For all employees, irrespective of their system access, pre-employment and background checks are a good first step.
Be clear with new starters on how you can and will verify pre-employment information and conduct background checks. You should also include a dispute process to identify incorrect information from these checks.
Identity should be established using a recognised form of identification, such as an Australian state or territory driver's licence or Australian passport.
Police records checks are obtainable through State and Territory police forces.
You can check referees and previous places of employment.
In addition, there are firms that specialise in doing background checks on individuals.
You could also consider ongoing, periodic checks to ensure that you employees' situations haven't changed.
For more information and mitigation strategies, read the Australian Government's Managing the insider threat to your business---A personnel security handbook.
ICT staff have powerful access, and can often bypass access controls and audit trails.
In the Australian Government these roles are known as 'positions of trust' and require a security clearance.
If your business is big enough to have its own ICT staff with this level of privileged access, you should make sure they have a high level of integrity.
Improve staff education
Make staff cyber security awareness a priority in your organisation.
Documenting and training staff in business activities helps drive a clear and shared understanding of expectations and culture. Educating staff on the business and the risk environment it operates in is key to this outcome.
Cyber security documentation loses its value if staff are not made aware of its existence and use.
Make staff aware that they are responsible for activities under their logon and the importance of protecting their logon from misuse.
For example, staff should be made aware of the importance of:
choosing a strong password
not sharing their password/logon details with others
either remembering their password, or ensuring it is securely stored so others cannot access it
locking their computer or device when they leave their desk.