The Internal Threat

We almost always talk about security in terms of the external, the bad guys out there, doing bad things.

Today, we’re going to talk about those other icky-type people: Employees. 

From the CEO/HR standpoint, the first thing you need to do is keep an eye out for employees who are being terminated/fired/let go. In a lot of cases this will create bad blood and some people act on it. You need to make sure there’s a process in place and that the process is followed. This will minimize the amount of damage that a disgruntled employee can do once they’ve been fired. In other words, their passwords need reset, their equipment needs to be returned and it needs to be clearly stated that their relationship/employment ends at a certain point.

This also includes physical access to the location. Tragically, it often is a former/disgruntled employee who brings physical violence to the workplace.

The second thing to look out for is, honestly, reputation. If an employee has a reputation among coworkers that they don’t care about the security, or they’re violating the policies and they’re taking shortcuts, “Yeah, it’s in the policies & procedures, but that doesn’t count for me!”, are all signs that that person may create a scenario where your organization can be harmed from an outside source, or they might be doing it themselves. So keep an eye out & ask employees to point out when they’re seeing gross violations of security policies. Not necessarily as a “you’re ratting them out,” because in some cases, it hasn’t been communicated effectively.

So, as CEO, as HR directors, you have a responsibility, even though some of this stuff is technical, you still have a responsibility to make sure the culture of your organization takes security seriously.