I think there are a few. Typically, we would call that the “insider threat” side of things, where somebody who's going....
There are a few ways to do this. Number one is actually the credentials that we talked about earlier—making sure that people can do only the things that are absolutely necessary as part of their jobs, from the IT perspective.
The second one is having a program to look for these types of activities, things that start to spike. If we're a business, we tend to look at fraud detection as something that's being done to us from the outside. Sometimes fraud comes from the inside as well. There are internal losses and things like that, so it's about using some of those tools on the inside.
The third is one of the things with insider threat—and there are colleagues in the government who are probably better positioned to talk about this. It is the care of employees, so that if they get into situations where they turn to crime, there is a better outlet for them. Part of that is how to give them another outlet when something's going badly.
Certainly, from the intelligence side of things, from the CSE internal side, we've spent a lot of time on our internal security program to help our employees so that they don't ever get into situations like that, to manage the insider threat. It's always something you have to be vigilant against, and it is something that is typically overlooked. We don't like to treat our employees like they're criminals.