The Current Approach
Organizations often perform pre-employment background checks to identify behavior that could adversely impact an employee’s ability to do the job, jeopardize the safety of other employees, or introduce significant business risk. The same behaviors which may have disqualified someone prior to hiring may occur during employment and most businesses are never aware.
Insider risk management is often limited to the cyber domain. Many organizations build increasingly sophisticated electronic fences around data, digital assets, and cyber networks using electronic monitoring of employee activity and internal communication, while on work networks or devices. Many organizations simply view this employee risk through the lens of careless keystrokes or poor cyber hygiene and attempt to solve through training and procedure.
However; limiting access is simply the final defense and not all human risk is driven by error.