Gamblers, terrorists, haters and other risk groups can threaten business information security, but should an employer be interested in the personal life of employees?
The question alone can trigger indignation – if employees cope well with the job, their boss has no reason to worry.
Staff ‘hobbies’ have the potential to create legal problems and can result in financial loss or be the cause of quarrels among colleagues. While such hobbies shared among employees seem to help instil and maintain the team dynamic, they can quickly get out of control and become clandestine or secretive in nature.
Illicit interests can also threaten the company, not only because of the serious legal implications, but also with financial and social problems.
Identifying risky employees
Data Loss Prevention (DLP) systems offer a variety of ways that will help to intercept situations that expose forbidden employee activity.
When a company hires an employee, they can never be truly certain of their integrity. Using security specialists, who are tasked with risk reduction, incident prevention and identifying the organisations weak spots is vital.
The security specialist will establish so-called ‘risk groups’ based on security policies:
- Which websites does an employee visit?
- How do they communicate and with whom?
- What are they interested in?
These are the markers which determine whether an employee has a particular ‘feature’ which could be a threat to the employer.
Gamblers bring their habit of taking risks to work.
It’s not difficult for them to commit a crime, especially if they have lost money and are desperate for a quick loan, often a large amount as quickly as possible.
Competitors can benefit from the addiction of employees who work for another company resorting to blackmail in order to recruit them.
No employer will be happy if employees arrive at work high on drugs, or don’t show up at all.
An employee will not hesitate to commit a crime if he or she needs to get ‘a fix’. A further potential nightmare scenario is the organisation of illegal activity concerning drug trafficking. It’s no surprise that drug-dependent or addicted employees are almost always dismissed without hesitation.
Similar to gambling or drug problems, alcohol usage at work in South Africa, is somewhat different, as it is not easy to terminate the employment of a staff member who fails a breathalyser test.
If an employee is able to perform his or her duties at the required level, they have every chance of winning a case of unfair dismissal in court.
Only if an employer has employment specific terms and conditions, which have stated that any sign and evidence of alcohol at a workplace will lead to dismissal, will it be possible to justify firing an employee.
Legal problems are different.
An employee can violate traffic rules, fight with a neighbour or refuse to pay alimoney, but when he or she faces a trial for fraud, a major fine or punishment for criminal behaviour – the company-employer can’t remain silent and has no option but to act.
A rogue employee will definitely cast a shadow on the reputation of the organisation.
Banned organisations, terrorism and weapons
These issues speak for themselves. Employees with radical views should prepare the employer for the unexpected. Expect anything, including recruiting colleagues to organise a terrorist act on the territory of the company.
The problem of terrorism is one of those that require well-conducted approach. The tragic events in France in 2015 contributed to the request from 87% of SearchInform clients asking to install anti-terrorist policies.
Money problems are problematic, a debt, a large loan and the inability to pay it off will cause an employee to seek solutions. The pressure to earn extra money could result in kickbacks, bribes or even data theft.
Haters or those consistently discontent
A negatively-minded employee is a ‘time bomb’. He or she is able to harm companies in the most unexpected way: leave the team at a critical moment, move to a competitor, pander staff to turn against management, and make employees to think of quitting. Loyalty to the employer matters a lot when it affects the business.
The line between the private and corporate
Personal qualities, hobbies, circumstances often affect the work of an employee – having entered the office, we are still those people we have always been… we don’t switch into robots with a set of professional functions.
Some personal qualities contribute to work, some might appear harmful. The information security service is responsible for detecting such risks and controlling them – that’s what the IS-specialists do everyday.
It is conducted at three levels:
- Control of websites, sources that employees visit; analysis of search requests of an employee.
- Control of communication, discussions in work chats.
- Control of employee activities: copying files, uploading files, e-mails, social networks, etc.
Not all risk groups are monitored equally properly, the information security service is interested in intercepting direct threats to the company, something that can lead to loss of money and reputation such as illegal activities, problems with law enforcement agencies, theft and fraud.
The idea that drives the employer when controlling employees is to ensure that personal qualities don’t affect professional ones because business isn’t run by robots but real people.