Tackling the Insider Threat of Disengaged Employees

How IT risk management can account for those who “hate their job”

January 2, 2020 • Published by

Unhappy Employees Are a Significant Insider Threat

We’ve all worked with them, and at some point in our career, we may have even been one: A disengaged employee. Most companies and leadership teams concern themselves with unhappy employees for one basic reason, and that’s the costs of lost productivity. But have you ever thought about the cybersecurity threat posed by an actively disengaged employee?

Insider threats are one of the most underrated cybersecurity threats to a business. The typical employee can become a security threat in one of two ways: 1) They unwittingly jeopardize sensitive data through a mistake or process failure, or 2) They knowingly compromise the data because they are willfully malicious.

The actively disengaged employee is an insider threat when acting in either of these two ways. In fact, their actions could be compromising the company both intentionally and unintentionally at the same time.

A recent Forbes article about the warning signs of employee disengagement shares the traits that can lead to more mistakes and even company sabotage by an employee, including:

  • Indifference toward the positive or negative outcome of their actions
  • Lack of enthusiasm for the company or their role in it
  • Failure to participate or accept accountability within the team environment
  • Frequent negativity
  • Increasingly poor work quality

In this post, I’m going to share ways you can proactively account for the insider threat of disengaged employees. This isn’t about recognizing and addressing an unhappy employee; rather, it’s about making sure your IT systems, processes and data aren’t compromised by one.

Internal Threats and IT Risk Management Best Practices

Many organizations incorporate a security awareness training (SAT) program and then believe they’ve “checked the box” in terms of addressing insider threats. While SAT programs do a great job of fostering a security/risk-aware culture, these programs do not account for the employee who simply doesn’t care or is “out to get you.”

When an employee is disgruntled, they may just not care enough to report spam emails, review communications for authenticity (such as avoiding a phishing scam or providing sensitive data over the telephone to an unauthorized individual), or follow organizational policies regarding use of unpermitted applications or removable media.

It is critical to monitor employees’ communications and activities when they are using organizationally owned assets. Incorporating file integrity monitoring (FIM), for example, can help you quickly discover and put a stop to all kinds of malicious behaviors, including an employee improperly accessing, manipulating or transmitting sensitive company data.

Incorporating an advanced endpoint security solution is another key method for actively addressing the disengaged employee threat model. These solutions seek out and block malicious traffic coming through mobile devices, laptops and other organizational endpoints. So, when the indifferent employee clicks on that email link when they should have known better, the associated malware is immediately immobilized.

Finally, I can’t stress enough the importance of strong user access and privilege policies. Applying least privilege account access lets the organization limit and control who has access to what information and when. It’s not about restricting access to tools that help someone do their job—that would lead to greater disengagement! But it is about making sure someone who doesn’t have a legitimate business need to access a specific file or data doesn’t have such access. And, if they do have access, their ability to modify or move those assets is limited to business necessity.

Identify and Close the Gaps

According to Gallup, only 34% of U.S. employees are currently engaged at their jobs. The rest are either “not engaged” or “actively disengaged.” Employee engagement is a problem that won’t be going away anytime soon, so it’s important to address it with your IT risk management strategy.

Learn more about identifying and closing the gaps in your cybersecurity. Subscribe to this blog for tips and trends on a variety of IT security related topics.