Insider Risk in the Insurance Industry

ClearForce for Insurance   pdf-icon-png-pdf-zum-download-2 

ClearForce is an insider risk management solution designed to protect employees and organizations from insider crimes ranging from fraud and theft to cyber breach and workplace violence

The Challenge

Insider threats from employees and contractors are a major component of cyber risk and workplace crime. Research indicates that more than half of corporate
losses from cyber threats involve insiders who initiate or facilitate these crimes.
Insurance companies and their commercial customers often perform pre-employment background checks to screen candidates and identify negative behavior that could adversely impact their ability to do the job, jeopardize the safety of other employees, or introduce significant business risk. Once hired, rarely are background checks renewed and monitoring of employee behavior is usually limited to their use of technology within the workplace. The same behaviors which may have disqualified someone prior to hiring may occur during employment and most businesses are never aware. There are two principal reasons that ongoing reviews do not happen. One, most companies trust their employees to do the right thing and don’t want to violate that culture of trust with an intrusive view into their personal lives. Second, most companies do not have behavioral information available to them or a business application necessary to receive, process and take appropriate actions.

The Solution

ClearForce solves both challenges by going beyond traditional static point-in-    time screening by enabling continuous event-based alerting of high risk behavior
in and outside the organization. Rather than inefficiently investigating common activity to find suspicious behavior, ClearForce delivers company defined,
event-based alerts of high risk behavior. This enables companies to see behind the façade of troubled employees who may become threats to the organization or other employees, prevent the risk before it materializes, and without intruding on the privacy of their workforce.

Any criminal conduct by employees may directly represent a risk to the business or fellow employees, and based on severity, will likely result in immediate internal investigation. Conversely, the rapid acceleration of revolving debt, monthly payments exceeding income, or defaulting on a mortgage may be much less obvious but also signal high levels of personal stress and risk. These often unforeseen changes in an employee’s financial situation can lead to employees making bad decisions that could go undetected for a prolonged period. With ClearForce’s early identification of such situations, company management and HR can intercede and provide the necessary training, counseling or support to prevent the employee from slipping into an unrecoverable condition and becoming an insider risk.

Once a potential risk is identified, ClearForce provides an operationally efficient, EEOC and FCRA compliant and bias-free workflow to take appropriate action. ClearForce operates with 100% employee consent, ensures a non-judgmental, policy-driven, standardized process with pathways for the employee to review, correct or challenge inaccurate or incomplete information. ClearForce’s role-based architecture automates checks and balances and provides initial anonymity of alerts to protect against personal bias or favoritism. ClearForce pre-defines policies that are fully configurable and can be adjusted based on organizational functions, employee roles, or a desired level of alerting within the organization.

Additionally, ClearForce offers an optional automated whistleblower functionality to enable members of the workforce to securely and anonymously submit reports of illegal or inappropriate behavior within the workplace in addition to creating peer and self-reporting capabilities for internal HR incidents. External and internal behavioral alerts and incidents for employees are centrally captured, archived, and adjudicated within the system. Therefore, resources needed to research past complaints, respond to legal questions, and report on trends is significantly reduced.

The Insurance Industry   

Personal Lines Insurance Companies (e.g. auto and homeowners) face significant insider risk of theft, fraud, embezzlement, and forgery due to the sheer volume of activity associated with a large number of employees and sales agents and their staff (including direct employees and/or independent contractors) who, through direct consumer engagement (selling policies and financial products) have access to cash, financial transactions and confidential customer data.

Commercial/Business Insurers face similar internal risks and could equally benefit from ClearForce. Their clients also face a variety of other business related risks, i.e. cyber-crime, commercial/financial crime, and wrongful termination. Commercial insurers may advocate or compel the use of ClearForce to their customers as a means of reducing this risk and potentially related premiums.

ClearForce is a patent pending secure cloud-based service that is offered on a subscription basis and requires limited resources to deploy and manage.

Insider Risk Monitoring For Counter Intel

ClearForce Counter Intel  pdf-icon-png-pdf-zum-download-2

Identifying The Individual With a personal “Secret” Already Inside The Perimeter                                                                                     

Today, most organizations address insider risk prevention by focusing on the cyber domain: building increasingly sophisticated electronic fences around their data, digital assets, and cyber networks.

They are also increasing their electronic monitoring of employee activity, while on work networks or devises. They seek to observe, listen and analyze every keystroke, text, tweet, Facebook post, the list goes on. Organizations are continuously seeking to maintain cyber alignment between threat vectors
and their organization’s defense. Many believe we can spot insider threat by watching network activity or running electronic conversations through
sentiment analytics only. But, there is a gap. A gap in cyber defense opens the day after an employee passes a background check. And that gap grows every single time an employee leaves their workplace and logs off the network. What
was so important to know and assess in the last background check has fallen off the scan. Criminal arrest outside of work. Material changes in their personal financial condition. Two leading indicators of insider Risk. These acts and behaviors outside of the workplace provide a breeding ground for hostile actors
employing basic counterintelligence trade craft as they seek to find the employee with that hidden secret they can exploit. Too often these external threats will discover the “secret,” hidden from the organization because they are looking for it and the organization is not.

Consider the challenges that make a trusted employee vulnerable to blackmail or coercion; a need for money for a family crisis, spiraling debt resulting from an unknown gambling addiction or perhaps a sudden medical emergency or recent divorce, college tuition, elderly care. Or the employee who was arrested and booked for criminal activity that has gone unreported. The data supports that personal financials are #1 reason that security clearances are not renewed.

These are the access points that the external threat seeks to uncover and exploit. Now consider the amount of personal information that is swirling around in public databases or the Dark Web everyday. At first glance it might seem harmless and scattered, but in the hands of bad actors this is how they profile. This is how they discover who they need to social engineer or coerce to carry them past your cyber perimeter. Most of this unseen negative activity takes place away from work, which accounts for about 60% of your annual employee’s activity and defines the scope of your current gap. These behavioral stressors have been proven to drive good employees to take advantage of their inside access for personal gain or to fix the mess they are in. These stressors can also build into the emotional stress that leads to workplace misconduct.

ClearForce was designed to cover this counterintelligence gap. ClearForce helps see behind the façade of a struggling employee to uncover an insider that may become a possible threat, or is vulnerable to being approached by a bad actor. ClearForce proactively identifies employees with increased financial or criminal stress in real time with event driven alerts. It allows for early informed intervention by the organization, that in many cases will solve the problem right there, before it can escalate and before the employee becomes vulnerable and emerges as an insider risk.

Additionally, once the potential risk is identified, ClearForce provides an operationally efficient, legally compliant and bias-free workflow that enables an organization to take appropriate actions. ClearForce was built with an understanding that you hired the employee, invested in them and you want to keep them. ClearForce also ensures that throughout this transparent process there are pathways for the employee to review, correct or challenge inaccurate or incomplete information. ClearForce role based architecture automates checks and balances; and all information is secured and archived within a centralized system.

ClearForce for Government Contractors

ClearForce for Government Contractors pdf-icon-png-pdf-zum-download-2

As a Government contractor, your employees are your most important corporate resource, and can be your greatest source of business, customer and reputational risk. You can reduce these risks by proactively identifying and remediating leading indicators of insider crime or other negative activity. Be informed in real-time of your workforce challenges to allow you to resolve the issues before the Government recognizes there is a problem.

Remove The Concern Of Employees Harming Your Projects and Your Business

A cleared employee experiencing financial difficulty is unable to pay their credit card bills. ClearForce alerts on the credit deterioration at 30 and 60 days. After a 90-day delinquency alert is received, the ClearForce reviewer initiates our patented workflow. This includes discreet discussions with the employee and his manager. The employee is informed of options and agrees to credit counselling and training, allowing the company to keep a valued employee who might otherwise spiral deeper into debt to the point where he becomes a risk to the project and the company.

Protect Your Company From These and many Other Potentially Disastrous Events

Employees don’t normally decide one day to commit crime in the workplace – there are usually leading behavioral indicators that today go unseen. Whether driven by financial or legal issues employees often look for ways to address the stressors themselves. These “hidden” challenges can manifest themselves in the workplace with no warning. ClearForce’s automated solution proactively alerts on employee risks, heading off potential damage to the enterprise through early intervention. The application delivers near-real time notification of legal or financial behavior that needs to be addressed, whether on or off the customer site. This provides management time to examine and intervene before the issue changes from a risk to a threat and becomes a real emergency.

The Added Benefit Of DSS Audit Compliance 

ClearForce out of the box meets all requirements of the latest NISPOM change-2 mandate for an insider threat program that gathers, integrates and reports on information indicative of a potential or actual insider threat. ClearForce also supports self- and peer-reporting, along with foreign travel tracking. ClearForce integrates with your company’s current cyber, HR, internal security and legal processes to support both a defensive and offensive approach to risk and cost reduction.

ClearForce is ready now to provide 24/7-365 continuous insider risk monitoring

ClearForce Case Study – Insider Risk Management

ClearForce Case Study – Government Contractor pdf-icon-png-pdf-zum-download-2

CLEARFORCE EMPLOYED TO ADDRESS NEW DSS REQUIREMENTS   

Customer Corporation for the past 15 years has been a leading provider of sophisticated technical services to the military and intelligence community. In September 2016, the company assessed options for responding to a US Government requirement that contractors establish and maintain an insider threat program to detect, deter and mitigate insider threats. ClearForce was selected as the preferred insider threat monitoring solution because of its ease of use, minimal resource investment and proven effectiveness.

Implementation required less than a week to full operational readiness, including training the system administrator, inputting employee data, obtaining workforce consent, and submitting a customizable written plan for submission to the US Government. Simply, ClearForce right out of the box addressed all the new insider threat requirements.

INITIAL ALERTS ARRIVED QUICKLY

The first alert arrived within a week, identifying an employee with a new mortgage. Since company leadership knew the employee and was aware of an
impending refinance, the alert was simply dismissed with no need to complete the full automated workflow. Other alerts followed that also required no actions after they were noted and then dismissed by the ClearForce analyst and reviewer
following discussion with the insider threat program senior official.

RESULTS PROVIDED REASSURANCE TO MANAGEMENT

The Customer headquarters staff conducted a follow-up with ClearForce after eight weeks. Feedback was positive in unexpected ways. It turns out that most of the alerts were for employees who are subject matter experts onsite at Government project locations across the country. The headquarters staff did not realize how much they really did not know or how disconnected they had become to these unsupervised employees, who could bring major disruption to operations should they undertake criminal or other negative activities. Said the Customer president: “ClearForce gave us peace of mind, knowing that we do not need to worry about staff operating without direct supervision.” Employees responded positively to ClearForce as well, noting that their managers seem to have more knowledge and understanding following implementation of the product.

US GOVERNMENT AUDIT PROVIDES ADDITIONAL VALIDATION

In December 2016, the US Government performed an annual audit of Customer’s cleared facility and staff. The results were highly complementary to the company, including a notation that ClearForce met all requirement for insider threat monitoring. To include several of the checklist items highlighting ClearForce as a best practice. As explained by one of the auditor, the ClearForce approach to insider threat monitoring really nails the requirement, and will prevent audit findings for other contractors if in place.

SUMMARY

ClearForce was designed from the start to be a cost-effective solution for continuous employee evaluation that also provides corporate risk reduction benefits beyond expectation, reduces administrative time spent on personnel issues, meets all US Government requirements for insider threat monitoring, and offers intangible savings from reduced attrition and higher morale.

 

ClearForce for HealthCare

ClearForce for Healthcare pdf-icon-png-pdf-zum-download-2

The Hidden Risk Inside Healthcare Organizations

Healthcare organizations and providers are coming under increased threat that inside access to patient health records, controlled pharmaceuticals or billing
systems will result in theft or fraud. To confront this increasing risk, much of the focus has been on cyber monitoring and increased background checks. While addressing both has a part in reducing the risk, there remains a significant gap that is unaddressed. ClearForce is unique in its approach to close this gap by providing continuous behavioral monitoring supported by a legally complaint
workflow.

The Risk

1. Healthcare records alone are becoming a highly lucrative target for theft. A        2015 data security Insider Threat report, indicated that healthcare data has become highly desirable to bad actors. Healthcare records sell for tens to hundreds of dollars and are now more valuable than credit card information that sell on the black market for 50 cents or less. The enormous detail available
in patient records make it possible for criminals to not only apply for credit cards or loans, but to generate large profit and gain from fraudulent medical charges.
2. In addition to healthcare records being sold on the dark web or used to commit fraud, healthcare organizations are seeing an increase in the theft of medical supplies, namely controlled drugs being sold for cash. Doctors and pharmacists
with an intent to commit fraud or theft can steal medication by forging  prescriptions or placing phony orders. Nurses with an intent to prosper through illicit activity may “pocket” pills, giving the patient less than the prescribed amount while keeping the remaining pills for personal gain. In the most egregious cases, health care providers steal powerful narcotics by tampering with vials and syringes, potentially exposing themselves and other patients to infectious diseases.

3. Fraud, a crime that is not unique to the healthcare industry is also an issue, is driven by the complexity of the medical billing system between providers and payers. The use of third party clearinghouses to support the coding, approval and billing process opens the opportunity for insiders falsifying billing records significantly.

The Solution

For the most part, healthcare employees don’t decide to suddenly, one day, commit crime in the workplace. Rather, the decision by an employee to engage in illicit behavior is contemplated over a period of time and there are usually leading behavioral indicators. Whether driven by emotional, financial or legal needs, employees often look for ways to address these stressors, and the complexity of the medical workplace and environment offers an opportunity. ClearForce continually monitors key behavioral indicators and through customized triggers can proactively alert organizations to those individuals who have either violated the law, or have started down a financial path that they likely cannot recover from. Additionally, ClearForce centralizes and automates peer, self and whistleblower reports, as well as other internal cyber monitoring alerts that may be in use today.

ClearForce operates with full employee consent, removes judgmental bias through standard job level policy, automates required checks & balances, and provides appropriate levels of anonymity, privacy and security. This industry leading legally compliant workflow supports not only the individual’s rights, it further protects organizations from lawsuits and legal challenges going forward.
Healthcare organizations are coming under increasing pressure and civil liability to protect themselves and their patients from all aspects of insider risk. ClearForce can provide both real-time alerting and compliant, automated workflow to protect an organization and its workforce today.