Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

OnboardingCorporate governancePre-employment screeningHR Technology

Insider threats: How an IT security company keeps itself safe

by Jo Faragher 29 Jan 2018
by Jo Faragher 29 Jan 2018

How does an IT security company ensure its own employees don’t pose a risk? With insider threats on the rise in companies, close collaboration between HR and info-security departments is key, according to Forcepoint CHRO Kristin Leary.

It would not be the best brand advertisement if an employee at an IT security company managed to create a breach that meant employees’ or customers’ data was exposed, or managed to launch a crippling virus onto its systems.

Employees and security

Background screening: Eight key checks employers can make

Facebook snooping on candidates? GDPR could put a stop to that

That’s why security is not just part of the product set at US software company Forcepoint, but also central to its employee culture. “We always have to consider: is this person trying to get into a high tech role to do damage to our customers or employee base? All of our managers get detailed training on what to look out for,” says Kristin Leary, the company’s chief HR officer (CHRO).

This starts from the very beginning of the employee cycle, she adds. “When we’re looking to bring people into the business, we look at their career trajectory. Have they been with their former company for years or have they jumped around a lot? There may be a reason for this, but you dig into this through questions.”

Managers are coached, for example, in how to incorporate asking questions around potential risks in recruitment interviews.

Leary says: “It means interviewers need to go beyond the cheap and cheerful – applying a security lens to what they ask, but doing so in a way that makes [the candidate] feel comfortable and respects their privacy. It also pays to look at what they ask you – if they’re obsessive about whether they’ll be monitored, or the websites they can use, it’s maybe time to pause.”

Sharing concerns

Once they join the company, employees are encouraged to air any suspicions about colleagues’ behaviour, even if these turn out to have no foundation.

“So if we receive troubling or irregular data from a co-worker, we let them know how to report it in a safe, non-judgemental manner,” she adds. “For example, if someone notices that their colleague’s email exchanges have become more agitated, we encourage them to share their concerns rather than think ‘well that’s just them’.”

Workers can do this through a number of channels, either via HR, anonymously, or by speaking to the company’s chief information security officer (CISO), with whom HR works closely. “It’s about creating an open culture, not one where people are fearful of their employer. It may just be there’s something we can help with in their personal or professional life, rather than something harmful,” says Leary.

Forcepoint uses its own technology to monitor potential risks but is open with employees about how it does this, she adds: “We let them know what we look out for so it’s transparent – we’re not trying to stop someone having a look at the Black Friday sales – but reassure them we are trying to keep them and our customers safe.”

Last year Forcepoint acquired RedOwl Analytics, a security platform that shows up any anomalous interactions or access points from employees across the systems and devices they use. This means the company can now better predict risk as well as deal with it, “scoring” employees on the likelihood they might cause a security breach.

If they’re obsessive about whether they’ll be monitored, or the websites they can use, it’s maybe time to pause.”

“It looks at patterns of behaviour, websites they visit, the language they use in emails. Combining data sources together can be really powerful in terms of predictability,” Leary says. “We’re also working with our chief scientist to look at what data really helps to build a story on a person, and how we can gather this while protecting people’s privacy too. Some data can muddy that picture, so you don’t want to gather too much.”

Growth and risk

One of the challenges for HR at Forcepoint is that, as a growing company, it wants to foster entrepreneurialism but at the same time mitigate risk. “You want to innovate but you don’t want to encourage reckless behaviour, and serial entrepreneurs jump around so fast. What have they done with data as they’ve moved around other businesses? Have they posed a risk? If the only thing you have as a business is your data, it takes just one rogue employee and you’re screwed.”

A central part of maintaining its open culture is working closely with IT, legal and security teams. “I don’t know many CHROs who have this level of collaboration, but you need it for an effective cybersecurity programme,” says Leary. Different perspectives on employee activity can help to build the right response, she adds.

With insider threats becoming one of the biggest risks posed to businesses, Forcepoint’s collaborative approach to keeping its employees, customers and data safe seems to be a successful one.

Jo Faragher
Jo Faragher

Jo Faragher has been an employment and business journalist for 20 years. She regularly contributes to Personnel Today and writes features for a number of national business and membership magazines. She won the Willis Towers Watson HR journalist of the year award in 2015 and has been highly commended twice.

previous post
Jobs in North and the Midlands at high risk of automation
next post
EasyJet boss takes pay cut to show gender balance commitment

Leave a Comment Cancel Reply

Save my name, email, and website in this browser for the next time I comment.

You may also like

Women in FTSE 350 leadership: ‘A lot of...

20 May 2022

What is employee wellbeing? Gethin Nadin talks to...

13 May 2022

Young people’s skills don’t match employer needs, finds...

11 May 2022

Productivity blighted by users’ tech problems, research reveals

6 May 2022

Youth collective to inform Body Shop strategy

6 May 2022

BrewDog boss offers staff a fifth of his...

4 May 2022

Employees drive ESG goals for HR, study claims

4 May 2022

Modern slavery: 10% of companies fail to publish...

26 Apr 2022

Four ways technology can help improve health and...

26 Apr 2022

How to enhance your hire to retire processes...

25 Apr 2022
  • The Search for Talent: Six Major Employer Pitfalls PROMOTED | The Great Resignation continues unabated...Read more
  • Navigating the widening “Skills Confidence Gap” in 2022, and beyond PROMOTED | Cornerstone OnDemand conducted a global study...Read more
  • Apprenticeships are the solution to your recruitment problems PROMOTED | Apprenticeships have the pulling power...Read more
  • What it really means to be mentally fit PROMOTED | What is mental fitness...Read more
  • How music can help to ease anxiety at work PROMOTED | A lot has happened since March 2020, hasn’t it?...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2022

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2022 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+