City Security Magazine Spring 2023

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

David Carrick – Learning from the missed opportunities

environment allow Carrick to continue a path of abuse? A report from 2021 by the Her Majesty’s Independent Inspectorate of Constabulary and Fire and Rescue Services (HMICFRS) noted that a culture of misogyny, sexism, and predatory behaviour towards members of the public and female colleagues persists across many UK police forces. It’s likely that the strength of the culture in the environment impacted on policy, procedure and process being implemented effectively.

Disjointed management action and siloed information

This environment and culture appear to have absorbed additional complaints from members of the public regarding Carrick’s behaviour, and investigations by other police constabularies. Although some were dealt with by “management action”, clearly this didn’t result in all dots being joined up across different business areas to indicate behaviours of concern that should have been investigated. This unfortunately is not uncommon: almost all insider acts when investigated show the organisation had lots of information about the individual that they could have acted on earlier to potentially prevent further actions, it but it was all held in siloes rather than being joined up.

How can you address similar risks in your organisation?

There is no sticking plaster to fix this; real change that stops counterproductive workplace behaviours takes time and continuous risk management. It requires honest discussion and reflection of our organisations’ (and our individual actions) current landscape. It requires people to listen and act, to make difficult decisions. It means

© CITY SECURITY MAGAZINE – SPRING 2023

talking to offenders to understand how the organisation’s environment and culture encouraged their behaviour.

Understanding the extent of the problem is key – having multiple different names for insider risk, dealt with by multiple different teams (fraud investigation, anti-corruption, poor performance) makes the siloes deeper, and provides more opportunity for insiders to exploit. Below are some initial areas to consider:

Assessing the insider risk factors

Insider risk professionals assessing risk must of course think about the external threat actors that use insiders: state actors, serious organised crime etc. They must also consider the following internal threat factors:

• Does the work environment create lots of opportunity and means for self-initiated insider activities?

• Does the current culture of the organisation have the potential to motivate insider activity?

From a recruitment perspective, consider:

• Whether the current environment and culture acts as a beacon to prospective employees with unsuitable motivations, and

• Whether it actively puts off good candidates from applying

From an HR perspective, consider:

• How personal data is shared securely to prevent siloes

• How we track and follow up on those who have been assessed as carrying risk

• How we train and support managers to deal with poor performance and misconduct

Security Providers Advertorial >

From a training perspective:

• Secure by design – building in the right messages from day one about what is expected and the consequences

From a governance and senior leadership perspective, the considerations should be:

• The cost of investigating (time, financial consequences)

• The reputation of the organisation and its leaders

• Impact on day-to-day delivery of services if you continue to do nothing but react to these types of insider activities

• Recognition that increased reporting is not a bad thing (the press may see it differently) but instead it shows that culture and the environment is shifting, and staff (and the public) feel empowered and confident that the appropriate actions are being taken.

We are fortunate in the UK that most of our public servants, those that hold a position of power do so with the utmost respect and due diligence required to carry out their functions in a lawful manner for the wider good of our society. They should not have to be tarnished by the few that actively seek to abuse those powers, because a work environment and culture actively supports this type of behaviour.

Sarah Austerberry Au Security Consulting

www.ausecurityconsulting.com

16

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36