Company's Own Employees Its Biggest Potential Security Threat
Tuesday May 22, 2007


Philadelphia — May 22
A company's greatest security threat might not come from outside sources but from its own employees, and employers need to take specific measures to reduce these potential risks, according to Pepper Hamilton, a multipractice law firm with more than 450 attorneys.

Among the possible security threats a company's own employees may pose are:
Information technology employees potentially represent one of the greatest security risks.

"With companies increasingly reliant on technology, workers in the information technology department pose one of the greatest potential threats to compromising a company's systems," said Jonathan Kane, chairman of Pepper Hamilton's labor and employment practice. "IT employees know all the 'sacred codes,' frequently work during hours when other employees are off, and in restricted-access settings. Some IT employees feel their work is unappreciated, and that they don't receive their due respect, so bad morale among IT workers can present a big problem."
Financial and accounting employees also can be a potential security threat.

"Employees in the financial functions have access to, and unique knowledge about, the company's money," said Sharon Klein, a partner with Pepper Hamilton. "Bad morale among financial employees could give workers an incentive to steal."
Employees bringing work or work materials outside the office can be another possible security threat.

"A company's secure data, such as client or consumer identification information, could be at risk if misplaced," Kane said. "Many security breaches have occurred when laptops were misplaced or stolen. Although forbidding employees from taking work home may be counterproductive and ultimately unavoidable, restricting who can do this, for what purposes and for how long, can decrease loss of confidential data — and can put procedures in place that more closely monitor who takes home what."
Employees with drug or gambling problems are another potential security threat.
"Workers with these problems may be tempted to steal to sustain their addictions or cover their losses," Klein said.

Among the tips Pepper Hamilton offers employers to diminish possible security breaches caused by their employees are:
Conduct background checks. "Before making a hire, companies should conduct an employee screening that includes prior references, a criminal background check and a credit check," Kane said. "Although screening won't necessarily pick up bad behaviors, it is a process that will provide employers with a better understanding of the people they are hiring. Sophisticated attorneys can assist with improved background screening that helps get important reference data."
Establish a social contract. "The social contract between employers and employees is quickly deteriorating," Klein said. "People are not as loyal to their employers as they once were. But more importantly, employees generally do not feel as valued and appreciated. Employers need to pay more attention to the way they treat their employees on a daily basis and establish a comfortable and loyal workforce."
Make employees aware of confidentiality policies. "Problems can arise in the transfer of trade secrets or confidential information to someone outside the company," Kane said. "Employees should be informed of a company's general confidentiality policies, especially with regard to e-mail. Often, these clauses are buried in an employee handbook, even though they are essential to maintaining a company's key assets. Take time to train, educate and remind on an ongoing basis."
Adapt company policies to new technologies. "As technology continues to evolve, businesses need to be informed and adapt their policies accordingly. Now that cell phones can take pictures, and external hard drives can easily download a computer's entire content, there are more ways a company's sensitive information can be compromised," Klein said.

For more info: http://www.pepperlaw.com