She sat across from the interview table and it could be seen from her poor physical health that this young woman had committed the fraud upon the bank due to a drug habit.  The long sleeve top she was wearing hid the injection scars and her withered veins destroyed by the drug she was using.  It was not difficult to identify the new point of entry for her habit.  One of her eyes was blood shot and looked off centre.  With no more veins to pick in her arms, legs and feet she needed an entry point that would enable a successful and quick hit.     

Her personnel file recorded she was in her early twenties but she carried the wear and tear of someone twice her age.  According to her manager she was a great worker. She paid attention to detail, was extremely focused and never needed to take a break including lunch often relieving for other staff to enable them to eat during peak periods.  It was the amphetamine she was injecting that gave her the stamina to work harder, longer and with greater concentration than her colleagues.  Over a period of months as she relieved staff in key areas of the bank and learned the various processes, she was able to put in place her scheme that defeated all internal controls and resulted in the fraud.  But no one would believe she did it because she was such a nice person and so productive. Her co-workers were surprised to learn she was a drug addict.

That incident occurred over 30 years ago and while it is a good example of the threat posed by drug addicted employees it highlights two issues.  The difficulty in detecting an employee with a substance abuse problem without direct management intervention and how a drug addiction will drive a person to find ways to circumvent internal controls including the manipulation of the people around them. 

The loss in that case was money.  That incident occurred in an era when information was held by an organisation in manual form and in a non computerised records system, access to a large amount of sensitive data by any one individual was rare.  But today, business is different.  The evolution of the digital age has brought significant productively benefits and outreach for all organisations.  For local and global companies the world is now their market.  But it has also created different risks. Information and funds are more centrally controlled and have to be protected by new systems.  And while the barriers preventing unauthorised access to funds and information are significant, the weakest link is still the human factor.

Adding to changes in the business environment bought on by digitalisation have been changes to illegal business operations.  Organised crime has evolved too.  New and more sinister drugs are being marketed today in addition to the traditional hard drugs of heroin and amphetamine.  With the latest drug scourge being methamphetamine or “ice” which is a global problem.  And the threat from drugs while being discussed at national and international levels of government does not appear to have reached the boardrooms of many medium to large companies.  Few directors understand the threat posed to their business by organised crime.  And fewer still are asking themselves who is consuming the billions of dollars in drugs sold globally each year and do any of them work for their company?  Company directors are holding the mistaken view that drug consumption occurs somewhere else and is undertaken by other people but not by their employees.

Drug addicted employees are a major threat to any organisation but particularly to those that hold financial assets and information.  Information is shaping as being the biggest asset that many organisations possess today.  It comes in many forms, from national security data for those involved in defence contracts to valuable information about customers and customer behaviour which organisations are using to gain a competitive edge.  All information has a sale price. It is valuable not just for the organisation holding it but also for competitors, organised crime and national and foreign governments.

Putting aside the threat posed by drug addicts who need funds to feed their habit, they can and are subject to manipulation by any of those external interest groups, but particularly by criminal groups.  Employees who use narcotics easily come to the attention of crime gangs.   Organised crime lieutenants prey on unsuspecting victims who buy and or use narcotics in popular distribution centres such as night clubs.  Once targeted, employees are threatened or blackmailed into covertly working for criminals. Organised crime has a global reach and any large national and international company is a prime strategic target for criminal groups.  Infiltration of these companies can be achieved by corrupting current employees or recruiting corrupted graduates to work in targeted organisations.  But penetration is made easier if the employee has an illicit drug problem.

So what should an organisation do to protect itself?  One measure that it could introduce is mandatory random illicit drug testing of all potential new employees, current employees and all contractors who have access to a company’s premises, assets or information.  While a number of companies have adopted compulsory drug testing it has usually being introduced from a health and safety perspective, not from a security perspective.  Compulsory drug testing is common in the mining industry but not in other industries.  No one would want a drug addicted surgeon operating on them.  Or an addict addicted to amphetamine or methamphetamine managing a large investment portfolio, foreign currency trading transaction or a large commercial project. But Anecdotal evidence suggests that illicit drug use amongst high income or highly stressful occupations is common.

It is acknowledged that enhancement of any internal control measure comes at a cost.  And if it is not cost effective to drug test all employees and contractors then all workers who occupy high risk positions as deemed by a risk management plan, should be routinely randomly tested for the presence of illicit substances.

If illicit drug testing is implemented all board members should submit to a regular test and ensure that their participation receives wide publicity throughout the organisation.  It demonstrates commitment to the program and to the core values of the company.  And every time an employee undertakes a random drug test, the procedure reinforces in them, company values.

Drug testing together with an effective whistleblower program; employee declarations of past drug use and past and current affiliations with criminals and crime groups is recognition by senior managers that it understands all the risks facing the business and is taking action to mitigate them. 

While some company directors may be more concerned about privacy, a greater area of concern is the risk that illicit drug dependant employees pose to other employees, to customers and to the organisation.  Those needs far outweigh individual privacy issues.

Sophisticated investors, shareholders and customers are becoming more concerned about the safety of their investments and the information an organisation holds about them.  They would be unforgiving of any company director or manager who failed to properly assess all of the risks and take appropriate action to mitigate them.