Is TOM Hiding in Your Workplace? 

Written By Samantha Michel

Protecting Your Crown Jewels 

Every organisation has its “crown jewels”—the assets most critical to success and most attractive to adversaries. These include: 

  • Financial resources 

  • Intellectual property and proprietary systems 

  • Sensitive data 

  • Decision-making processes 

Today, these assets are at risk not only from fraud and misconduct but also from insider threats and foreign interference. Protecting them requires vigilance, structured controls, and a culture of accountability. 

Meet TOM: A Risk Equation 

TOM is not a person. TOM is an equation: 

TEMPTATION + OPPORTUNITY = MALPRACTICE 

While temptation cannot always be eliminated—you cannot fully predict every individual’s motivations—opportunity can and must be reduced. Interrupting this equation helps prevent misconduct, whether it manifests as fraud, policy breaches, or collusion with external actors. 

Understanding Temptation 

Temptation arises from personal, organisational, and external pressures. Leaders should consider: 

  • Personal factors: financial stress, disengagement, or life changes 

  • Organisational signals: unclear values, inconsistent leadership, or uncertainty 

  • External influence: adversaries attempting to recruit, coerce, or plant individuals within the organisation 

The key question for leaders: Are we supporting our people—or inadvertently creating vulnerabilities others could exploit? 

Reducing Opportunity 

Opportunity is shaped by the strength of systems and controls. In the pre-pandemic workplace, leaders could detect subtle cues—changes in morale, behaviour, or team culture. Today’s hybrid and remote work environments make these cues harder to perceive, heightening the need for structured preventative and detective controls

Preventative Controls – aim to stop malpractice before it occurs: 

  • Segregation of duties and approval workflows 

  • Role-based access management and regular privilege reviews 

  • Thorough vetting, onboarding, and due diligence for staff and contractors 

  • Clear policies, codes of conduct, and reinforcement of organisational values 

Detective Controls – identify when controls have been bypassed or unusual activity occurs: 

  • Continuous monitoring of systems and user behaviour 

  • Data loss prevention (DLP) and insider threat detection tools 

  • Independent audits and spot checks 

  • Whistleblower and confidential reporting channels 

By using both preventative and detective measures you may reduce opportunity to the lowest practicable level. This may assist you disrupt TOM before malpractice can take root. 

Warning signs that controls may be failing include: 

  • Sudden behavioural or performance changes 

  • Irregularities in reporting or financial records 

  • Unusual data access or system activity 

  • Growing secrecy or disengagement 

The Call to Action 

Insider threats and foreign interference are not theoretical—they are active, evolving risks. Organisations must continually assess controls, monitor behaviour, and foster a culture of integrity. 

By understanding TOM, leaders can better protect their crown jewels, sustain resilience, and preserve trust. 

At Tigertail Australia, we help organisations safeguard people, assets, operations, and reputation. With over 150 years of combined expertise, our team equips clients to prevent, prepare, respond, and recover—building confidence in both everyday operations and times of disruption. 

Talk to us about identifying TOM in your workplace—and staying one step ahead. 

Samantha Michel
Next

Supply Chain Resilience in 2025 – How Deep Do You Go?