their work and take care of their families. Empower them to be able to report issues to management, IT, and HR so that prospective insider threats can be stopped early. There are no 100% security solutions, and even if you have hit your system with as many scenarios as you can imagine, there might still be something you didn’t consider. Having a set of eyes in the physical world to let you know about something weird that your defenses might not catch is a great boon in protecting the company. 
Alejandro
