Businesses tend to focus on IT security when it comes to protecting their data, but your Human Resources department has an important role to play, as well. HR departments have been battling this menace since well before the age of computers. By leveraging the lessons learned by employers in managing employee dishonesty and focusing on the human side of the administrator role, not just technical capabilities, companies can remove important negative motivators, gaining added protection against insider theft of protected data. Use these smart HR tactics to remove the motivations that cause insider data theft in the first place.
Limiting Opportunity Is Important, but Not a Complete Solution
Although more rare than other types of employee dishonesty, theft of information is probably the most damaging. Interestingly, employees don’t generally steal because they need money. They steal because they feel wronged, because consequences are minimal, or because it’s easy.
Law enforcement and InfoSec professionals understand the three factors involved in employee theft: motive, ability, and opportunity. Motive and ability are difficult targets to nail down, so companies tend to place their efforts on minimizing opportunity. Although this is a worthy goal, it doesn’t address the underlying problem.
Just as hackers are always looking for new ways to achieve their goals, a negatively motivated employee is likely to find a way around your security, too. And employee theft can be just as hard to spot. By removing the desire to steal, you get to the root of the problem. Addressing issues of ability and opportunity are still important safeguards for occasions when those efforts fail.
Removing Negative Motivators
Low morale plays a strong role in employee dishonesty. Unhappy, disengaged employees use their negative perceptions to rationalize dishonest actions they would never consider otherwise. Correcting low morale requires a deep commitment from employers. Leaders need to model the behaviors they expect from workers and communicate the company’s own commitment to integrity. Research shows that employees respond best to leaders who are honest, competent, and inspiring.
The subject of creating a strong culture of integrity is vast, so working with human resources firms specializing in positive work environments is advised. But you can also take smaller practical steps to promote integrity:
- Reminders of Integrity – Research shows that presenting moral reminders drastically reduces dishonesty. Researchers theorize that self-image is a strong motivator towards integrity and that when reminded of good morals, individuals internally compare their own behaviors with the standard presented. Businesses can create a system of positive moral reminders by publicly rewarding employees who do the right thing and bringing attention to stories that highlight individuals acting with integrity. Following “positive news” stories can help leaders find meaningful and inspiring materials that accomplish this goal and boost morale at the same time.
- Recognizing Good Work – Feeling appreciated can go a long way in banishing the negative feelings that lead to dishonesty. For most employees, good work stands out, but admins are a special breed. When they do their jobs well, nothing goes wrong and they often get ignored. It’s important to provide positive attention and recognition from management and coworkers for keeping systems running and secure. Administrators who feel appreciated are much less likely to misuse their power. Remember that every system experiences a failure now and then and don’t let that negative attention be the only attention your admins receive. Use SysAdmin Day as a starting point this year (the last Friday in July), but don’t forget to recognize your admins whenever they work overtime or come in to fix a problem during off hours.
- Clear Communication about Performance – Employees want clear signals about what you expect from them and how they can deliver on those expectations. In a feedback vacuum, employees can easily harbor resentments over perceived slights. Managers should communicate frequently with workers about their performance, offering specific goals and supportive advice on how to reach them. Ensure admins receive industry wages and base increases on concrete and easily understood performance goals. This creates an environment of openness and trust where workers are more satisfied and less likely to take advantage of their privileged roles.
Protect Whistleblowers and Keep a Zero Tolerance Policy
Of course, you cannot expect positive motivators alone to do the job. Emotional deterrents are also important. Companies should maintain a zero tolerance policy for dishonesty and make it easy for employees to come forward if they see it happening.
When otherwise honest employees contemplate dishonest acts, they have already spotted an opportunity. They will try to rationalize the idea using their negative perceptions about the employer. And before taking action, workers will weigh the chances of being caught against the perceived rewards.
When companies maintain a strong policy of protecting workers who bring dishonesty to their attention, they accomplish two goals. First, they make it safe for an employee to come forward about another worker’s dishonesty. Second, they heighten the level of risk compared to reward in the mind of the employee contemplating a dishonest act.
When Behavioral Motivators Fail
Every person responds in his own way to the influences around him. Even the most compassionate and caring employers will have employees who, despite their best efforts, see the glass as half empty. We see an example of that in the recent theft of member data from Blue Cross Blue Shield (BCBS) of Michigan. By many accounts, the company offers a great place to work. According to GlassDoor, 71 percent would recommend working there to a friend. Nonetheless, the company suffered a painful blow when it discovered that Customer Service Representative Angela Patton had, over the course of two years, managed to steal and distribute sensitive financial information on more than 5,000 members.
Patton allegedly printed screenshots from her work computer and sold them to family and friends, who then used the information to open fraudulent credit card accounts. It’s not entirely clear why Patton felt the need to run this side business to BCBS’s detriment, but it’s an example of how positive motivators can and do occasionally fail.
This is where your efforts in controlling the aspects of ability and opportunity come into play. Here again, HR has a strong role to play. Good hiring practices can help vet workers for the traits of honesty and trustworthiness you seek. Background checks should be performed for all company roles that have access to sensitive information. Take the time to verify prior work histories and education as an integrity check.
Beyond that, it’s up to the strong security policies and practices you put in place. Having tools that provide strong access controls and monitoring capabilities make it easier to limit opportunities and to spot dishonesty when it happens.
HyTrust Offers Important Safeguards Against Insider Data Threats
HyTrust tools give companies the ability to monitor admin actions, spot problems that may signal dishonesty, and respond to them quickly. And knowing that they are being monitored will give admins with bad intentions a lot more to think about when weighing risk and reward. Because you can’t be certain that every admin is deserving of the trust you bestow, tools like these offer strong safeguards for protecting your data from internal threats. Contact HyTrust today to learn more about how we can help.