Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+

Corporate governanceHR TechnologyOnboardingPre-employment screening

Insider threats: How an IT security company keeps itself safe

by Jo Faragher 29 Jan 2018
by Jo Faragher 29 Jan 2018

How does an IT security company ensure its own employees don’t pose a risk? With insider threats on the rise in companies, close collaboration between HR and info-security departments is key, according to Forcepoint CHRO Kristin Leary.

It would not be the best brand advertisement if an employee at an IT security company managed to create a breach that meant employees’ or customers’ data was exposed, or managed to launch a crippling virus onto its systems.

Employees and security

Background screening: Eight key checks employers can make

Facebook snooping on candidates? GDPR could put a stop to that

That’s why security is not just part of the product set at US software company Forcepoint, but also central to its employee culture. “We always have to consider: is this person trying to get into a high tech role to do damage to our customers or employee base? All of our managers get detailed training on what to look out for,” says Kristin Leary, the company’s chief HR officer (CHRO).

This starts from the very beginning of the employee cycle, she adds. “When we’re looking to bring people into the business, we look at their career trajectory. Have they been with their former company for years or have they jumped around a lot? There may be a reason for this, but you dig into this through questions.”

Managers are coached, for example, in how to incorporate asking questions around potential risks in recruitment interviews.

Leary says: “It means interviewers need to go beyond the cheap and cheerful – applying a security lens to what they ask, but doing so in a way that makes [the candidate] feel comfortable and respects their privacy. It also pays to look at what they ask you – if they’re obsessive about whether they’ll be monitored, or the websites they can use, it’s maybe time to pause.”

Sharing concerns

Once they join the company, employees are encouraged to air any suspicions about colleagues’ behaviour, even if these turn out to have no foundation.

“So if we receive troubling or irregular data from a co-worker, we let them know how to report it in a safe, non-judgemental manner,” she adds. “For example, if someone notices that their colleague’s email exchanges have become more agitated, we encourage them to share their concerns rather than think ‘well that’s just them’.”

Workers can do this through a number of channels, either via HR, anonymously, or by speaking to the company’s chief information security officer (CISO), with whom HR works closely. “It’s about creating an open culture, not one where people are fearful of their employer. It may just be there’s something we can help with in their personal or professional life, rather than something harmful,” says Leary.

Forcepoint uses its own technology to monitor potential risks but is open with employees about how it does this, she adds: “We let them know what we look out for so it’s transparent – we’re not trying to stop someone having a look at the Black Friday sales – but reassure them we are trying to keep them and our customers safe.”

Last year Forcepoint acquired RedOwl Analytics, a security platform that shows up any anomalous interactions or access points from employees across the systems and devices they use. This means the company can now better predict risk as well as deal with it, “scoring” employees on the likelihood they might cause a security breach.

If they’re obsessive about whether they’ll be monitored, or the websites they can use, it’s maybe time to pause.”

“It looks at patterns of behaviour, websites they visit, the language they use in emails. Combining data sources together can be really powerful in terms of predictability,” Leary says. “We’re also working with our chief scientist to look at what data really helps to build a story on a person, and how we can gather this while protecting people’s privacy too. Some data can muddy that picture, so you don’t want to gather too much.”

Growth and risk

One of the challenges for HR at Forcepoint is that, as a growing company, it wants to foster entrepreneurialism but at the same time mitigate risk. “You want to innovate but you don’t want to encourage reckless behaviour, and serial entrepreneurs jump around so fast. What have they done with data as they’ve moved around other businesses? Have they posed a risk? If the only thing you have as a business is your data, it takes just one rogue employee and you’re screwed.”

Sign up to our weekly round-up of HR news and guidance

Receive the Personnel Today Direct e-newsletter every Wednesday

OptOut
This field is for validation purposes and should be left unchanged.

A central part of maintaining its open culture is working closely with IT, legal and security teams. “I don’t know many CHROs who have this level of collaboration, but you need it for an effective cybersecurity programme,” says Leary. Different perspectives on employee activity can help to build the right response, she adds.

With insider threats becoming one of the biggest risks posed to businesses, Forcepoint’s collaborative approach to keeping its employees, customers and data safe seems to be a successful one.

Jo Faragher

Jo Faragher has been an employment and business journalist for 20 years. She regularly contributes to Personnel Today and writes features for a number of national business and membership magazines. Jo is also the author of 'Good Work, Great Technology', published in 2022 by Clink Street Publishing, charting the relationship between effective workplace technology and productive and happy employees. She won the Willis Towers Watson HR journalist of the year award in 2015 and has been highly commended twice.

previous post
Jobs in North and the Midlands at high risk of automation
next post
EasyJet boss takes pay cut to show gender balance commitment

You may also like

Rumours during recruitment: how should HR respond?

9 May 2025

CIPD appoints expert in AI to boost support...

8 May 2025

Preparing for a new era of workforce planning...

8 May 2025

M&S pauses hiring as it deals with cyber...

2 May 2025

Quarter of employees worried AI will threaten jobs...

28 Apr 2025

How can HR battle the rise in identity...

27 Apr 2025

Google concerned by slow AI take-up in UK

25 Apr 2025

Succession planning now ‘more of a priority than...

24 Apr 2025

Police who fail vetting checks face automatic dismissal

23 Apr 2025

HR teams build AI use but seek more...

14 Apr 2025

  • 2025 Employee Communications Report PROMOTED | HR and leadership...Read more
  • The Majority of Employees Have Their Eyes on Their Next Move PROMOTED | A staggering 65%...Read more
  • Prioritising performance management: Strategies for success (webinar) WEBINAR | In today’s fast-paced...Read more
  • Self-Leadership: The Key to Successful Organisations PROMOTED | Eletive is helping businesses...Read more
  • Retaining Female Talent: Four Ways to Reduce Workplace Drop Out PROMOTED | International Women’s Day...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2025

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2025 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+