Insider Threat Investigations: Considerations for Employers to Effectively Manage the Threat

“Insider threats” can come in various forms — fraud, embezzlement, theft of confidential information, failures to follow policy, and more.

Employers regularly face threats to their businesses, but when the threat comes from within, a sense of crisis mode kicks in more swiftly and frequently. Crisis mode, though, can be damaging to the business and may lead to mistakes when managing the threat.

What should employers do to avoid crisis mode when facing an insider threat?

First, when a report of an insider threat is made, be sure to inform either the compliance officer or in-house counsel (or both).

Second, consult — and consider retaining — outside counsel. Experienced outside counsel will provide a 360-degree analysis of a threat and can help map out and implement a crisis management plan, including crisis communications. Working with outside counsel also helps protect the attorney-client privilege, including when engaging any necessary consultants, and provides credibility and independence to an investigation. Outside counsel are also skilled in conducting investigations and recommending remedial measures. 

Third, assess the alleged threat. Insider threats come in all forms; some are malicious, but others are not as nefarious and can be the result of a mistake or ignorance. Malicious threats raise additional considerations and may require a different investigative approach.  

Fourth, outline an investigation and action plan. Take the time — even if it is just a bulleted list — to identify the scope of the investigation and the goals of your inquiry before going down the path of interviews, massive e-mail reviews, etc.

Fifth, do not forget or overlook the basics. One example of this is document preservation. Take immediate steps to preserve documents and information relevant to the alleged threat. Another example is confidentiality. Be sure to maintain confidentiality over the investigation and those involved to the extent possible. Put effective measures in place to help ensure confidentiality. 

Sixth, review and analyze relevant policies, procedures, and contracts. In a crisis situation, employers may often overlook their own processes or contractual obligations. Take time to identify any policies, procedures, or contracts implicated by the alleged threat. Follow company procedure regarding investigations. For example, determine whether there are notice requirements before taking adverse employment actions.

Seventh, identify any regulatory reporting obligations. Certain insider threats implicate reporting obligations to various government agencies or oversight boards; be sure to consider and analyze whether they are mandatory or not.

Eighth, consider the rights of the person who reported the alleged wrongdoing. Whistleblower protections could be at play for those who report the alleged wrongdoing. Ensure retaliatory acts are not taken in response to a good faith report of wrongdoing.   

Finally, do not be hasty in taking action and document in some form the steps taken in response to the threat. Even though it may seem like the crisis, calls for immediate and quick action, an employer should slow down and consider steps 1-8 above. Following these steps — even just briefly — can help avoid mistakes and further damage to the business.