Cybercrime on the increase
September 16, 2021
Introducing the New Condyn Blog!
September 17, 2024

THE INSIDER THREAT

 

With reference to the news that was just published by Sarah Jackson from the Business Insider US (1), regarding the fact that the CEO of Apple(2), Tim Cook, is furious that employees won’t stop leaking information. Reading this article, I could not help to wonder why these types of leaks are on the increase. Is it because of people are tired of being controlled by government and corporations, since Covid19 or did employees get numb to the idea of losing their jobs? Or is there some sort of believe that no will be able to identify the person who leaked the information?

Covid19 might have given governments and companies some sort of a false sense of control over people. Unfortunately, it seems to have reached a level whereby both governments and corporations want to enforce policies that clearly intrudes on human rights with specific reference to the personal right of bodily integrity. The company can argue that this is not true as they make these policies in the best interest of all employees and to protect the workforce. They can also argue that they did not enforce vaccinations on you, as you still have a choice but they make it so unpleasant and costly that a person with an average salary cannot afford to take Covid tests every week to go to work. This is still a “no choice policy”. Companies has to protect their organisations and has a judiciary to do so but where is the line. Can companies enforce these vaccinations on employees? The answer is most probably “yes “under the umbrella of “in the interest of public policy”. Like in the case of Apple in this example is then how do companies protect this decision from the public domain. Companies might have policies that binds employees contractually from leaking confidential information but what if the employee could not care less or that the employees’ convictions and morals are stronger than the consequences of leaking confidential information. Making decisions that force them to do something, like vaccinations, that is absolutely against their will, shall place the company at risk. Important, we must always remind ourselves that we deal with people. With todays many communication channels, companies have to protect their environment diligently in every possible way. Information is leaked through email, social media etc. If you cannot establish where the leak started and contain it, the you are in trouble. You can write, like Apple’s CEO (3) , many memos to the employees but it will not stop such a tsunami, as it is too late.

The employee has accepted the terms and conditions of the employment contract and has no right to leak confidential information for whatever reason. They should be responsible towards the company and the company’s stakeholders at all times, leaks can result in lost of revenue and in return result in retrenchments. It becomes a vicious cycle. Employees that do leak this type of information, is usually either disgruntled or their convictions and principles override and other reason for decisions that intrudes on their human rights. The freedom of choice weighs much heavier than earning an income which leads to the leak of confidential information. But it does not a matter what the reasons are for their behaviour, we cannot lose sight of the impact insider leaks have on any business or government. It can cause great harm to a company’s reputation, and the stakeholders can lose their trust in the company that in return has a significant impact on reduced revenue streams. Important to recognise is the fact that an employee can always move on to another job but the company might not be able to contain the risk and it can even lead to liquidation. In short, it is much more difficult for a company to recuperate from such incident than it is for the employee.

(1) https://www.businessinsider.co.za/apple-ceo-tim-cook-says-leakers-do-not-belong-here-2021-9?r=US&IR=T

(2) Apple Technology Company

 

The solution.

CEO’s may ask, what can be done to prevent leaks to happen in the first place? The short answer is that you can’t. There is always someone that will feel offended for whatever reason or justify their behaviour. Other times it is for personal financial gain. which is even more dangerous for organisations and do not believe that your most loyal employee is incapable of being a threat to your organisation. It was found engaging with many risk managers in organisations, they all respond the same to our question on when do they respond to a breach and the standard answer is:  once when they became aware of the breach which is often too late. This is very true and I totally agree with them. It became apparent that although they are called risk managers, they are actually incident managers, and it not due to something that they are doing wrong. The good news is that there is no reason for any company to respond to insider threats, after the fact. Companies and government can now invest in a very cost-effective tool that will not only be able to pinpoint a threat with evidence while it is occurring but they will also be able to predict when there might be an upcoming risk that should be managed at all times. That is containing a risk, a memo begging staff to stop sharing the information is just not going to cut it.

Conclusion:

Companies should never lose sight that they always deal with people who has a free will and human rights. Do not overstep this boundary for whatever reason. Covid19 might have its merits to enforce vaccinations on staff but if the entire world could work remotely and still contribute to the economy, why do you as a company now wish to overstep your boundaries and force the same loyal employees to be vaccinated or risk losing their job? Companies should be careful not to lose sight enforcing people to be e.g., vaccinated might have a detrimental effect on your business. The same loyal employee that are forced to participate in something that is against their human right as a person might can join your competition who does not intrude on the person’s human rights. More Importantly, is to realize, that if you could not contain the insider threat while they were in your employ, you will definitely not stop them in using your intellectual property to the advantage of the competitor without excessive funds for legal fees etc. Companies have to weigh up the risk between the Covid virus threat and the other risks that are most often bigger where staff is concerned.

From the employee’s perspective, do not bite the hand that fed you all these years. In the event that you are a disgruntled employee, handle the matter maturely, as your colleagues (also called friends) and their families are at risk when you leak information that can harm the company. It can also have a negative impact on your career and future. Think things through, fight for your human rights, but do it in a mature manner. If you can not address your concerns with your manager /CEO, then get an independent intermediary to assist and find the best resolution for both you and your company.

If you need more information on the Insider threat toll for risk managers, please contact info@condyn.net or visit our website at www.condyn.com.

(3) https://www.apple.com/za/leadership/

 

 

 

,,

Leave a Reply

Your email address will not be published. Required fields are marked *