Preventing the ‘insider threat’ by identifying counterfeit and forged documents when recruiting
A study by the Office of National Statistics (2009) demonstrates the ever changing composition and structure of the UK work force. In particular, the age composition has changed, with emerging trends across diversity and working hours, alongside the changing employment behaviour of students and, in recent times, a growth in the number of foreign/migrant workers.
Added to this a propensity to change the business model by complementing or replacing full time staff with both short or medium term contractors/consultants, the emerging picture is complex and one to which we in the security industries and law enforcement need to react.
Human Resource departments can be under internal pressures to recruit to vacant or emerging posts quickly, depending on the strength of the business requirement. The balancing act between running an effective, efficient and profitable business and maintaining security is always a challenging one.
Consequently, managing the risks at the beginning of the recruitment process is enormously challenging, but help is at hand.
Importance of identity awareness
The value of counterfeit and forged documents in terrorist activity has been widely acknowledged by a range of AQ-linked terrorist groups for many years. Document abuse affords operatives and facilitators an additional level of cover and access when planning, preparing for and executing terrorist attacks, with additional opportunities around concealing their true identity, past criminal activities and previous travel patterns which could ordinarily be of concern. This is exemplified in a previously captured Al Qaeda training manual which highlights the value put on the acquisition of identity documents (and counterfeit currency) over and above other parts of planning logistics.
The 9/11 Commission Report, published in 2004, reiterates the value of documents to terrorists, stating they are as equally important to operations as weapons.
It also recommends that any individuals within professional organisations who look at documents on a regular basis (e.g. Human Resources or Security personnel) should have some knowledge of identity documents. The examination of any identity document requires a certain amount of understanding of the security features contained within documents. It was recognised that awareness training for relevant organisations’ staff in the skills needed to assist in detecting counterfeit or forged documents would be of significant use in combating the threats posed by this activity.
Improving identity awareness
In response, Operation Fairway, which sits within the Metropolitan Police’s Counter Terrorism Command at New Scotland Yard, developed a free of charge Document Awareness Workshop to be delivered nationally across the CT network. This workshop, which comprises two and a half hours of counterfeit and forged document detection training, equips staff with the skills they need to identify such documents at the pre-employment phase of recruitment, and with the knowledge they need to refer any incidents on to the police for further action.
The City of London Police Special Branch recently delivered a number of CT Awareness Presentations to staff from a wide range of City businesses and premises, which comprised both a ‘taster’ document awareness session, an input on the ‘insider threat’ posed by individuals who gain employment for nefarious purposes, and a presentation on the value of the Prevent engagement programme (a national initiative to prevent or divert people from radicalisation and extremism).
The ‘taster’ document awareness input focused on various forms of forged and counterfeit passports and driving licences Delegates were shown a number of common security features which members of HR and security could quickly and easily examine with little or no special equipment, in order to identify if a document was legitimate or not. Participants also had the opportunity to practise their new skills on a selection of both genuine and fraudulent documents, which served to cement their new knowledge.
In support, other partners also delivered an input on the ‘Insider Threat’, illustrating the operational, financial and reputational damage that can be caused by a member of staff using their legitimate access against their own organisation.
The presentation itself focused on the threat posed by employees who deliberately gain employment with the specific intent of committing an insider act, through to people who become disgruntled, after they have gained employment or been recruited by a third party, whilst working within a company and are motivated to commit an insider act. Common motivations for insider acts are personal gain, seeking recognition or revenge. Participants were shown how to identify areas of vulnerability from a line manager’s perspective and advised on how businesses can mitigate the insider threat by a combination of understanding the risks, undertaking robust pre-employment screening, demonstrating good line management and having an embedded strong security culture.
Recent case studies from the City of London Police demonstrate the potential problems.
Case study one – a person was employed by a City-based company and hired through an agency. The assumption from the employer was that checks on bona fides were the responsibility of the employment agency. However, this was not the case. The person left after a very short period of time having committed a serious criminal offence against the company. All employment documentation provided was false, including passport and birth certificate.
Case study two – a person was employed for a short period of time on a ‘non-contractual basis’. An internal incident occurred at work and on examination of his application it was found to contain serious anomalies, such as a ‘care of’ home address and different handwriting throughout sections of the application.
It’s vital we all make it harder for criminals to pose a threat to us through gaining employment without us knowing who they are, so the risks can be mitigated.
A very simple, but highly effective investigative checklist of ‘ABC’ could be utilised:
- Accept nothing you are being told or provided with as genuine;
- Believe nothing you are being told or provided with until you have;
- Check everything you reasonably can.
If you would like any further information about this article’s content, please contact firstname.lastname@example.org from a company e-mail address.
Paul Barnard, Detective Superintendent, City of London Police (at time of writing)