Ten things you never knew about your employees

August 2009 Security Services & Risk Management

Over two-thirds of all security breaches, whether stolen paperclips or fraud worth millions of Rands, are perpetrated by members of staff of all ranks.

“How far can any sane company leader exercise blind faith and trust employees without any checks and balances,” asks Amir Lubashevsky, executive director of Magix Integration. “It is only by understanding the dangers posed by those employees with limited ethical values that a business can effectively mitigate the internal risks and protect itself.”

Below are 10 facts most business owners and managers do not know about their employees.

1. They do not care about your balance sheet. Sad to say, even middle and top-level management do not understand or care about the company’s finances. It is all about what they can get and do for themselves at the company’s expense.

2. They can easily steal information from you. Whether it is intentional or in complete ignorance while under the influence of questionable friends and social engineers, employees have access to information your competition and identity thieves want.

3. They can 'help' a friend obtain sensitive information. Most humans are always willing to help a friend obtain information, especially if they do not think that data has any value. When your company depends on that data as a competitive advantage, damage is a certainty.

4. They do not know how exposed they are to social engineering. Social engineers are slick, prepared and ruthless. Even the most honest employees will fall victim to their smooth talking if they are not educated with respect to the danger signs to look out for, or if they only have access to limited information.

5. They do not have enough security awareness. Employees need to know what is acceptable and what is not; as well as what is classified as a risk and how to prevent breaches.

6. Most of them will compromise security if they know they will not be caught. Most companies prefer to sweep internal crime under the rug in order to prevent bad publicity. This course of action simply tells criminals they will get away with it.

7. Many of them have access to information that is not relevant to their jobs. It requires a bit of work, but employees should be restricted to only the data and areas they require in doing their jobs. Convenience and laziness are among the greatest security risks in the world.

8. They do share confidential information with each other and with people outside your company. People talk, often without thinking. It really is as simple as that.

9. Employees take home your IP and sometimes forget where they put it. Whether it is a backup of a database or accounting work that needs to be done quickly, the best intentions may see staff taking work home and forgetting it or losing it.

10. Employees are not paid to look after your assets. People work for a salary and their contracts do not always include looking after the firm’s assets and, not surprisingly, they generally do not.

Whether it is social engineering taking advantage of the naïve or a criminal mind looking to make extra money at the expense of an employer, business leaders need to prepare for the worst and hope for the best by ensuring staff are educated as to appropriate behaviour and best security practices in all business scenarios. It is nice to trust people, but nice is a luxury few businesses can afford.

For more information contact Amir Lubashevsky, executive director, Magix Integration, +27 (0)11 258 4442, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...
Detecting humans within vehicles without opening the doors
Flow Systems News & Events Security Services & Risk Management
Flow Systems has introduced its new product, which detects humans trying to hide within a vehicle, truck, or container. Vehicles will be searched once they have stopped before one of Flow Systems' access control boom barriers.

Read more...
A standards-based, app approach to risk assessments
Security Services & Risk Management News & Events
[Sponsored] Risk-IO is web-based and designed to consolidate and guide risk managers through the whole risk process. In this article, SMART Security Solutions asks Zulu Consulting to tell us more about Risk-IO and how it came to be.

Read more...
Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Read more...
Integrate digital solutions to reduce carbon footprint
Facilities & Building Management Security Services & Risk Management
As increasing emphasis is placed on the global drive towards net zero carbon emissions, virtually every industry is being challenged to lower its carbon footprint and adopt sustainable practices.

Read more...
Visualise and mitigate cyber risks
Security Services & Risk Management
SecurityHQ announced its risk and incident management capabilities for the SHQ response platform. The SHQ Response Platform acts as the emergency room, and the risk centre provides the wellness hub for all cyber security monitoring and actions.

Read more...
Eighty percent of fraud fighters expect to deploy GenAI by 2025
Security Services & Risk Management
A global survey of anti-fraud pros by the ACFE and SAS reveals incredible GenAI enthusiasm, according to the latest anti-fraud tech study by the Association of Certified Fraud Examiners (ACFE) and SAS, but past benchmarking studies suggest a more challenging reality.

Read more...
Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Read more...
Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Proactive strategies against payment fraud
Financial (Industry) Security Services & Risk Management
Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent, says Ryan Mer, CEO of eftsure Africa.

Read more...