Protection Against Internal Threats Series:
“Know The Difference Between Trust and Confidence”
Not enough coverage is available on the Internet through insightful articles, blogs and discussions concerning the serious liabilities of internal or insider business threats. This series of articles will educate and heighten your individual level of consciousness by focusing on the least observed security Achilles heel for any business. Practical case scenarios with proven solutions are provided. Following the Protection Against Internal Threat Series by C U Clear positions companies and organizations to proactively protect assets and information from internal vulnerabilities and threats. Our goal is to help you minimize situations that can lead to incidents of workplace violence.
At C U CLEAR we keenly appreciate that recruitment of high caliber talent is primary. Notwithstanding, a company that adopts this practice places themselves at risk in many aspects. We know that the completion of the background checks and/or investigations, coupled with an “all clear” final report without issues signals the responsible human capital officials that the new employee may enter the companies premises and be considered worthy of special “trust and confidence”.
For a moment focus your attention on the difference between two words: trust and confidence. Trust implies just what it says. Someone trusts another person to safeguard an item of value. This trust can cover something that is esteemed or treasured such as corporate secrets, client specific data, proprietary business strategies or internal operations information.
Trust can also further extend to a point where management no longer needs to closely oversee or “micro manage” work tasks or actions of an employee. A company or an organization may have an expectation that employees will always exercise decisions that are reflective of the company’s values, but what are the outcomes when that trust is corrupted, compromised, or violated?
Damage to the ‘trusting individual” occurs which has far ranging impact from fiduciary losses to a besotted reputation, resulting in loss of customers or an erosion of confidence by the stakeholders and shareholders. What then does confidence imply? Does it say that the organization or company is confident that the employee will always behave and comport themselves in a manner consistent with their established policies and procedures? Or does confidence convey a sense of ease, while knowing that the vetting process previously conducted on the new hire were returned without “issues”.
Confidence may also be a false sense of security that allows organizations to let down their guard. This may lead managers to believe security systems, related computer usage controls and policies / procedures will ensure full protection of assets. In some circles this display of confidence may be called something else; complacency. Confidence and complacency are not mutually exclusive. Blind confidence can lead to complacency as well. What then would be needed? Given the challenges of the external and internal stressors in the workplace, a vigorous robust dynamic security minded culture is needed.
How does a company put into place effective ‘common sense” policies or procedures designed to protect assets, while combating complacency? The goal is to eliminate any chance of false confidence.
A proven starting point is to conduct a review or assessment of procedural business strengths and weaknesses. This activity might include a comprehensive review of existing human capital procedures.
This review should include:
Hiring policies and procedures
Staff policy and compliance training
Termination policies and procedures
Plan of Action Questions
Companies should know about these matters beforehand, have contingency plans in place and implement mitigation procedures.
When dealing with employee personal issues or company policy violations, how open are the lines of communications between the human resource department and their security department counterparts?
Are there tools in place for information to effectively keep staff aware of important changes to policy, business procedures or an unsafe office environment?
Are there channels to expeditiously have information reach the company about a potential employee problem that may impact safety, morale or productivity?
Check out C U CLEAR’s next article in the Protection Against Internal Threats Series: “Implement A Stressor Awareness Program”