Organisations often emphasise using the right technology for insider threat management, but paying closer attention to an employee's mental health could be just as important for preventing insider threat incidents.
According to the World Health Organisation, depression and anxiety in the workplace are on the rise, and are estimated to cost to the global economy is $1 trillion per year in lost productivity. Beyond productivity alone, tragic incidents such as the recent Seattle plane theft are drawing attention to the need for an increased emphasis on employee mental health, as well as insider threats.
Workplace Stress and the Signs of Insider Threat
In some cases, employee depression or workplace stress can become a major cause of insider threats -- whether they’re malicious or accidental.
Over time, organisational conflicts like disagreements with managers or poor performance reviews can also add up, causing an employee to become disgruntled and potentially look to retaliate against the business. These types of insiders may look to cause harm by exposing IP, trade secrets, or sensitive information. In cases of extreme depression, an employee at risk of suicide may feel as if a workplace incident is warranted.
In other scenarios, employees may be under significant financial or personal stress, which may lead them to believe that stealing valuable data (i.e. data exfiltration) is an easy or quick way to make more money. For example, employees may feel that they are inadequately compensated for their job, or may be looking for a quick win to help in times of financial hardship. Stress in someone’s personal life such as a death or divorce could also be a powerful factor in deciding to steal sensitive corporate data.
With any of these cases, an organisation-wide approach to management training on mental health could prove to be extraordinarily beneficial in the long-term when it comes to both employee wellness and insider threat prevention.
Positive Effects of Management Training on Mental Health
Direct line managers have the most day-to-day interactions with their employees, and should be equipped with the resources they need to provide the necessary support and training.
In recent years, there have been more and more studies dedicated to understanding the potential positive impacts of mental health training in the workplace.
For example, a recent Quartz article cited an interesting study from The Lancet Psychiatry showing the benefits of giving managers just four hours of training on mental health. After six months, the managers’ direct reports had an 18% reduction in work-related sick time off (while the control group had a 10% increase).
Based on this reduction in time off, Lancet’s cost-benefit analysis stated that every dollar invested in mental health training produced a $9.98 return. Considering that 35% of employees in a recent study of 17,000 American workers said they “always” miss three to five days of work a month because of workplace stress, this type of training could potentially signal a major improvement in employees’ well-being.
Other research from Mental Health First Aid at Work found that after completing one of the organisation’s “First Aid” training courses, employees reported a 67% increase in their confidence to recognise the signs of mental health challenges. In addition, employees experienced a 47% increase in connecting a distressed person to the appropriate resources, in accordance with company policy.
People-Centric Insider Threat Management
Embracing a people-centric insider threat management strategy is key to giving employees the support they need, while protecting the organisation’s sensitive data. Beyond management training on mental health, if the cybersecurity team has visibility into user activity, they can keep an open dialogue with line managers, and the HR and legal teams.
Having a holistic picture of what’s happening in the organisation can help managers read some of the early the signs of insider threat and address them before they become larger issues. For actionable steps on how the cybersecurity team can participate in ongoing employee coaching, check out our latest coachable moments post on recognising insider threat indicators.