Insider threats are common from an employee sabotaging equipment or deleting data to tampering with items. This can happen when the employee believes their grievance has not been addressed, when they have a conflict with other employees, or when they are leaving the workplace and might have the desire to “get back” at the agency.
These threats span from entry-level employees to leadership. A law enforcement agency had an incident in which an insider threat was realized. A leader in the department announced his imminent departure to another agency. A replacement was appointed. After the leader departed his successor discovered that the former leader had shredded reports, evidence transmittal sheets, and destroyed or breached the integrity of evidence in cases made by his successor.
No known animosity was known by anyone within the agency between the two employees. The tampering was only discovered after the successor was in office for several weeks. Although this damaged more than a dozen cases, none involved crimes against persons and only involved drug-related crimes.
An internal investigation was conducted, and the results were turned over to the district attorney and state investigative agencies. The agency now has a policy that employees who announce their departure have their computer access limited or revoked, and keys/key cards are retrieved, as occurs with employees who have been disciplined.
Other remedial steps included restricting the authority to delete or access sensitive files to those with a valid “need to know.” Handling evidence now follows the “two-person” rule where two individuals must have separate combinations to the evidence vault and two persons must handle evidence. Checking out evidence for court or transmittal for analysis requires a third person of supervisory rank.
Although these procedures appear cumbersome, they ensure the integrity of evidence and electronic data. Security audits of workspaces, emails, texts, and other communications occur randomly. Vehicles are inspected by supervisors on a random basis for the same issues.
Access to sensitive and protected information is also audited frequently as employees may be solicited for this data by those willing to pay large sums of money for the information. One area agency experienced an employee “selling” his profile and password to a person who paid a substantial amount of money to have access to a database.
This employee suffered not only termination, but also criminal prosecution as did those involved in the scheme. If an agency handles personally identifiable information (PII), robust procedures must be in place to ensure that the information is handled properly and protected. Some states have enacted laws to coincide with existing federal laws regarding protection of PII, reporting of intrusion and potential theft of the PII, or misuse by an employee of PII. These events are not only embarrassing, but also subject the agency to liability.