Chief Marketing Officer at ERP Maestro
5 Things You Should Know About Employee Loyalty
Think you can count on employees to protect your data and your assets? Think again.
Technology, bricks and mortar, products and services don’t make a business. People do. They are the lifeblood of any organization and can make or break the success of the company. That’s why smart employers work hard to hire the right talent and keep workers engaged and happy. Unfortunately, despite finding A-player employees, the best efforts of managers, a company’s great culture or ethics training, some employees will lack loyalty or at some point,for various reasons, engage in acts of disloyalty that can cause a company harm.
A disloyal or disgruntled employee has the potential to do major damage to a company –even after leaving the business. Such employees may cause injury, for example, through security threats, fraud or theft of company data. How vulnerable is your company to suffering a security incident at the hands of an employee? And what factors might motivate employees’misdeeds? Consider the following:
It might seem like stating the obvious, but financial gain can be an enormous influencer for employees to commit treacherous acts against a company –especially while still employed and experiencing personal debt. Anyone can be drawn into living beyond their means and taking treacherous risks to help them fund their overspending.
The world presents an enticing consumer message of having it all. Some people attach their self-worth and public persona to their material worth and find themselves in over their heads financially to support their false image.
Improper access or too much access to business systems and weak controls make it easy for the tempted employee to act. Performing schemes to embezzle money, however, is only one approach. Unfortunately, monetary gain also is an all-too-common reason for workers to sell out an employer.
Research from a SailPoint survey finds that 20 percent of employees would sell their passwords, and 44 percent of those employees are willing to do it for less than $1,000. Some would give up their corporate credentials for less than $100! U.S. workers are most willing to put their passwords up for sale compared to employees in other parts of the world.
Greed, somewhat different than dipping into the till to save oneself from financial ruin, is an inordinate lusting after material gain or a more lavish lifestyle. It often leads to dishonesty and betrayal. This is well demonstrated in a recent case involving some former employees of GlaxoSmithKline. Last year, Dr. Tao Li pleaded guilty to conspiracy to steal trade secrets from GSK to benefit a Chinese pharmaceutical company named Renopharma.
Dr. Li, along with Dr. Yu Xue and Dr. Yan Mei, created Renopharma in Nanjing, China, to allegedly research and develop anti-cancer drugs.But officials say Renopharma was used as a repository of stolen information from GSK. Xue was a scientist at GSK working on developing biopharmaceutical products.These products typically cost in excess of $1 billion to research and develop and the scientists decided that value was worth betraying their company to line their own pockets.
One of the largest municipal cases of fraud is another prime example. Rita Crundwell embezzled $54 million over time and without detection for 22 years. She funded her champion quarter horse breeding business with the stolen money. Weak access controls and lack of segregation of duties (SoD) allowed the theft to go unnoticed for so long.
And then there are employees who simply believe they are entitled to more money or have a right to profit beyond their basic compensation for work they have created. More common among executive who seek power, wealth and position, entitlement can be a strong impetus for committing fraud.
According to Fraud Magazine, entitled executives don’t feel that they need to rationalize their behavior. “Barriers to fraud, such as conscience, character, faith, fear of detection, internal controls, and processes and procedures, are only that —barriers and not necessarily deterrents to top executives.”
Terminated employees or those who feel they have been treated wrongfully in the work place may not care if their fraudulent actions or sharing of sensitive company information hurts an organization. They may be devoid of any allegiance or devotion to the organization –even if an employee continues employment after a perceived workplace injustice. Revenge can be a massively destructive force. Those who seek it, pursue a sense of restored power after a loss or supposed wrong. Stealing, manipulating or selling data are top of mind for the vengeful employee.
A Gallup study reveals 70 percent of U.S. workers do not feel engaged by their job.Gallup also finds that 60 percent of millennials said they are open to a different job opportunity, and 55 percent of millennials do not feel engaged with their company. Even more concerning: 16 percent are actively disengaged, which means they may be “out to do damage to their company,” according to Gallup.
At any time, about half of your workforce is looking for their next opportunity. Gallup’s survey reveals more than half of employees (51 percent) are searching for new jobs or watching for openings. And once employees are out the door, they still pose a risk. SailPoint’s research finds that 40 percent of former employees still have access to work accounts even after leaving a company. This is a major concern as a bitter or angry employee who has had a bad experience could still attempt to do damage after they depart.
With these kinds of attitudes about work, it is easy to see how companies are at risk of a data breach or other kind of incident caused by an employee. If the worker doesn’t feel invested in the organization, why would they go out of their way to help it remain secure?
Even an honest, loyal employee cannot be relied on to notify management of fraudulent activity among their peers. A report from EY finds 32 percent of respondents report they have had personal concerns about bribery and corruption in the workplace, yet 18 percent of respondents said that loyalty to colleagues would deter them from reporting any incident. Another set of respondents (19 percent) said that they would not use a whistleblower hotline.
Companies should operate in a zero trust environment when it comes to internal security strategies. The myriad of drivers that are often invisible and can lead to fraud or breaches of company data make it impossible to spot employees who may pose the greatest risks.
The best way to get on top of threats posed by disgruntled employees is with proper SoD and by managing access. Ensure only the necessary parties can access secure data, and make sure departing employees can no longer access company systems and data.
Research from Gartner finds effective SoD controls can reduce the risk of internal fraud by up to 60 percent. Getting a handle on access in your organization now can prevent an incident in the future if an employee –or former employee–decides to go rogue.