8
I LLUSTRATION BY GORDON STUDER SECURITY MANAGEMENT 37
Cover Story / Data Protection
theInsiderConfronting
EDWARD SNOWDEN, who has leaked classified infor-mation about intelligence collection activities of the Na-tional Security Agency (NSA), reportedly told the SouthChina Morning Post that he sought a job as a contractor atgovernment consulting firm Booz Allen Hamilton with agoal: to collect proof about the NSA’s domestic surveillanceprograms and alert the public to the programs. However,Snowden is not the typical insider threat. Most insiderswho later betray their employer’s trust don’t start out withthat intent. The change from benign employee to maliciousinsider can be spurred by anything from home-life stress tofrustration at being passed over for a promotion to thethought that the company does not appreciate one’s contri-butions.
Though the risk is great, it is not possible to deny insidersthe access to data that they will need to do their jobs. Sowhat can a company do?
ThreatBy LAURA SPADANUTA
The company must have clear policiesregarding how corporate data is to be han-dled and safeguarded, and confidentialdata should be clearly labeled, with accessas restricted as feasible. Additionally, thecompany should secure the data itself anduse software to track access and seek signsof suspicious activity, especially with re-gard to what information leaves the sys-tem or is copied. This article focuses, how-ever, on the human factor—whatcompanies can do in the hiring processand throughout employment to detectsigns that a person is likely to become, orhas become, an insider threat.
Personality TraitsIndividuals who end up becoming an in-sider threat exhibit some common traits.That doesn’t mean all insider threats havethese traits or that all people with thesetraits will become a threat. But it can beuseful to know what these traits are.
One possible worrisome trait is narcis-sism, according to Satyamoorthy Kabilan,director of National Security and StrategicForesight at the Conference Board ofCanada: “It’s about people who perceivethat they’re far more valuable than theyactually are; they have an exaggeratedvalue or view of the value that they bringto the organization, an exaggerated viewof their abilities and achievements, and[they] are usually very intolerant of criti-cism. They minimize the significance ofthe contributions of others.”
Narcissism is also singled out as a possi-ble red flag by Dan McGarvey, securityprogram director for Global Skills X-Change (GSX) and member of the insiderthreat working group under the ASIS In-ternational Defense and IntelligenceCouncil.
Histrionic personality disorder is an-other. That disorder is associated with aneed for attention, and approval, and ex-cessive emotion. A third red flag is antiso-
cial personality disorder, which is oftenknown as sociopathy.
Of course, it’s important to recognizethat with some of these characteristics,such as narcissism, they may also be pres-ent in high performers in certain organi-zations, so they can’t be something thatyou simply use to screen out potentialthreats. The real problem is distinguish-ing between the types of people who arenot a danger to the company and thosewho have a higher potential to becomeone, says Kabilan.
McGarvey has been doing research thattries to identify certain models that incor-porate the various types of personalitiesthat are often seen in insider threats. Hebelieves they have encapsulated mostthreats in three models. The first is thecounterproductive workplace behaviormodel, which McGarvey says has to dowith issues of control, and a feeling of aneed to take back individual control. Hesays this model includes someone likeBradley Manning, a soldier who passedclassified material to the Web site Wik-iLeaks. McGarvey says this model also de-scribes perpetrators of workplace vio-lence, such as Army Major Nidal Hasan,who went on a shooting spree at FortHood.
Data Protection
THE TERM “insider threat” refers
to employees, or former employ-
ees, who intentionally hurt the
company in some way. It is impor-
tant for each company to identify
what an insider threat is to them
and to set a policy in place on
how to deal with insider threats.
The policies must outline certain
types of behavior that will war-
rant scrutiny, disciplinary action,
or even termination so that com-
panies have a basis from which to
work when they do identify po-
tential threats.
The Deloitte report Building a
Secure Workforce identifies four
types of asset loss typically at-
tributed to an insider threat. First
is espionage, the use of spying to
obtain information about either a
government or company. Second
is embezzlement, the fraudulent
conversion of another’s property
by someone who is in a position
of trust. Third is sabotage, to hin-
der operations or to enact delib-
erate destruction or disruption.
And finally, disclosure of person-
ally identifiable information can
occur in companies that collect
personal data.
InsiderThreat
EDWARD SNOWDEN became famous after revealing details about the National SecurityAgency’s spying program. Experts note that companies may be able to root out employ-ees before they become a threat to a company by identifying personality traits andwatching for behavioral changes.
38 OCTOBER 2013 PHOTO BY J IANG KEHONG/XINHUA PRESS/CORBIS
The second model is the organizationalcitizen, which is where Snowden mightfit. These are “individuals who have a verystrong sense of justice and in what theybelieve is right,” says McGarvey.
The third model is called Ten Stages inthe Life of a Spy, and it looks at the stepsan individual must go through to becomea spy and sustain spying.
“So those three models put together ac-tually then account for just about every-one we’ve seen in terms of inappropriatebehavior in the work force,” McGarveysays.
Harley Stock, a forensic psychologistwho has worked with insider theft, ad-vises that when companies are looking toweed out people like Snowden, it’s impor-tant to include personality assessments inthe screening. “Some of the things thatyou look for [indicating] a guy like [Snow-den] is somebody who’s overly moralistic,who has very strongly held beliefs abouthow the world should operate, so theyhave the kind of rigidity in their personal-ity that things are right or wrong, black orwhite. There’s no gray area. There’s noarea for negotiation, compromise, or alter-native views of the world. And that, some-how, his view is the correct view.”
Stock says Snowden uses a psychologi-cal justification mechanism to say,“They’re wrong, I’m right, therefore, I
have a moral, ethical obligation to dosomething about it.”
Stock advises that when doing thesepersonality checks, the company shouldask applicants not only for positive refer-ences, but also for references from peoplethe applicant admits to having had diffi-culty with at some point in the past. “Nowsomebody says to you, ‘well, I’ve never
had any difficulty,’ well, that alreadywould raise my index of suspicion.”
Some of the questions that a companywould want to ask a reference about thejob applicant are “How does the personhandle decisions? Are they flexible? Dothey seem to dig their heels in and not lis-ten to opposing points of view? Have theydone anything that’s disturbing to you?”says Stock.
A common characteristic shared bythose who pose an insider threat is dis-honesty, says McGarvey, so prospectiveemployers should be on the lookout forany type of deception in the hiringprocess. “So if a person comes in and they
give you a bogus, not necessarily an in-complete résumé but a bogus résumé, notonly are they being dishonest but they’retrying to manipulate the situation intomaking you think they’re someonethey’re not,” McGarvey says. He adds thatit’s not necessarily that the applicantmakes errors, but why there are errors andif they are intentional.
John McGonagle, managing partner ofThe Helicon Group, recommends askingjob candidates about their job history andany issues with prior employers. Toomany job changes could be a red flag.“Some high achievers are constantlychanging jobs,” he says, but it might beworth looking into.
“Maybe they’re trying to get ahead ormaybe they’re going from company tocompany stealing products and moving tothe next company…. Until you associatethat as part of the group of inappropriatebehaviors, you don’t necessarily see it asan insider threat issue, you just see it assomebody who’s trying to get ahead,” Mc-Garvey says.
McGonagle also recommends askingwhether applicants have been involved inlawsuits with prior employers. They “mayhave been perfectly legitimate…but it’s alegitimate question to ask,” McGonaglesays.
One way to avoid individuals whocould go either way is to hire someonewith characteristics that tend to mitigateinsider threat risk. For example, workingwell with others, showing compassion toand for others, responding well to criti-cism, and communicating frustrations ef-fectively—these are all qualities to lookfor in job candidates, says the Deloitte re-port Building a Secure Workforce. Prospec-tive employers can seek to determinewhether a person has these characteristicsby talking with a person’s references andasking the right questions during writtenand oral interviews.
Data Protection
Time was, run-of-the mill contract security wasgood enough. Someone to keep an eye onthe perimeter and entrances was sufficient.But 9/11 changed all that. EVERYDAY SECURITY FOR THE TERRORIST AGE. 100% of Premium Protection Division personnel have military or police experience.And all have been through our own academy. When your security needsrequire a higher grade of security, it isimportant to call the right people. Bring inthe Premium Protection professionals fromSpecial Response.
40 OCTOBER 2013 WWW.SECURITYMANAGEMENT.COM
It’s about people who perceive thatthey’re far more valuable than theyactually are.
Product info #23 securitymgmt.hotims.com
Data Protection
Background ChecksA thorough background check is an obvi-ous first step in screening out insiderthreats, with the above-mentioned redflags as one guidepost. Even the best checkwill miss insiders who haven’t yet doneanything wrong, but it may catch otherswho have already transgressed or have ex-hibited some troublesome behaviors.
Companies that use backgroundchecks must decide whether to do thecheck themselves or contract it out to athird party. Going to a third party will costmore but the screening company will bemore experienced at the work and willusually have more resources to pursue forthe check.
Whether the check is carried out in-house or contracted out, managementmust decide what the check will entail,but they must consult counsel to ensurethat they are staying within all applicablelaws. “And make it very transparent andvisible,” says Eugene Ferraro, chief ethicsofficer of Convercent.
If conducted by an outside company, orwhat is often referred to as a consumer re-porting agency or CRA, the backgroundcheck is bound under the limits of the FairCredit Reporting Act (FCRA), which ismeant to protect consumers. For employ-ment background checks, the FCRA re-quires that the company provide writtendisclosure to the applicants before obtain-ing a consumer report, as well as receiveauthorization to obtain the report. TheFCRA requires strict compliance. The au-thorization has to be provided to an appli-cant on a single page, separate and apartfrom the application or other documents,”explains Ryan DiClemente, of Saul EwingLLP. So, for example, if a company “in-cludes that authorization at the very endof its application, that’s going to be insuf-ficient under the FCRA. And there’s beenlitigation that has recently arisen as a re-sult of that.”
The company must also provide a copyof the report and certain disclosures priorto taking any action against the applicantif the report leads to an “adverse action,”which could include not being hired, aswell as certain additional disclosures afterthe adverse action is taken. Investigativereports that include interviews on the per-
son’s background and character have addi-tional FCRA requirements. However,when a current employee is suspected ofwrongdoing and that spurs the back-ground check or investigation, it may beexempt under FCRA. “Just by way of ex-ample, if your company suspects some-body of theft, and at that point, you decideto run a background check that is relatedto the conduct, the disclosure require-ments of the FCRA are unlikely to apply,”notes DiClemente. He adds that it makessense that “you would not want to be put-ting an employee on notice that you sus-pect them of something because it couldjeopardize the internal investigation.” Thecompany must work with legal advisorsto ensure that it complies with all stateand local laws that apply as well.
Criminal histories. Companies may wantto check criminal histories of job appli-cants for red flags that could indicate aperson might not be trustworthy, but theyhave to be careful to abide by legal restric-tions increasingly being placed on the useof this type of information. (For more in-formation on this topic, see “Managing”on page 74).
Due diligence. Whatever the back-ground check entails, the information init must be verified. An unreliable back-ground check will be useless. For example,it has been reported that Snowden’s edu-cation claims were not entirely accurate,but according to public reports, this didnot lead Snowden’s background checkerU.S. Investigations Services, known asUSIS, to revoke his security clearance.That contractor and others that have donesimilar work for the intelligence commu-nity are now being scrutinized. (It mayturn out that they have explanations forwhat occurred.)
How can a company ascertain whetherthe vendor hired to do background checksis doing a good job? “Some sort of qualityassurance is appropriate,” Ferraro says. Forexample, the contractor might be asked todo background checks on some individu-als about whom the results are alreadyknown so that the results can be com-pared and the thoroughness of the workassessed. One of the reasons USIS is underscrutiny is because the company allegedlydid not do all of the secondary reviews it
Maximum Security System
Extra security har
For rthe tightest security involving panicharvery powerful deterrfunctionality you need to prlevel of security you want.
toughExtra e.dwarsecurity har
etail applications that call forFor rthe tightest security involving panic
fers a choice ofe, Detex ofdwarharents. Choose thevery powerful deterr
ovide thefunctionality you need to prlevel of security you want.
ents. Choose the
230X Maximum Locking StrMulti-Point Panic Haris engineerextrbolt design thatwithstands 16,000pounds of pull forSingle- and double-bolt and weatherizedmodels available.
V50 and 20 Series
ength230X Maximum Locking StredwarMulti-Point Panic Har
ed withis engineer, triple-eme-dutyy, triple-extr
bolt design thatwithstands 16,000
ce.pounds of pull forSingle- and double-bolt and weatherizedmodels available.
V50 and 20 Series
ength
V50 and 20 SeriesSurface VRod Exit Devices double doors ofdependably toughpr
Door Prdesigned to sound a warwhen doors arBattery power
V50 and 20 SerieserticalSurface V Vertical
Rod Exit Devices forferdouble doors of ffer
dependably toughotection.pr
op AlarmsDoor Pr re aningdesigned to sound a war
opped open.e prwhen doors ared.ed or wirBattery power
800-729-3839 830-629-2900www.detex.com
WWW.SECURITYMANAGEMENT.COM SECURITY MANAGEMENT 41
Product info #24 securitymgmt.hotims.com
claimed to have done to ensure that re-ported results were accurate.
Ferraro advocates conducting properdue diligence on the vendor. “It’s like any-thing else. You just don’t take your cars toany mechanic, you take them to the rightmechanic if you want the problem fixed.So due diligence is an important compo-nent. And associations, trade organiza-tions like ASIS International and [the So-ciety of Human Resource Management]often hold training and seminars on thistopic, as do all of the major law firms. Infact, law firms are a very good source offinding a quality vendor,” says Ferraro.
In-house. When a company conductsthe background check on potential em-ployees on its own, says Ferraro, “much ofthe Fair Credit Reporting Act does notapply.” However, before companies jumpon that option, they must consider thedrawbacks to in-house searches. First isgreater liability. “Number one is a risk-management issue. If I use you as my ven-dor and something happens, I can alwayssue you. If I do it myself, who am I goingto sue?” Ferraro says.
Then there is the fact that the companymight not have the in-house expertise orresources. Ferraro points out the difficultyin searching for criminal records. There isno comprehensive one-stop shop for all of
the nation’s criminal records, so it oftenrequires going straight to sources wherethe applicant has lived. Ferraro says that itmight be easier for a third party, which al-ready has relationships and an infrastruc-ture that allows it to do those sort ofchecks.
On the JobPreemployment screening is only a smallpart of the equation, however. Most insid-ers will pass any screens with flying col-ors because they aren’t a risk at the time ofthe screening. As stated earlier, insiderstend to develop their decision to do harmover time.
McGarvey says that what pushes some-one over the line that makes them be-come a threat could be personal, like fi-nancial debt, or related to what thebusiness is doing, which might be some-thing like furloughs or salary cuts or ac-tions that the employee dislikes or deemswrong, as appears to have been the casewith Snowden.
And when there is movement from theidea of doing something to actually takingthe action, such as stealing information,Stock says that it often begins about amonth before the employee leaves thecompany. Companies needs to be vigilantabout looking for signs of trouble to de-
tect the move to action when it occurs.But what should they be looking for?
Behavioral changes may be one signthat an employee has become an insiderthreat. For example, a change in hours; anemployee who used to work 9 to 5 willstart working earlier or later and spendingmore time in the office alone. They’llbegin accessing data that they don’t needor that they never accessed in the past.
Stock adds that companies should lookat what types of systems employees are ac-cessing, who they are talking to, and whattypes of questions they are asking aboutinformation they normally would not beinvolved with.
Psycholinguistic changes. Psy-cholinguistic changes can be a tipoff thatsomeone is becoming an insider threat.These can be discovered in some casesthrough personal interaction as well as e-mail monitoring with special programs.“They’ll start not only complaining morebut you’ll see sentences that have theword ‘I’ in it more. ‘I did this, and I’m notappreciated. I did this, and you did this tome when I did that.’ So it’s becomingmore focused on them as opposed to busi-ness,” says Stock.
Stock says another psycholinguistictrait to look for is what is known as aver-sive frustration: “‘I have a goal. My goal isto get a promotion. You, my supervisor,are standing in my way. So, now as I’m try-ing to move towards my goal, you’re keep-ing me from that. The more I feel that I’mbeing kept away from my goal, avertedfrom that, the more frustrated I become.The more frustrated I become, the more Ithink of what I need to do to get to where
Data Protection
»The change from benign employee to malicious insider can be spurred by
anything from home-life stress to frustration at being passed over for a pro-
motion to the thought that the company does not appreciate one’s work
product and contributions.
Companies can take steps during the hiring process, such as background
screening and checking references, to make sure a person isn’t entering the
job as a problem. But many insiders aren’t a threat when hired, so the next
step is to have a way to detect problems.
There are certain personality traits that insider threats often share, such
as those associated with narcissistic personality disorder. Although the indi-
viduals can be high achievers in certain situations, they may also go the
other way and harm the company. It’s important to spot problematic be-
haviors, such as changes in language, work hours, or data being accessed.
Some experts recommend training that raises awareness of the signs of
insider threats and encourages reporting of problematic behavior. This type
of training may deter a threat, as well as help at-risk employees find the
help they need.
SYNOPSIS
No one in the company is going tohave the complete picture of anyindividual.
42 OCTOBER 2013 WWW.SECURITYMANAGEMENT.COM
I need to be.’ So that sense of frustrationcomes out so the person will say thingslike, ‘you know, I’ve been here for 15years, and this is how you treat me. I’mnot appreciated. You say that you wantme to succeed but you’re standing in myway.’ So you see that shift.”
Cognitive distortion is another possibleindicator that someone may be goingdown the path of becoming a threat; it’swhen the person misinterprets others’ ac-tions. And McGarvey says that individualswill sometimes “demonize” the companyor their coworkers. That’s “where youstart talking about an individual or otherindividuals and really saying things aboutthem to dehumanize them in your mind.You see that in countries, you see it withgroups…. You start talking about how badthe company is, how they’re doing this,how they’re doing that,” McGarvey says.
Risk assessment. No one person inthe company is going to have the com-plete picture of any one individual, socompanies may want to have a team com-posed of representatives from various de-partments that meets periodically to dis-cuss whether anyone sees signs of anyinsiders exhibiting behavior that seemstroubling. The team should include repre-sentatives from human resources, secu-rity, legal, and others as appropriate, sothat all of them can bring together theirperspectives on the risk.
“If you suddenly find that each andevery department from a completely dif-ferent angle has seen certain risk charac-teristics, then the chances that this personmay be an insider threat certainly aremuch higher,” says Kabilan. He says thefrequency with which these teams shouldmeet would depend on the organization.“It could be anything from monthly toquarterly; it really depends on the size ofthe organization and the sort of securityrisks that they have. But it should be a reg-ular thing. It should not be somethingthat gets convened because an issue hasarisen.”
Awareness. Apart from this team, thecompany will benefit from raising thegeneral level of awareness throughout thecompany. The Deloitte report advisescompanies to establish insider-threatawareness programs for the employees as
one part of a culture that mitigates insiderrisks. This will also help put all employeeson notice about what the company poli-cies are with regard to the confidentialityof the company’s proprietary information,what behaviors are not allowed, whatmight trigger monitoring of employees,and what disciplinary actions might re-sult from violations of the policies.
In addition, according to the Deloittereport, “Ongoing educational campaignsdirected at the work force about thethreats posed by insiders can heightensensitivity to insider threat challenges,and provide concrete, practical steps em-ployees can take to minimize asset loss.”
The Deloitte report also advocates cre-ating networks of security-minded peopleand training the work force to observe,collect, and report information on suspi-cious behavior. That includes making surethere is a way for employees to reportsuch behavior. The report also suggestsdeveloping a way to test this training toensure that it is effective.
“The challenge of asking the work forceto become involved is both one that’s apractical issue and a perception issue,”says McGarvey, who implemented insider-threat programs when he was director ofinformation protection for the U.S. AirForce.
Security doesn’t want to be seen asbeing like the Stasi was in East Germany,asking everyone to report on everyoneabout everything. “First off, it doesn’twork, and secondly, it gives you a horriblereputation,” says McGarvey.
But there are ways to implement a rea-sonable reporting system. McGarvey saysthat training employees to detect patternsof behavior that indicate distress willallow the company to help the individualat risk. McGarvey says that this will in-volve human resources and other depart-ments outside of security.
In the Air Force, McGarvey relied onengagement with the surgeon general’soffice and the chaplain’s office, to helpidentify issues and to provide resourcesfor troubled individuals.
“We wouldn’t have to go to an individ-ual and say, ‘Hey, you’re screwed up, we’regoing to pull your clearance, we’re goingto fire you, we’re going to put you in jail.’
Data Protection
Guard Tour System
Prwhatever the weather
Herovides consistently rpr
at guarconditions ar
oxiPen works,ro .whatever the weather r.
s a high-tech Detex tool thate’Hereadseliable rovides consistently r
even when—d tour stationsat guart good. Usingen’conditions ar
conditions aradvanced prGCSthe RFID tag, so waterwon’
Important forsecurity r
oxiPen also checksPrfor daily inspectionsand prmaintenance, helpingto lower liability and
t good. Usingen’conditions ar, ouroximity technology y, ouradvanced pr
GCS® t have to touchoxiPen doesn’ Pr, ice or snowe RFID tag, so water ,
.t matterwon’
Important forounds, thesecurity r
oxiPen also checksfor daily inspections
eventativeand prmaintenance, helpingto lower liability and
t have to touch
insurance costs.
Preverything you needfor quick set-up of acomplete guarsystem.
Tit easy to download and evaluatecollected data and prTextended capacity and mor
insurance costs.
oxiPen KitsPr includeeverything you needfor quick set-up of a
d tourcomplete guarsystem.
eol Softward PatropGuarTTopGuar makesit easy to download and evaluate
eports.e reparcollected data and providesol Plus prd PatropGuarTTopGuar
eextended capacity and mor
makes
eports.
r
800-729-3839 830-629-2900www.detex.com
extended capacity and moreporting options.r
WWW.SECURITYMANAGEMENT.COM SECURITY MANAGEMENT 43
Product info #25 securitymgmt.hotims.com
WWW.SECURITYMANAGEMENT.COM SECURITY MANAGEMENT 45
Instead, we’d say, ‘We see there’s an issue;you can go talk to a counselor; you can gotalk to your chaplain, but you do need totalk to someone,’” says McGarvey.
This approach takes specialized train-ing, however. “The training actually has tobe in three different areas. You have tohave training for the security officers sothey understand what it is they’re dealingwith and how to approach it. You have tohave training for the general population,so they understand that this is not a witchhunt. And then you have to have trainingfor the management, senior management,so they understand where you’re comingfrom on this and so that we can ensure co-operation with the other elements likehuman resources. So it has to be a verycomprehensive program,” says McGarvey.
Paying to set up and maintain this typeof program, including the training and re-porting mechanisms, is a cost effective op-tion when compared to intellectual prop-erty loss. However, to keep costs down,companies must figure out how they canbest implement these types of programs,possibly overlaying them with securitystructures that are already in place; for ex-ample, augmenting the hiring process tonot just look for technical skills but alsosocial fit with the company.
If an individual does become the sub-ject of suspicion and the company’s threatassessment team and management decideto more formally monitor that person, thecompany must make sure that it workswith legal counsel to avoid any charges oflegal misconduct and privacy violations.
Employee assistance. Where possi-ble, the goal of all this vigilance is to catchsomeone at the early stages of stress anddeter them from going down the wrongpath. With that in mind, there are somepossible mitigation strategies that may beemployed to prevent someone who maybe frustrated with the company, dealingwith a personal crisis, or who may startconsidering wrongdoing from veeringover into the dangerous insider threatzone. Stock notes that many companiestoday have Employee Assistance Pro-grams (EAPs), and those services might beable to assist employees.
According to the Deloitte report, theEAP “can make a critical difference in in-
terrupting forward motion of a potentialinsider who is in crisis and whose solu-tion is the intent to compromise informa-tion.” The report also recommends ensur-ing that management is engaged. ButStock notes that companies sometimessee the red flags, and, instead of offeringhelp, “they have a knee-jerk reaction, andthey terminate them.”
TerminationWhen an employee is terminated, regard-less of the cause, the business must haveprotocols that minimize the potential forthe departing employee to harm the com-pany or steal corporate data. That processactually begins when a person is hired, atwhich time they should have been askedto sign appropriate documents, such asconfidentiality, nondisclosure, or non-compete agreements.
At the time of departure, especiallywhen it is a termination, one of the bestsafeguards is to take out the paperworkthat they signed and show it to themagain. This reminds them that theysigned a legal document and “that it is se-rious business,” says McGonagle. “Don’toverstate it. But again, you want to re-mind them that they still have obliga-tions to you.” (Of course, this may notdeter a determined leaker or a person in-tent on otherwise misappropriating cor-porate data but it will set a legal frame-work for later prosecution.)
Next, the company must have aprocess for immediately removing theterminated employee’s access privilegesto any company systems and networks.This reduces the potential for the em-ployee to take company data after the ter-mination.
An insider looking to do harm is auniquely dangerous villain, because ofhis or her proximity to the company andits information. By having comprehen-sive policies in place and cultivating avigilant work force with a culture that ac-knowledges and mitigates insider threats,companies may be able to avoid situa-tions where assets are compromised bytrusted insiders looking to do harm. ■
Laura Spadanuta is senior associate edi-
tor at Security Management.
Data Protection
Outdoor Area System
Panic hargated courtyarand gar
Exclusive to Detex, our weatherizedpanic harprspend time in a securEspecially useful for assisted living
e fordwarPanic hardsgated courtyar
dens.and gar
Exclusive to Detex, our weatherizede system is ideal fordwarpanic har
esidents or patients whootecting rprea.ed outdoor arspend time in a secur
Especially useful for assisted living
ea.
Especially useful for assisted livingfacilities, our Outdoor Arharcan’the gate. Advantexquality components arextr
Especially useful for assisted livingea Systemfacilities, our Outdoor Ar
esidentse that re makes surdwarhart wander beyondcan’
the gate. Advantex®
equality components aremely durable.extr
eatherizedWPanic Devices with15-second delayedunlocking have analarm that notifies
alarm that notifiesmonitoring stationof attempted exit.
olAccess ContrDevices allow entry
dwith keypad or car.eaderr
op Alarmseatherized Door PrWn that a door or gate is beingwar
held open.
op Alarms
800-729-3839 830-629-2900www.detex.com
Product info #27 securitymgmt.hotims.com
