Organisations that improve their information security usually take measures to tighten company procedures, enhance the protection of their systems or even limit the physical access within their office. One crucial element of information security is often overlooked though: the human factor. In the end, even if all other procedures and systems are fully secured, your information could still be vulnerable through the people who have access to it.
When people or organisations try to acquire your most essential information, developing a bond with your employees is a proven concept. As a result of our decades-long experience in the world of intelligence, we know exactly how this works. The prime challenge is finding out what would motivate your employee to share this information.
These motivations can be categorized in four indicators, which together form the acronym MICE: Money, Ideology, Coercion and Ego.
Is someone overly ambitious? Persuading this person by using his ego could do the trick. If the employee has a debt he can’t get rid of, a simple bribe might be enough. This method, in which criminal actors or competitors gain access to your information by persuading your employees, is called social engineering.
Most of the time, agencies that conduct screenings use repressive methods to find out which motivation could trigger an employee to share information. They treat your employees as suspects who are out to hurt your organization. The problem with this approach is that it is almost impossible to maintain a healthy work environment alongside the screenings. Instead of creating a team that works together to prevent information theft, you will turn your employees against your company and its management. As a result, such agencies do more harm to your information security than good.
Our approach
We don’t believe in such an approach. Based on our experience, we can say that improving your employees’ resilience against the threat of social engineering is more effective. In order to do that, our screenings are conducted with your employees and not against them.
Our screening starts with a background check in which we:
- scan social media exposure;
- scrutinize his/her professional profile;
- validate personal information;
- examine entries in sanctions and watchlists;
- scrape the dark web for leaked passwords.
Based on the information derived from our background check, we conduct an integrity interview based on openness and transparency. Instead of criminalizing your employees, the interview will have a cooperative and constructive nature. We discuss the vulnerabilities that we have identified and allow the interviewee to elaborate on the MICE factors relevant to him/her.
After the interview, we will provide a report including the vulnerabilities of the employee and his/her personal profile. The report is discussed with the employee in order to show their vulnerabilities and provide ways to counteract these.
By screening people our way, we make them resilient against social engineering. Getting them in touch with their personal vulnerabilities while at the same time giving you a steering tool in promoting information security within your company. Thanks to our global network, we are able to screen employees of all nationalities and everywhere in the world.
By relying on our experience in the world of intelligence and special operations, we can help you protect your team from information loss. Interested in our approach? Let us know by filling in your information below and we will be in touch as soon as possible.