Is Cyber Security Alone Ever Enough?
There’s something you ought to know before you spend every spare nickel you have on firewalls and encryption for your iron-clad computer
network – if I wanted to steal your intellectual property, I’d find someone to walk in the front door and take it. Why?
When it comes to protecting what’s worth stealing, it’s your employees, not your computers, that are the weakest link. Each morning, they arrive at work carrying a completely different set of baggage, and as their employer, you can’t see any of it. Susan might have a gambling problem; Frank could be fighting his ex-wife in court for child support payments; Janice might have an ailing brother who can’t afford medication for his illness; George may be harbouring a grudge about recently being passed over for a promotion.
The point is, the common thread connecting Susan, Frank, Janice, and George is their susceptibility to acting in their own self interests, not in the interests of the company they work for. In the right conditions, a lot more people have “a price” than you might think.
This is exactly the problem. Upper management continues to invest in barricading the front door while leaving the back door open for its employees. Yet, the data shows that approximately 50% of data breaches originate internally, not from state-backed or independent hackers.
Smaller businesses, predominantly tech startups, and other companies with valuable intellectual property make the best targets. Due to their size, many employers believe that their low visibility reduces the company’s odds of being attacked. And in many cases, they’re not – at least from the outside. The perpetrators are in the building, hiding in plain sight.
So what’s the best way for management to reduce, or eliminate “insider” threats?
Start with Prevention
Begin by taking a hard look at your hiring practices. Do your homework on potential candidates, and be serious about following up on reference checks. Companies that hire employees based on whatever “feelings” they get from an hour-long interview (or sometimes something even shorter, less precise, and less formal) are only increasing the risk that their intellectual property may be comprised.
Don’t put a Square Peg in a Round Hole
Many organizations end up assigning people to roles that don’t fit them especially well either at the time of the initial hire or during the process of promotion. When employees feel as though they are not successful in their work, they begin to detach themselves emotionally from their tasks. That means disengagement, and declining respect for the company they work for.
Give a little, Save a Lot
Managing the way employees leave an organization can make a huge difference in decreasing the likelihood of a security breach. When an employee has been terminated, often the transition between jobs can be financially difficult. If they are entitled to severance, don’t make them sweat for it. And if they aren’t, consider that a little money might save your company any future volatility, retribution, or threats by a disgruntled employee with a head full of important corporate knowledge. The right kind of outplacement support can help your departing employee stay focused on their future rather than their recent and painful past. Plus, they should land a new position a lot quicker.
Invest in Employees’ Well-being
Many employers believe that their answer to a healthy, happy workplace is as simple as a solid, reactionary HR plan and a gold-plated benefits package. Yet, the external services offered through these benefits, such as therapy through an Employee Assistance Plan (EAP), only treats the symptoms, not the causes, of issues that possibly originate within the corporate culture of your organization.
A simple solution to improve workplace culture is to develop in-house programs that improve employee well-being by embedding them into the company as executive coaching and career development services. By offering practical career-related services to staff at no cost under the banner of continuous improvement, it reduces the stigma associated with seeking “help” with a problem in a way that’s both strategic and forward thinking. As a result, you’re giving employees an opportunity to identify the real, underlying problems they’re experiencing at work, and empowering them to develop effective strategies that move the company toward a long term solution.
Don’t Ignore Your Employees, Trust Them
Taking steps to ensure that you reduce your company’s susceptibility to an insider threat doesn’t mean you shouldn’t trust them, it simply means that they shouldn’t be ignored.
Paying attention to what your employees are doing also means that you value them enough to provide them with what they need to remain effective. This protects them, and in turn, protects the business (everybody’s livelihood).
Too many employers seem to think that it’s only the least productive employees that warrant their attention. The truth is, it’s the employees that never demand attention that are most likely to be involved in a data breach. If they have been compromised, that employee will strive for performance that is neither exceptional nor below average.
If you suspect an employee is working against the best interests of your organization, don’t ignore the problem or convince yourself that it’s “all in your head.”
It’s also important to understand that you’re probably unlikely to have the training required to solve this type of problem on your own.
Due to the seriousness of your allegations, a confrontation or intervention may lead to an expensive lawsuit, especially if you end up being wrong.
That’s where Industrial and Organizational (I/O) Psychology comes in. An expert who’s versed in the techniques of I/O Psychology and has experience protecting intellectual property can figure out the best, most sophisticated, and discreet solutions to insider threats, often without the knowledge of any other employees. Depending on the issue, she/he may also refer you to a different kind of “fixer” to solve the problem, while working with you to prevent recurrence.
Dr. Helen Ofosu, a Career Coach and HR Consultant, is the Founder of I/O Advisory Services.