Sergey Ozhegov, CEO at SearchInform, tells Intelligent CIO how employees can threaten companies.
Gamblers, terrorists, haters and other risk groups can threaten business information security. But should an employer be interested in the personal life of employees?
The question alone can trigger indignation – if employees cope well with the job, their boss has no reason to worry. However, staff ’hobbies have the potential to cause legal problems for the company, result in substantial financial loss or be the cause of huge quarrels among colleagues.
Office pools, quite popular in the US and gaining popularity in South Africa, can also be a source of problems for the company.
PASPA of 1992 prohibits sports gambling in the majority of states. While such hobbies shared among employees seem to help instil and maintain the team dynamic, they can quickly get out of control and become clandestine or secretive in nature.
Illicit interests threaten the company, not only because of the serious legal implications, but also with financial and social problems.
Conflicts within the team can arise because of financial loss or refusal to participate – and the amount involved often isn’t regulated. Those who have the opportunity, have the option to apply to the company for financial assistance.
Those who participate in office pools can discuss this vital issue at their workplace where illegal activities are organised.
DLP system offers a variety of ways that will help to intercept situations that expose forbidden employee activity.
When a company hires an employee, they can never be truly certain of their integrity.
Security specialists are tasked with risk reduction, incident prevention and a company’s weak spot – identification.
It’s a ‘professional paranoia’ which helps to understand the professional qualities of an employee and their nature. But can it be dangerous for your business and how?
The information security specialists establish so-called ‘risk groups’ based on security policies – which websites does an employee visit, how do they communicate and with whom and what are they interested in? These are the markers which determine whether an employee has a particular ‘feature’ which could be a threat to the employer.
Risk groups consist of completely different people with different qualities, habits and hobbies.
This problem has already been outlined. However, we need to consider a few points – gamblers bring their habit of taking risks to work quite easily.
It’s not difficult for them to commit a crime, especially if they have lost money and are desperate for a quick loan, often a large amount as quickly as possible.
Competitors can benefit from the addiction of employees who work for another company resorting to blackmail to recruit them.
Drugs: Distribution, dependence
It is unlikely that the employer will be happy if the employees enter the office intoxicated with drugs or don’t show up at all.
An employee will not hesitate to commit a crime if he or she needs to get ‘a fix’. There’s another situation, or rather another potential nightmare scenario for the manager – the organisation of illegal activity concerning drug trafficking within the company. This is tantamount to irreversible reputational damage and attracts sanctions. It’s no surprise that drug-dependent or addicted employees are almost always dismissed without hesitation.
The essence of the issue seems to be the same as in gambling or drug situations. However, alcohol is somewhat unique. In South Africa, it is not easy to terminate the employment of staff who fail a breathalyser test.
If an employee can perform his or her duties at the required level, they have every chance of winning the case of unfair dismissal in court.
Only if an employer has paid special attention to ‘terms and conditions’ which states that any sign and evidence of alcohol at a workplace leads to unavoidable dismissal, it is virtually impossible to justify firing an employee.
Special software systems that control the behaviour and communication of employees within the team can detect signs quicker than common observation.
Problems with law
Problems are different. An employee can violate traffic rules, fight with a neighbour or refuse to pay alimony, but when he or she faces a trial for fraud, a major fine or punishment for criminal behaviour – the company/employer can’t remain silent and has no option but to act.
A rogue employee will cast a shadow on the reputation of the organisation. He or she can drop out of work for a long time while the problems with paying a fine can be solved at the expense of the company – through fraud, bribes or kickbacks.
Connection with banned organisations: Terrorism, weapons
I think it’s pretty much a no-comment section – this issue is always tracked. Employees with radical views make you expect anything including recruiting colleagues to organise a terrorist act on the territory of the company.
The problem of terrorism is one of those that require well-conducted approach. The tragic events in France in 2015 contributed to the request from 87% of SearchInform clients asking to install anti-terrorist policies.
Debts and credits
Situations are different as well, but can be equally tense – a debt, a large loan and the inability to pay it off. Circumstances force people to seek solutions. And they go for it – accept extra deals to earn money, kickbacks, bribes or even agree to steal data to sell it.
South Africa ranked highly showing an impressing number of debtors. According to the statistics (2014), 86% of the population applied for a loan. Eleven million South Africans took out a loan contributing to the total debt of US$118 billion. One of them might be your employee. It has been revealed that an average employee spends 20 working hours per month on solving financial problems and loses about six hours of productive work.
Twenty-five out of 37 million employable adults in South Africa have applied to lenders, while only 10 million are officially employed. The situation is peculiar due to the inability of a person, who took out a considerably big loan, to pay for minimal daily needs. To cope with the critical situation as quickly as possible, employees are ready to commit fraud within the company.
Haters or those consistently discontent
A negatively-minded employee is a ‘time bomb’. He or she can harm companies in the most unexpected way: leave the team at a critical moment, move to a competitor, pander staff to turn against management and make employees to think of quitting. Loyalty to the employer matters a lot when it affects the business.
The line between the private and corporate
Personal qualities, hobbies, circumstances often affect the work of an employee – having entered the office, we are still those people we have always been. We don’t switch into robots with a set of professional functions.
Some personal qualities contribute to work, some might appear harmful. The information security service is responsible for detecting such risks and controlling them – that’s what the IS-specialists do every day. It is conducted at three levels.
- Control of websites, sources that employees visit; analysis of search requests of an employee
- Control of communication, discussions in work chats
- Control of employee activities: Files uploading – to clouds, within e-mails, to social networks; copying to devices, sending documents for printing, sending confidential documents within the corporate network, etc
But not all risk groups are monitored equally properly. The information security service is interested in intercepting direct threats to the company, something that can lead to loss of money and reputation. Illegal activities, problems with law enforcement agencies, theft, fraud.
There will be no immediate consequences if the violation is out of the high-risk group. It will help to form a comprehensive opinion when making managerial decisions. It reminds the reverse point system – score 10 points and fall under the control of information security service. Getting into a risk group may deprive an employee of his career advancement, cancel a transfer to another branch, etc.
The idea that drives the employer when controlling employees is to ensure that personal qualities don’t affect professional ones because business isn’t run by robots but real people.