Employees Can Be Insider Threats to Cybersecurity. Here's How to Protect Your Organization.
Cybersecurity protection should be at the forefront of every company's mind, and ensuring your employees are happy and fulfilled is one important way to protect your business from cyber threats. Here's how to make it happen.
The U.S. Army recently announced an initiative called "People First," a strategy that calls for enacting widespread policy directives and changes designed to better support the health and well-being of the largest branch of the U.S. Armed Forces.
For an organization that's known for sending its people out on long tours away from home and facing austere conditions wherever it goes, it's easy to meet such an idea with a hefty dose of skepticism. On the contrary, however, it emphasizes the fact that large enterprises have to take care of their people. Not only does this result in more effective, better-performing and more loyal employees, but it also helps reduce a significant cybersecurity threat to organizations: the insider threat.
Why employees become insider threats
Why do employees become insider threats? There are several reasons, and each case is unique; some do it to gain access to valuable trade secrets for personal enrichment, some are disgruntled employees trying to get back at a company for firing them, and some are just negligent workers who fall for a phishing attack or experienced a data breach and decided not to report it. But, broadly speaking, there are three main reasons that formerly trustworthy employees might become insider threats.
Perhaps the most obvious motivation for an employee to become an insider threat is for financial gain. This is applicable in both the public and the private sectors. In the public sector, government employees might be dissatisfied with their compensation or internal environment and start to sell valuable personal data on the dark web.
In the private sector, employees often have access to valuable intellectual property, trade secrets or customer data that competitors or organized crime groups might pay top dollar for, or they could be bribed to become agents of a foreign nation-state. Of particular concern are technologically savvy employees (IT, for instance), who have the know-how to grant themselves elevated access rights and cover their trails from a cybersecurity perspective.
At any rate, companies should stay on the lookout for employees who suddenly start displaying signs of having more income, especially if their purchases don't seem to match their pay.
2. Political or professional
Politics are another strong motivation for employees to become insider threats. For example, an employee might be upset with his or her work situation or job title but can't see a way to fix it because of inter-office politics. This could lead to that employee becoming disgruntled and wanting to take revenge on the company. This situation is common in enterprise-level organizations, where management doesn't take the time to get to know their employees or address their concerns. Providing an environment where employees can reach their full potential and have open lines of communication with their chain of command can help mitigate potential political concerns.
This ties closely to professional reasons. For example, employees might feel slighted after being passed over for a promotion, or they might be the target of an internal investigation for misconduct. On the other hand, they could find themselves the target of misconduct by a peer or boss, which could lead them to take matters into their own hands.
3. Emotional or psychological
Humans are emotional creatures, and this, of course, applies to employees as well. Employees can get bored, burnt out or feel like their work isn't meeting certain emotional needs. This could lead them to become apathetic, which could make them insider threats through simple negligence.
The pandemic has also shown how stress can negatively impact employees. Vast numbers of employees working from home, dealing with stress from a new environment, uncertainty and fear made Americans more susceptible to online scams, which unfortunately affected businesses.
How to help your employees (and yourself) feel secure
Businesses should be highly concerned about defending themselves against insider threats. Employees have special access that outsiders can't match, and having a tech-savvy, motivated employee start to wreak havoc on a company network can be extremely dangerous. Fortunately, insider threats often begin because those employees are made to feel like outsiders in their organization, so leaders have some tools to help.
Companies need to enlist the aid of mental-health professionals to gauge their employees' states of mind regularly. These don't need to be formal evaluations, but periodic surveys or anonymous comment submissions could provide valuable insights into employee morale. Leaders should also stay engaged with their employees without asking pointed questions that may lead employees to think they're being targeted.
Happy employees with high morale rarely become insider threats. Instead, managers and leaders should adopt a mindset that puts their people first, keeps their mental well-being in mind and helps them feel secure. This, in turn, can help keep the enterprise safe and earn some well-deserved peace of mind for the C-suite.