如果你是公司的安全主管、内部法律顾问或职能主管(例如.g., HR, IT, Operations) engaged in helping to manage the risks associated with insider threats, 您可能没有意识到,反内部威胁(CIT)计划的重点和目标之间存在着越来越强大的联系 workplace violence prevention (WVP) programs.
On the surface, the drivers and response to insider threat and workplace violence prevention programs 可能看起来很不一样. 然而, they share similar predicates to the threat actions. “内部威胁 是由利用可信赖途径对本署设施造成损害的人士所提出的, 资源或人员,博士说。. Brad Millick, Director of the U.S. 国防部反内部威胁项目隶属于国防部情报部副部长办公室. Workplace violence results in harm to people, places and reputation. 由于肇事者可以进入雇主的设施,这两种威胁都被放大了, 资源与人员.
预防是关键 安全重点 when dealing with either insider threats or workplace violence. 用于解决这些风险的安全框架将根据所呈现的威胁的动态性质继续发展. 世界各地的公司越来越依赖于远程技术和移动办公地点,他们仍然在努力实现开放, 邀请支持协作的工作空间,同时提供针对有害参与者的安全性. 以下是彩宝网平台认为合并这些程序可能有利于公司和员工安全的一些原因.
The Driving Factors are Often Similar
Disgruntled employees often act out in the workplace, displaying behavior that can represent warning signs that benefit from intervention. Problem employees who progress to insider threats or workplace violence share similarities in that they harbor grudges associated with the work environment. They may have a predisposition to such behaviors as well as the focus, motive and means to carry out the threat.
通常在人力资源政策下处理的行为和报告包括大喊大叫, 侵略, withdrawal and other inappropriate work behaviors, 包括由于管理不善和其他行为导致的表现不佳和项目失败. 不按标准行事的个人可能经常感到自己受到不公正的迫害或被单独挑出来, 他们对工作场所压力源的反应可能与情况不相称. 他们可能会开始孤立, believing that they are unfairly targeted and unsupported by the work environment.
认识到潜在的有害后果导致了需要报告的政策. 彩宝网平台经常建议客户培训他们的员工,让他们注意到同事或工作场所的其他行为,并将这些问题报告给人力资源部门, 他们的经理, or a designated hotline to identify potential issues and provide for intervention. 然而,这些干预措施往往只侧重于预防工作场所暴力. 彩宝网平台认为,当发现此类行为时,企业应寻求扩大审查范围,以解决潜在的内部威胁, as both types of behaviors can damage the company.
预防是关键
防止事件发生,无论是内部威胁还是职场暴力,都是理想的结果. Grounding prevention programs in education, vigilance and sound response systems reduces overall risk and harm. Shared prevention strategies include educating employees on the warning signs, encouraging them to report their concerns, maintaining a database of those concerns and documenting response actions. 确保对报告的行为进行审查并验证数据实践可能有助于减少已知风险的危害.
While not often observable, concerning behaviors present for the insider threat. 这些包括, 例如, downloading or accessing substantial volumes of data, attempting to log in inappropriately, accessing sensitive data without authorization, and seeking to expand access beyond appropriate job parameters. While these activities are not normally precursors to violence, they can certainly harm your company, 人员和资源.
Engaging with problematic employees through support, 有组织的重点和多学科资源也是一项健全的预防战略. Offering potential solutions to issues, 为员工寻求帮助,有时只是提供一个声音板,这些都是重新引导员工注意力和减轻他们挫折感的第一步. 积极的互动可以减少有害行为的可能性,并允许管理团队长期评估行为, ideally as a matter of improved interaction and performance. 如果你的员工感到受到重视,你遭受内部攻击或职场暴力的风险就会降低.
比起内部威胁,员工更可能报告对职场暴力的担忧
整体安全结构的一部分是确保认识到导致工作场所问题行为的压力源和环境. If employees feel that your goal in receiving reports is to intervene and mitigate, 而不是终止, they may be more supportive of reporting. 教育 on what such behaviors may look like is a start to improved intervention.
当员工觉得自己在帮助个人或同事时,他们更有可能报告安全问题. 然而, 员工在报告内部威胁时有时会感到矛盾,因为没有暴力的可能性,而且风险似乎更低. 你的员工需要知道你的目标是干预和改变有害的行为.
即使彩宝网平台将重点转移到分享内部威胁和工作场所暴力问题上, 由于工作场所暴力问题而对员工进行的任何审查都应包括对其数据访问和管理的审查,以评估潜在的内部威胁. Intervention and mitigation strategies can work to prevent either or both risks.
三思而后行
If your duties involve managing risks to your organization, think twice. 在适当的时候,向你自己、你的同事和你的团队提出一些棘手的问题. Recognize that prevention is a mix of identification, intervention and redirection. 提高人们的意识,即内部威胁行为者和实施内部暴力的人往往有着相似的动机. 如果人力资源干预和审查认识到这种潜在的联系,并将数据使用作为任何威胁评估和工作场所干预的一部分, you’ll help ensure your workplace remains safe, 安全高效.
Learn more about how Jensen Hughes can help your organization identify and manage insider threats 建立有效的 workplace violence prevention programs.
