Soft Targets & Insider Threat

   pdf-icon-png-pdf-zum-download-2

Soft Targets 

Today’s public venues, stadiums and amusement parks are acutely aware they present an inviting target for malicious actors to inflict great harm and casualty to our nation’s unsuspecting public. Evidenced by the recent attacks overseas, international terrorist organizations, their affiliates, and “Lone Wolf” sympathizers view public events and venues as vulnerable, “soft targets” of opportunity. It is not coincidental that our nation’s security apparatus also formally categorizes these same locations and events as “soft targets” that require planning, training and a reactive response should one become the target of terrorism.

Perimeter and Physical Security

The majority of domestic security efforts and investment have focused on external threats, deploying perimeter based physical security measures to combat and deter threats. Many of our public forums and workplaces have adopted layered defenses that employ the latest in physical security, electronic monitoring/surveillance and network based technologies. While these measures remain critical to ensuring public safety, the threat continues to evolve and a security strategy must now include an inward facing component to be considered comprehensive and effective.

Insider Threat

One of the less obvious and most challenging of threats are the many employees and contractors who have internal access inside the organizational perimeter those within the trusted workforce who, for one reason or another, take actions or engage in behavior that negatively impacts the safety and security of the very organization they work for. Commonly referred to as “insider threats,” these employees and contractors become vulnerable to exploitation, susceptible to commit bad acts or, at a minimum, are distracted in the performance and execution of their jobs. This is the human side of insider threat, and regrettably, most organizations do not address this rising concern within their layered security approach. Surprisingly, many simply rely on a background investigation prior to hiring employees and contractors, then assume a level of trust for the tenure of employment. This practice has proved catastrophic across public and private sectors alike.

Behavioral Alerts

ClearForce addresses the human element of this institutional security vulnerability in a manner that protects privacy, promotes transparency between an organization and its workforce, and mitigates risk. ClearForce leverages data, analytics and technology to identify early indicators of personal and financial stress through real-time, event-based alerts of criminal arrest, material and unusual changes in financials and other high-risk behavioral alerts based on organizational requirements and risk. ClearForce is configurable and operates as a Credit Reporting Agency with full employee consent and an FCRA and EEOC, legally compliant workflow while enabling consistent and appropriate action. As the only solution of its kind, ClearForce protects the workforce, the company and the venue 24 hours a day/365 days a year.

Insider Threat Management – Aviation Industry

pdf-icon-png-pdf-zum-download-2 

Insider threat is a real and growing risk for airports and airlines: risk created by an employee or contractor who has been granted unescorted access behind the security perimeter and allowed to move unrestricted within the secure areas. This individual can use their access knowingly or not to commit a crime or worse an act of terrorism. The ability to detect those who are exploiting trusted access for personal gain, or aiding conspirators in executing more complex attacks is rapidly becoming the number one issue facing airports and airlines.

Beyond the deliberate actions to negate or bypass airport and airline security is the risk of employees becoming increasingly stressed or disgruntled at work. Often the drivers of this stress are hidden from management’s view until they manifest in workplace violence, harassment or with the mistakes of a distracted worker who puts themselves and the organization at risk.

Today, airlines and airports rely heavily on pre-employment background checks to discover at-risk employees. some are adding random background re-checks or reducing the time between scheduled re-checks to enhance detection of those life changes in an individual that today go undetected-putting both the individual and organization at increased risk. Others are adding special access procedures for employees to be screened for contraband, adding in additional cyber monitoring, or extra cameras all to combat the insider risk.

A Soft Target

Our aviation infrastructure is seen as a “soft” target by those seeking to profit or do harm to our nation. Bad actors are seeking at-risk aviation employees who are susceptible to be recruited to support nefarious activity. The challenge with static background checks, increased physical or technical security processes, is they miss the day-to-day stresses and actions of the individual, which caused them to become vulnerable to recruitment. These material changes in behavior often take place away from work and thus hidden from organizational represent a
current security gap.

Financial Alerts 

ClearForce delivers event-based alerts of leading indicators of financial stress and abnormal financial activity or affluence. Personal financial stress that remains unseen by organizational leadership can fester until the individual decides to take negative action in the workplace. As an example, the rapid acceleration of debt or defaulting on a mortgage can lead to high levels of personal financial stress. By enabling early identification of financial stress organizational leadership can proactively intercede with counseling, training and supervision that in many cases will solve a problem before it escalates.

Crime and Misconduct

ClearForce automates delivery of 24/7 real-time alerts of illegal or illicit behavior. Based on organizational requirements, these alerts may range from criminal arrest and conviction, to employees identified on various federal, state and industry wanted, watch and sanction lists.

Legally Compliant Workflow

Once a risk is identified, ClearForce provides an operationally efficient, EEOC and FCRA compliant and bias-free workflow that enables organizational leadership to take appropriate action based upon externally sourced behavioral alerts in real-time. ClearForce operates with full employee consent and policies are configurable at the individual job or role level. ClearForce ensures a non-judgmental, standard process with pathways for the employee to review, correct or challenge inaccurate or incomplete information. ClearForce’s role-based architecture connects critical organizational functions and automates checks and balances. To provide initial anonymity and protect against personal bias or favoritism, new alerts are presented based on employee role, not their name.

Self and Peer Reporting Portal

Additionally, ClearForce offers an optional portal for employees to securely submit self or peer reports of illegal or inappropriate behavior within the workplace, including the ability to submit anonymous whistle blower reports. All external and internal behavioral alerts, incident reports and complaints are centrally captured, archived, and adjudicated within the ClearForce system. Therefore, resources needed to research past complaints, respond to legal/regulatory questions, and report on trends are significantly reduced.

About ClearForce

ClearForce is headquartered in Vienna, VA and delivers innovation to the employee risk management market. Our mission is to eliminate insider risk by informing organizations of the early signs of employee misconduct and stress, enabling proactive and legally complaint actions to mitigate risk.

Workforce Assurance – Casino and Gaming Industry

  pdf-icon-png-pdf-zum-download-2 

Employees don’t wake up one day and decide to commit the crime in the workplace – there are almost always leading behavioral indicators simply unseen by the company. Whether driven by financial or personal issues, employees often look for ways to address their stressors themselves. These “hidden” challenges can manifest themselves in the workplace with no warning.

For the casino and gaming industry the risk of financial theft and fraud is pervasive across every job role; from security to hotel services, from the casino floor to the accounting department, maintenance to valet parking. Based on the magnitude and breadth of risk, the gaming industry continues to operate as a recognized leader in physical, financial and information security.

As an example, pre-employment background checks are consistently used to ensure new hires do not have a history of negative behavior that could adversely impact their ability to do their job, jeopardize the safety of other employees, or introduce significant business risk. However, once a hiring decision is made, rarely are background checks renewed, or at best re-checked on an infrequent, static, scheduled basis. Monitoring of employee behavior is limited to physical security and their use of technology within the workplace. The same behaviors that would have disqualified someone prior to hiring may be occurring during their time of employment, and most casinos are never aware.

The ClearForce Advantage

ClearForce is a patent-pending employee risk management solution that helps organizations eliminate insider risk and ensure a culture of trust within their workforce by striking the balance between security and privacy.

ClearForce delivers event-based alerts of employee misconduct and high-risk behavior that occurs outside the workplace to identify employees under financial and personal stress who can become vulnerable to exploitation, susceptible to commit crime or distracted in their job and inadvertently making mistakes that create risk for the organization. ClearForce allows for early informed intervention by the organization with training, counseling and guidance that in many cases will solve an employee problem before it escalates.  Since each job role within a casino represents a different level and type of risk to the organization, all alert sources and policy can be configured down to job role and geography to appropriately manage risk. ClearForce operates as a credit reporting agency with 100% employee consent and provides a legally compliant workflow for organizations to take consistent, appropriate actions to protect the employee and the organization.

Financial Alerts 

ClearForce delivers event-based alerts of leading indicators of financial stress and abnormal financial activity. Personal financial stress that remains unseen by company leadership can fester until the individual decides to take negative action in the workplace. As an example, the rapid acceleration of debt, monthly payments exceeding income, or defaulting on a mortgage can all lead to high levels of personal financial stress. Conversely, the rapid repayment of debt may also indicate risk. By enabling early identification of financial deterioration or abnormal behavior, company leadership can intercede and prevent the employee from slipping into unrecoverable financial stress. Proactive engagement can save the individual and organization from unnecessary negative outcomes.

Crime and Misconduct

ClearForce automates delivery of 24/7 real-time alerts of illegal or illicit behavior. Based on organizational requirements, these alerts may range from employees identified on various federal, state and industry wanted, watch and sanction lists to alerts of criminal arrest and conviction.

Legally Compliant Workflow

Once a risk is identified, ClearForce provides an operationally efficient, EEOC and FCRA compliant and bias-free workflow that enables company leadership to take appropriate action based upon externally sourced behavioral alerts. ClearForce operates with full employee consent and policies are configurable at the individual job or role level. ClearForce ensures a non-judgmental, policy-driven, standard process with pathways for the employee to review, correct or challenge inaccurate or incomplete information. ClearForce’s role-based architecture connects critical organizational functions and automates checks and balances. To provide initial anonymity and protect against personal bias or favoritism, new alerts are presented based on employee role, not their name.

Self and Peer Reporting Portal

Additionally, ClearForce offers an optional portal to enable employees to securely submit self or peer reports of illegal or inappropriate behavior within the workplace, including the ability to submit anonymous whistle blower reports. All external and internal behavioral alerts, incident reports and complaints are centrally captured, archived, and adjudicated within the ClearForce system. Therefore, resources needed to research past complaints, respond to legal or regulatory questions, and report on trends are significantly reduced.

About ClearForce

ClearForce is headquartered in Vienna, VA and delivers innovation to the employee risk management market. Our mission is to eliminate insider risk by informing organizations of the early signs of employee misconduct and stress, enabling proactive and legally complaint actions to mitigate risk.

Insider Risk in the Insurance Industry

pdf-icon-png-pdf-zum-download-2 

Insider threats from employees and contractors are a major component of cyber risk and workplace crime. Research indicates that more than half of corporate losses from cyber threats involve insiders who initiate or facilitate these crimes. Insurance companies and their commercial customers often perform pre-employment background checks to screen candidates and identify negative behavior that could adversely impact their ability to do the job, jeopardize the safety of other employees, or introduce significant business risk. Once hired, rarely are background checks renewed and monitoring of employee behavior is usually limited to their use of technology within the workplace. The same behaviors which may have disqualified someone prior to hiring may occur during employment and most businesses are never aware. There are two principal reasons that ongoing reviews do not happen. One, most companies trust their employees to do the right thing and don’t want to violate that culture of trust with an intrusive view into their personal lives. Second, most companies do not have behavioral information available to them or a business application necessary to receive, process and take appropriate actions.

The Solution

ClearForce solves both challenges by going beyond traditional static point-in-time screening by enabling continuous event-based alerting of high risk behavior in and outside the organization. Rather than inefficiently investigating common activity to find suspicious behavior, ClearForce delivers company defined, event-based alerts of high risk behavior. This enables companies to see behind the façade of troubled employees who may become threats to the organization or other employees, prevent the risk before it materializes, and without intruding on the privacy of their workforce.

Any criminal conduct by employees may directly represent a risk to the business or fellow employees, and based on severity, will likely result in immediate internal investigation. Conversely, the rapid acceleration of revolving debt, monthly payments exceeding income, or defaulting on a mortgage may be much less obvious but also signal high levels of personal stress and risk. These often unforeseen changes in an employee’s financial situation can lead to employees making bad decisions that could go undetected for a prolonged period. With ClearForce’s early identification of such situations, company management and HR can intercede and provide the necessary training, counseling or support to prevent the employee from slipping into an unrecoverable condition and becoming an insider risk.

Once a potential risk is identified, ClearForce provides an operationally efficient, EEOC and FCRA compliant and bias-free workflow to take appropriate action. ClearForce operates with 100% employee consent, and ensures a non-judgmental, policy-driven, standardized process with pathways for the employee to review, correct or challenge inaccurate or incomplete information. ClearForce’s role-based architecture automates checks and balances and provides initial anonymity of alerts to protect against personal bias or favoritism. ClearForce pre-defines policies that are fully configurable and can be adjusted based on organizational functions, employee roles, or a desired level of alerting within the organization.

Additionally, ClearForce offers an optional automated whistleblower functionality to enable members of the workforce to securely and anonymously submit reports of illegal or inappropriate behavior within the workplace in addition to creating peer and self-reporting capabilities for internal HR incidents. External and internal behavioral alerts and incidents for employees are centrally captured, archived, and adjudicated within the system. Therefore, resources needed to research past complaints, respond to legal questions, and report on trends is significantly reduced.

The Insurance Industry   

Personal Lines Insurance Companies (e.g., auto and homeowners) face significant insider risk of theft, fraud, embezzlement, and forgery due to the sheer volume of activity associated with a large number of employees and sales agents and their staff (including direct employees and/or independent contractors) who, through direct consumer engagement (selling policies and financial products), have access to cash, financial transactions and confidential customer data.

Commercial/Business Insurers face similar internal risks and could equally benefit from ClearForce. Their clients also face a variety of other business-related risks, i.e., cyber-crime, commercial/financial crime, and wrongful termination. Commercial insurers may advocate or compel the use of ClearForce to their customers as a means of reducing this risk and potentially related premiums.

ClearForce is a patent-pending, secure cloud-based service that is offered on a subscription basis and requires limited resources to deploy and manage.

Insider Risk Monitoring for Counter Intel

 pdf-icon-png-pdf-zum-download-2                                                                          

Today, most organizations address insider risk prevention by focusing on the cyber domain: building increasingly sophisticated electronic fences around their data, digital assets, and cyber networks.

They are also increasing their electronic monitoring of employee activity, while on work networks or devices. They seek to observe, listen and analyze every keystroke, text, tweet, Facebook post, the list goes on. Organizations are continuously seeking to maintain cyber alignment between threat vectors
and their organization’s defense. Many believe we can spot insider threat by watching network activity or running electronic conversations through sentiment analytics only. But, there is a gap. A gap in cyber defense opens the day after an employee passes a background check. And that gap grows every single time an employee leaves their workplace and logs off the network. What was so important to know and assess in the last background checks has fallen off the scan. Criminal arrest outside of work, and material changes in their personal financial condition are the two leading indicators of insider risk. These acts and behaviors outside of the workplace provide a breeding ground for hostile actors employing basic counterintelligence trade craft as they seek to find the employee with that hidden secret they can exploit. Too often these external threats will discover the “secret,” hidden from the organization because they are looking for it and the organization is not.

Consider the challenges that make a trusted employee vulnerable to blackmail or coercion: a need for money for a family crisis, spiraling debt resulting from an unknown gambling addiction or perhaps a sudden medical emergency or recent divorce, college tuition, or elderly care. Or it could be the employee who was arrested and booked for criminal activity that has gone unreported. The data supports that personal financials are #1 reason that security clearances are not renewed.

These are the access points that the external threat seeks to uncover and exploit. Now consider the amount of personal information that is swirling around in public databases or the Dark Web every day. At first glance it might seem harmless and scattered, but in the hands of bad actors this is how they profile. This is how they discover who they need to social engineer or coerce to carry them past your cyber perimeter. Most of this unseen negative activity takes place away from work, which accounts for about 60% of your annual employee’s activity and defines the scope of your current gap. These behavioral stressors have been proven to drive good employees to take advantage of their inside access for personal gain or to fix the mess they are in. These stressors can also build into the emotional stress that leads to workplace misconduct.

ClearForce was designed to cover this counterintelligence gap. ClearForce helps see behind the façade of a struggling employee to uncover an insider that may become a possible threat, or is vulnerable to being approached by a bad actor. ClearForce proactively identifies employees with increased financial or criminal stress in real time with event driven alerts. It allows for early informed intervention by the organization, that in many cases will solve the problem right there, before it can escalate and before the employee becomes vulnerable and emerges as an insider risk.

Additionally, once the potential risk is identified, ClearForce provides an operationally efficient, legally compliant and bias-free workflow that enables an organization to take appropriate actions. ClearForce was built with an understanding that you hired the employee, invested in them and you want to keep them. ClearForce also ensures that throughout this transparent process there are pathways for the employee to review, correct or challenge inaccurate or incomplete information. ClearForce’s role-based architecture automates checks and balances; and all information is secured and archived within a centralized system.

ClearForce for Government Contractors

pdf-icon-png-pdf-zum-download-2

As a Government contractor, your employees are your most important corporate resource, and can be your greatest source of business, customer and reputational risk. You can reduce these risks by proactively identifying and remediating leading indicators of insider crime or other negative activity. Be informed in real-time of your workforce challenges to allow you to resolve the issues before the Government recognizes there is a problem.

Remove the Concern of Employees Harming Your Projects and Your Business

A cleared employee experiencing financial difficulty is unable to pay their credit card bills. ClearForce alerts on the credit deterioration at 30 and 60 days. After a 90-day delinquency alert is received, the ClearForce reviewer initiates our patented workflow. This includes discreet discussions with the employee and his manager. The employee is informed of options and agrees to credit counselling and training, allowing the company to keep a valued employee who might otherwise spiral deeper into debt to the point where he becomes a risk to the project and the company.

Protect Your Company from These and Many Other Potentially Disastrous Events

Employees don’t normally decide one day to commit crime in the workplace – there are usually leading behavioral indicators that today go unseen. Whether driven by financial or legal issues employees often look for ways to address the stressors themselves. These “hidden” challenges can manifest themselves in the workplace with no warning. ClearForce’s automated solution proactively alerts on employee risks, heading off potential damage to the enterprise through early intervention. The application delivers near-real time notification of legal or financial behavior that needs to be addressed, whether on or off the customer site. This provides management time to examine and intervene before the issue changes from a risk to a threat and becomes a real emergency.

The Added Benefit of DSS Audit Compliance 

ClearForce out of the box meets all requirements of the latest NISPOM change-2 mandate for an insider threat program that gathers, integrates and reports on information indicative of a potential or actual insider threat. ClearForce also supports self- and peer-reporting, along with foreign travel tracking. ClearForce integrates with your company’s current cyber, HR, internal security and legal processes to support both a defensive and offensive approach to risk and cost reduction.

ClearForce is ready now to provide 24/7-365 continuous insider risk monitoring

ClearForce Case Study – Insider Risk Management

pdf-icon-png-pdf-zum-download-2

Customer Corporation for the past 15 years has been a leading provider of sophisticated technical services to the military and intelligence community. In September 2016, the company assessed options for responding to a US Government requirement that contractors establish and maintain an insider threat program to detect, deter and mitigate insider threats. ClearForce was selected as the preferred insider threat monitoring solution because of its ease of use, minimal resource investment and proven effectiveness.

Implementation required less than a week to full operational readiness, including training the system administrator, inputting employee data, obtaining workforce consent, and submitting a customizable written plan for submission to the US Government. Simply, ClearForce right out of the box addressed all the new insider threat requirements.

INITIAL ALERTS ARRIVED QUICKLY

The first alert arrived within a week, identifying an employee with a new mortgage. Since company leadership knew the employee and was aware of an impending refinance, the alert was simply dismissed with no need to complete the full automated workflow. Other alerts followed that also required no actions after they were noted and then dismissed by the ClearForce analyst and reviewer following discussion with the insider threat program senior official.

RESULTS PROVIDED REASSURANCE TO MANAGEMENT

The Customer headquarters staff conducted a follow-up with ClearForce after eight weeks. Feedback was positive in unexpected ways. It turns out that most of the alerts were for employees who are subject matter experts onsite at Government project locations across the country. The headquarters staff did not realize how much they really did not know or how disconnected they had become to these unsupervised employees, who could bring major disruption to operations should they undertake criminal or other negative activities. Said the Customer president: “ClearForce gave us peace of mind, knowing that we do not need to worry about staff operating without direct supervision.” Employees responded positively to ClearForce as well, noting that their managers seem to have more knowledge and understanding following implementation of the product.

US GOVERNMENT AUDIT PROVIDES ADDITIONAL VALIDATION

In December 2016, the US Government performed an annual audit of Customer’s cleared facility and staff. The results were highly complimentary to the company, including a notation that ClearForce met all requirements for insider threat monitoring. To include several of the checklist items highlighting ClearForce as a best practice. As explained by one of the auditors, the ClearForce approach to insider threat monitoring really nails the requirement, and will prevent audit findings for other contractors if in place.

SUMMARY

ClearForce was designed from the start to be a cost-effective solution for continuous employee evaluation that also provides corporate risk reduction benefits beyond expectation, reduces administrative time spent on personnel issues, meets all US Government requirements for insider threat monitoring, and offers intangible savings from reduced attrition and higher morale.

 

ClearForce for Healthcare

pdf-icon-png-pdf-zum-download-2

Healthcare organizations and providers are coming under increased threat that inside access to patient health records, controlled pharmaceuticals or billing systems will result in theft or fraud. To confront this increasing risk, much of the focus has been on cyber monitoring and increased background checks. While addressing both has a part in reducing the risk, there remains a significant gap that is unaddressed. ClearForce is unique in its approach to close this gap by providing continuous behavioral monitoring supported by a legally complaint workflow.

The Risk

1. Healthcare records alone are becoming a highly lucrative target for theft. A 2015 data security Insider Threat report, indicated that healthcare data has become highly desirable to bad actors. Healthcare records sell for tens to hundreds of dollars and are now more valuable than credit card information that sell on the black market for 50 cents or less. The enormous detail available in patient records make it possible for criminals to not only apply for credit cards or loans, but to generate large profit and gain from fraudulent medical charges.
2. In addition to healthcare records being sold on the dark web or used to commit fraud, healthcare organizations are seeing an increase in the theft of medical supplies, namely controlled drugs being sold for cash. Doctors and pharmacists with an intent to commit fraud or theft can steal medication by forging prescriptions or placing phony orders. Nurses with an intent to prosper through illicit activity may “pocket” pills, giving the patient less than the prescribed amount while keeping the remaining pills for personal gain. In the most egregious cases, health care providers steal powerful narcotics by tampering with vials and syringes, potentially exposing themselves and other patients to infectious diseases.

3. Fraud, a crime that is not unique to the healthcare industry, is also an issue and is driven by the complexity of the medical billing system between providers and payers. The use of third party clearinghouses to support the coding, approval and billing process significantly opens the opportunity for insiders falsifying billing records.

The Solution

For the most part, healthcare employees don’t decide to suddenly, one day, commit crime in the workplace. Rather, the decision by an employee to engage in illicit behavior is contemplated over a period of time and there are usually leading behavioral indicators. Whether driven by emotional, financial or legal needs, employees often look for ways to address these stressors, and the complexity of the medical workplace and environment offers an opportunity. ClearForce continually monitors key behavioral indicators and through customized triggers can proactively alert organizations to those individuals who have either violated the law, or have started down a financial path that they likely cannot recover from. Additionally, ClearForce centralizes and automates peer, self and whistleblower reports, as well as other internal cyber monitoring alerts that may be in use today.

ClearForce operates with full employee consent, removes judgmental bias through standard job level policy, automates required checks & balances, and provides appropriate levels of anonymity, privacy and security. This industry leading legally compliant workflow supports not only the individual’s rights, it further protects organizations from lawsuits and legal challenges going forward. Healthcare organizations are coming under increasing pressure and civil liability to protect themselves and their patients from all aspects of insider risk. ClearForce can provide both real-time alerting and compliant, automated workflow to protect an organization and its workforce today.