I had the pleasure to speak last week to two great information technology trade associations–local chapters of ISSA (Information Systems Security Association) and ISACA (Information Systems Audit and Control Association).
These professionals care about protecting information from potential hackers and are always worried about the potential data breach from a rogue employee.
They tend to worry about three types of employees:
- High achieving employees who view rules as impediments to getting things done, so they break rules
- Disgruntled employees who can access data and then steal it
- Employees who ignore the rules out of laziness or negligence
As I did my research for my presentation, it looks like much of the industry is worried about tactics, rather than what is causing problem employees to emerge in the first place.
I believe some of their focus should be on watching for cultural problems as well.
If bad behaviors are overlooked by management, you can bet that their coworkers have gotten the message loud and clear that management has lowered its standards.
It starts an ‘If you don’t care, why should I?’ type of attitude to emerge.
Non-managerial employees can be some of the best detectors of rogue employees if they are encouraged to care and truly believe their feedback matters. If they don’t care, or they learn that there is a culture that does not protect its values or has no values, numerous problematic behaviors can slip through.
I heard privately from one IT pro about a colleague who had spoken to their manager about a coworker showing classic rogue employee behaviors : avoiding standard operating procedures and deceptive answers when asked about certain activities connected to data. When the concerned employee spoke up, take a guess which person was fired. Yes, the manager fired the employee who spoke up, citing all the paperwork and questions that would be created if, in fact, the employee was involved in major violations.
Imagine the water cooler talk after that episode. You might as well have ordered the employees to never care again.
When employees know their feedback matters, good things happen. Issues are addressed and often solved. Employees feel more connected to their employers, which can create greater productivity and purpose. And they’ll point out problems when they see them.
And, if they don’t? Well, you can have all the technology in the world to detect rogue employees, but companies will never have the success rate they want if they don’t have a culture that empowers everyone to care about an organization’s security.
Let me know what you think.
Pete Havel is the Author of The Arsonist in the Office: Fireproofing Your Life Against Toxic Coworkers, Bosses, Employees and Cultures. He can be reached at Pete@petehavel.com .