When we hire employees, we never expect them to go rogue. A rogue employee is a worker that undermines their employer by not complying with company rules and policies. Ultimately, these employees don’t play by the rules, and they hurt the company in some way either through data or financial loss.
We don’t expect our admired and trusted employees to resort to malicious activity that hurts the company. But the fact of the matter, employees do go rogue. Not many, but the few that do are usually unexpected and catch upper management by surprise. In many ways, employees and management is oblivious to the fact that an employee can go rogue, and they miss many of the impending signs that would help them to prevent the activity.
This is an excellent historical example of a rogue employee performing malicious activity that is transparent and still goes unnoticed by co-workers and management.
“Army Warrant Officer James W. Hall, III was sentenced to 40 years in prison for spying for both the former East Germany and Soviet Union from 1982 to 1988. He compromised U.S. and NATO plans for the defense of Western Europe. After his arrest, Hall said there were many indicators visible to those around him that he was involved in questionable activity. Hall sometimes spent up to two hours of his workday reproducing classified documents to provide to the Soviets and East Germans. Concerned that he was not putting in his regular duty time, he consistently worked late to complete his regular assignments. Using his illegal income, Hall paid cash for a brand new Volvo and a new truck. He also made a large down payment on a home and took flying lessons. He is said to have given his military colleagues at least six conflicting stories to explain his lavish lifestyle, but Hall’s co-workers never reported any of his unusual activities. After returning from Germany to the U.S., he traveled to Vienna, Austria, to meet with his Soviet handler.”
This story offers many warning signs that we will further explain in this article. But first, we want to answer the question: why do employees go rogue? Why do employees perform malicious activities that resort in embezzling from the company, illegally accessing private emails and using customer card data to purchase personal merchandise?
Employees can go rogue for many reasons. Usually the reasons consist of a particular character weakness, a personal crisis, a money crisis, the feeling they’ve been ‘wronged’ by the company, a financial downturn or the lack of intervention.
Some of these reasons are more common than others. If an employee is in a personal money crisis, they might begin writing business checks to themselves to cover the monthly rent. Usually, these employees have the intentions of returning the money, but lack of intervention and the easiness of accessing the information, leaves employees enlarging the IOU statement until they have no hopes of returning the money. Next an employee might be terminated by its employer. Upon leaving the company, the employee deletes years of important data and information. The employee felt ‘wronged’ by the situation, and the lack of intervention resulted in a substantial data breach. The worst situations usually involve a rogue employee with high-level access to information that they can exploit to their benefit in someway.
But we do have a silver lining to this story. Employees exhibit several behavioral trends that can be analyzed and observed by coworkers and management. The key is to having an observable mindset, and to not simply ignore the signs when they’re present. These are observable behaviors that can be understood by co-workers:
- Unexplained absences on a Monday or a Friday
- Working unusual hours that are outside the normal work day
- Creating several different stories and excuses for changes in their behavior
- Bragging about buying a new car, house or any sudden change in financial success
- Increased friction with coworkers, anxiety or nervousness and decline in work performance
- Writing bad checks
- Assessing company systems that aren’t part of their job or in their clearance
Did Army Warrant Officer James W. Hall display any of these behaviors? The obvious answer is yes. A rogue employee may show one or more of these behaviors; however, unless management is observing, tracking and comparing the behavior against a normal trend, these changes in behaviors can go quickly unnoticed.
Prevent your employees from going rogue by understanding these signs in changed behavior, and approaching the employee at the right moment. This success comes from companies inventing control process to prevent such behaviors through software behavioral monitoring, employee training and employee participation. Yes, employees are one of your biggest information security threats. This means you shouldn’t let the threat go unnoticed and uncontrolled. Behavioral analysis through software and coworker observance is the key to eliminating the insider threat.