Tackling the insider threat: Best Practice Guidelines for Retailers is the title of a 22-page document from the trade body the British Retail Consortium (BRC). You can read it free as a download at the BRC website.
The document was launched at the BRC’s annual crime conference in central London. Its author, pictured, is Laura Davies, the crime policy adviser at the trade association, who chairs the heads of security committee of the BRC.
She told Professional Security that while the official Centre for the Protection of National Infrastructure (CPNI) offered advice, she questioned if small and medium enterprises have policies and procedures in case of the insider threat. Hence the guidelines to help retailers of all sizes protect themselves against malicious activity from inside their organisation. As the BRC says, a member of staff, contractor or supplier can betray the trust placed in them to exploit their privileged access to the business for their own ends.
The Insider Threat Guidelines set out some steps to help retail businesses assess the threat, identify indicators of high risk behaviour and consider what physical and cyber security measures they should have. Covered is what the threat could look like (such as leak or misuse of confidential information,or refund fraud from the tills or other internal theft); risk assessment, including links to downloadable templates; developing a ‘security culture’, so that security is an integral part of the business; ‘identifying indicators of at-risk behaviour; cyber-security policies; and physical security controls; and lastly how to respond to an insider incident.
Tom Ironside, BRC Director of Business and Regulation, said: “Security is often approached in terms of protection against external threats. Whilst the vast majority of employees are honest, retailers also need to think about where they may be vulnerable to malicious activity by those with inside access to their business. Whether this is theft of stock, complex fraud or a cyber data breach, businesses must be alert to such potential threats from within. The impact of an insider incident can be significant, resulting in damage to the organisation’s reputation and staff morale, as well as financial loss.” – See more at: http://www.brc.org.uk/.
