When an organisation recruits employees, especially highly visible senior officials who become part of organisation’s image, it strongly influences confidence in the organisation’s ability to fulfill its mission. Corporate reputation is paramount for fulfilling stakeholders interests and maintaining trust.
The relationship between an organisation’s reputation and its employees is a two-way street. On the one hand, employee behaviour shapes perceptions of stakeholders and on the other, stakeholders actions affect employees.
“We built the Starbucks brand first with our people, not with our consumers. Because we believed the best way to meet and exceed the expectations of our customers was to hire and train great people, we invested in our employees.”
– Howard Schultz, Starbucks Chairman and CEO
Employees’ role in corporate asset creation cannot be emphasised enough because they are the influencers of your internal reputation. Needless to say, right hiring is the building block of your organisation and you must ensure that those that you hire fit with your culture. In the same vein, employees’ adherence to and awareness of security are essential for organisational culture which is a cost-effective method to mitigate risks in information-dependent/data-driven organisations.
Though organisational cultural change is difficult to define and manage, but a security-positive culture has an advantage over competitors. Events such as unexpected accidents, ongoing compliance failure or significant operational issues that involves direct engagement of people are trigger points for establishing Insider Threat Risk Mitigation programme. The programme should also take into account radical behavioural changes that directly or indirectly hamper operational activities because human intentions are uncertain and by-product of prevailing circumstances.
“Our assets walk out the door every evening and we have to make sure that they come back the next morning.”– Narayan Murthy
From in-house staff to supplier chain, recruiting for culture fit is the backbone that upholds the organisation. As technology is enabling more and more people to work remotely and physically removing people from corporate setups, imbuing an effective security-positive culture to the remote workforce is necessary. Thus, extending built-in insider threat programme to your entire workforce will continue to reduce risk long after its implementation.
An ambitious and sound business will work towards risk-mitigation at three levels –
- Background Screening (beyond credentials) for culture fit before hiring
- Insider threat mitigation I: security-positive organisational culture implementation
- Insider threat mitigation II: routine screening post-employment
Subscribe to Insider Threat Risks Management Insights
More from Awareness
The recent story of the CEO of a luggage manufacturer and retailer company, falsely claiming academic credentials to gain a …