A Blog by Jonathan Low

 

Oct 6, 2014

The Biggest Cybersecurity Threat? Underpaid Employees

Russian mobsters and Chinese military technicians may be perceived as the threat about which enterprises should worry, but according to the FBI, the most likely cause of cyber-security breaches at most institutions are current and former employees.

When people believe that conditions are unfair or that they are being taken advantage of, they will try to seek redress. All too often in this economy, however, they are reminded that they are lucky to have a job, that they could be replaced with relative ease - or that the entire effort could simply be relocated to a less expensive locale in China, Bangladesh or any other low wage export platform. This is as true of supposed knowledge workers as it is of their factory-based brethren.

If people believe they have no recourse and that no one cares, they may be inclined to act on their own. The result can be anything from theft of data to destruction of property. The problem for businesses is that the impact of such actions in a connected economy is likely to be far greater than the savings from refusing overtime or reducing an employee's hours. JL

Allison Schrager reports in Business Week:

Cybersecurity breaches such as those at Target (TGT), Home Depot (HD), and JPMorgan Chase (JPM) are expensive and embarrassing. While attacks may come from outside hackers, the FBI recently issued a warning that internal hacking from current and former employees poses the biggest threat—and is on the rise. The FBI recommends companies take additional security precautions such as changing their passwords more often. There may be a simpler way: Pay employees more to keep them from becoming disgruntled in the first place.
The rise in employee hacking is just a new wrinkle in the ever-present epidemic of employee theft. Studies have documented the many reasons why employees steal: personal predisposition, economic need, workplace culture, or often a misguided sense of fairness. According to Queens University business professors Liane Greenberg and Julian Barling (PDF), workers often steal when they feel their employment relationship is unfair. They might see stealing as justified because it restores moral order. That attitude is most common when employees consider themselves underpaid, and Greenberg and Barling cite studies that show employee theft increased when pay was cut with no explanation.
The difference now is that companies are more vulnerable to technology. The FBI reports an increase in investigations related to disgruntled current and former employees who destroy data or steal customer information and proprietary software. Some use the data to gain a competitive edge in their next job. There are even cases of former employees attempting to extort money by holding company websites hostage.
Like other kinds of stealing, data theft may stem from low morale. According to the 2013 Gallup State of the American Workplace report, 70 percent of workers are either not engaged or actively disengaged with their jobs. Stagnating wages and record company profits can also breed resentment. A recent survey on global engagement from Aon Hewitt (PDF) says pay is becoming increasingly critical to morale. It now ranks third behind future opportunities and firm reputation. Aon Hewitt argues that stagnant or falling wages pushed pay near the top of workers’ concerns.
Few disgruntled employees take out their frustration by breaking the law. But if cybersecurity threats from within are a problem, companies shouldn’t simply increase security but also must consider what they can do to raise morale. The Hewitt survey shows few things are as effective as higher pay. Compared to the FBI’s claim that security breaches have cost some businesses a billions, couldn’t paying workers more be cost-effective?

0 comments:

Post a Comment