According to McAfee, internal actors are responsible for more than 40% of serious data breaches, while external actors are responsible for just under 60% of data breaches.
When we talk about internal actors, we’re mostly talking about your employees, and usually your disgruntled employees. Other people can include contractors and suppliers.
While it’s harder to fight the unseen external factors, it seems like dealing with your own employees should be easier because to some degree you have more control.
In this article, we look at how to deal with disgruntled employees in the security industry so you don’t end up with data breaches and other problems from your trusted employees.
Develop a Security Policy
Before you can protect anyone, you should create a policy for classifying information. You don’t want a free-for-all with your employees.
Decide what’s on a need-to-know basis, and what’s private. For example, use your policy to define the following categories of internal information:
- Internal only
Once you’ve written your policy, have each one of your employees sign and date it showing that they not only understand your policy but agree with it. Include a statement in the agreement that says your employees agree not to divulge sensitive information during employment and even after their termination or leave.
Don’t Make Employees Mad
Perhaps the best way to deal with disgruntled employees is not to upset them in the first place.
Treat your employees with respect and work hard to build employee morale.
Train your employees well, make sure they understand your mission and vision.
Have an open-door policy when it comes to communication in good times and in bad. Handle conflicts swiftly and with empathy. Make sure that all your staff feels appreciated no matter their job.
Have regular reviews to assess the contentment of your staff.
Assign Security Levels
Be thorough and methodical when assigning access levels to your employees.
You work in the security industry as do your employees, but that doesn’t mean that everyone should have access to sensitive information.
Make a list of your employees and decide who needs access to what information and why. This is one of your first steps in maintaining control over information that needs to remain secure.
Track Employee Access
Do you know what your employees are doing?
As employees of a security company, your staff has little to expect in the way of privacy. And, it’s up to you to track your employees access to your vital systems.
Make sure you know when and where they logged into your computer system. Put a system in place that lets you know if they leave restricted areas.
Know what a normal level of access means for each of your employees. You’ll find it means something different for various employees. Understand what a regular day on the computer system looks like for them so you can identify an anomaly.
Back Up Regularly
If you aren’t currently backing up your data, do so now. This means everything on your entire network as well as everything on your employees’ computers and work phones.
This just might help you in the case of an emergency or disgruntled employee turned hacker. You don’t want to end up with irretrievable information.
Create Multiple Security Layers
You trust your IT team, right? But, what if they are the disgruntled employees?
Make sure you have multiple security layers and scan your systems regularly for Trojan Horses, viruses, spyware and other malware.
These systems can help you learn if someone inside your company is planting something in your system.
Consider an outside monitoring system as well. Data loss prevention software can alert you if someone is trying to steal your data.
Let’s say you need to fire an employee. If this is the case, they are probably disgruntled already, and by firing them, you’ll incite their anger even more.
Before you terminate them, revoke their access immediately. It’s important to do this before they realize what’s coming. Wait too long, and you risk them doing something to your company.
Plan for Employees Who Quit
Many breaches occur in the days before or just after an employee leaves your business.
This is why you must stay current on what’s going on with your staff. Know what they’re doing in your system and where they are going at all times.
Turn off access immediately after they quit. Assign this job to one of your team members so it’s never left undone.
Don’t Allow Personal Devices
Yes, that’s right. No personal servers, no personal cell phones, no personal laptops.
Work devices are work devices, and personal are personal.
You should never let your security employees use their personal devices to do company work because then you have absolutely no control.
You don’t know if the system is appropriately secure, and you have no recourse if they quit and take information with them.
Put a plan in place for periodically changing passwords. This makes it harder for one employee to steal access from another.
Those in the security industry must be extra careful when it comes to dealing with disgruntled employees because they can actually destroy your business.
If your disgruntled employees hack one of your clients because they got access to sensitive information in your system, you are left open to lawsuits and liability. Even though you didn’t take the action, one of your employees did.
To keep yourself safe from any legal liability, and to ensure your client’s safety, do everything you can to put security measures in place. You need to create a failsafe today to prevent security breaches.
Follow the tips we’ve laid out in regards to how to deal with disgruntled employees in the security industry to protect your business.
Have you had to deal with disgruntled employees in the security industry? How did you solve the problem? We’d love to hear your comments. Please share below.