Rogue Employees and How To Stop Them
Technological advancements have, without a doubt, had a positive impact where your business is concerned. But they have also led to hacking, data breaches and the likelihood that rogue employees will use tools to jeopardize the security of your data.
What is a Rogue Employee?
A rogue employee undermines your business by ignoring rules and policies. They might openly break these rules, without concern of being fired, or covertly subvert them to prevent from being discovered.
Their actions might be relatively harmless or serious enough to pose a risk to the security of your data. In the worst-case scenario, a rogue employee will attempt to undermine your organization by giving your data to a competitor or engaging in corporate espionage.
The rise of BYOD in businesses, where employees are allowed to use their personal devices at work, and mobile apps and cloud-storage solutions, provides the rogue employee the vehicles to do his “dirty work.”
There are three types of rogue employees:
1. The ambitious, resourceful and independent individual: These rogue employees are driven to get a job done, even if it’s illegal. They’ll stay up all hours to find a way to circumvent your rules–rules they perceive are obstacles that just slow them down. They view these rules as only for less capable employees and resent having to comply with them. These rogue employees can be dangerous to your organization because they are so capable.
2. Disgruntled employees with access to highly confidential data: This employee pushes boundaries so they can be involved in as many processes as possible. However, as they get access to more systems your risk mounts. They hold a grudge and want to do you harm in the end. When they quit or are fired, they may steal proprietary information and leak it.
3. Negligent employees: These employees disobey rules and protocols because they’re either incapable of understanding and following them, or they’re just plain lazy. These are the individuals who leave their login IDs and passcodes on sticky notes pasted to their computer monitor or share sensitive data in emails for whatever reason. They aren’t trying to harm your business, they just have no idea how dangerous this behavior is.
An example of a disgruntled rogue employee succeeding in their effort was when president Donald Trump’s Twitter account briefly went offline in November 2017. Twitter learned that it was a departing employee (contractor), who took advantage of his last day to do this.
How to Stop Rogue Employees From Harming Your Business
Constant monitoring, Security Awareness Training, and more severe access restrictions are all strategies you can employ to stop rogue employees.
Monitoring
As an employer, you have the legal right to track Web surfing, emailing and other activities by employees using your company computers. Monitoring will protect your business from harm, and affirm that employees are complying with your regulations and policies.
Two-thirds of companies that employ monitoring have fired employees for infractions according to research conducted by Nancy Flynn, Executive Director of the ePolicy Institute. She believes that general monitoring for electronic abuses (with employees’ knowledge) is necessary.
“It’s a fact of business life that legal risks exist, regulatory risks exist…Employees will put your business at risk accidentally or intentionally. You need to mitigate those risks.”
Training
You must teach your employees how to minimize the risk of data falling into the wrong hands:
- Explain the warning signs of a cyber attack, and how to spot phishing and ransomware attempts, and other suspicious activities. Explain what they should do when these threats come across their computer screen.
- Set up mock “phishing” emails to see who takes the bait. This will teach employees to better scrutinize emails.
- Make sure all employees are thoroughly trained on the security for their individual computers.
- Explain to employees that a data breach could mean the loss of their job.
- Install and deploy technology that will detect and alert employees when they are doing something they shouldn’t on their computers.
Access Restrictions
Install and deploy Identity and Access Management (IAM) software. This automatically grants access to resources on an “as needed” basis. This will prevent rogue employees from accessing the information they shouldn’t.
These solutions will provide you with centralized visibility and control so you can actively monitor and measure the risks inherent in your IT system. IAM software manages identity authentication, access policies, user account privileges, role-based user provisioning processes, automated workflows, and rule-based group policies.
The implementation of this type of software can be complex especially when access decisions are coded into business applications. Your IT Managed Services Provider can help you with this.
Constant monitoring, Security Awareness Training, and more severe access restrictions are all strategies you can employ to stop rogue employees. Although, unless you protect the privacy of your data, these will only alleviate the problem to some degree.