Attacks and raids on private company data are commonplace these days. The easiest way into a company is often for would-be fraudsters to find a disgruntled employee who can leak data. Indeed, this has been the case with several high profile data leaks in the past. Therefore, it makes sense to keep your employees happy within the company.
With this in mind, if it is the employees’ job to keep customers happy, then surely, it is management’s responsibility to keep the employees happy, writes Chris Parker for Computer Weekly. Staff that are unhappy or disgruntled in their position are often prime targets for those who are looking for a way into a company’s private data.
The typical fraud triangle of opportunity, pressure, and rationalization is described by Joseph Wells in Occupational Fraud and Abuse, and is easily resolved by common sense management. Simply by treating your employees well they will be much less likely to steal from you.
Employees look for a clear understanding of what their job is about, and especially how their cog fits into the wider business machine. By having a clearly defined purpose, as well as fair and – this part is important – transparent compensation for their work, employees will have much more emotional investment, and a deeper purpose in the organization.
This is particularly relevant when it comes to IT staff, where they tend to have high levels of rights and access within a company’s system; this includes any employee with access to customer information and other sensitive data. You should already have the necessary physical controls, policy enforcement, and employee awareness programs, but ultimately this will come to nothing if a determined employee has been duped or otherwise cajoled into releasing information for nefarious purposes.
It is not always easy, however, to provide good, common-sense based management. Particularly when your hand is forced by historic bureaucracy, or when business decisions are taken that seem counter to the purpose and brand of the company at large. However, by explaining these anomalies where possible and applying the good commonsense management elsewhere in the business, these instances can usually be mitigated.
The question is how you deal with these. Do you lie to your staff? Make up some nonsense reason as to why you needed to make the decision? Or simply take the mature approach and be honest: sometimes, tough choices have to be made, unusual things happen, and life isn’t always entirely fair, while making it clear you try your best to prevent these situations from arising.
If everyone in the company is kept happy, then your employee perimeter can remain as strong as your security does.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”
Stories of major data breaches continue to roll in. One victim announced during the spring was hard drive maker LaCie...