Avoiding the Collaboration Apocalypse in Cybersecurity
In an ideal world, employees represent good value for the employer and vice versa. A few standouts enjoy Employee of the Month status, and everyone gets a holiday bonus at year-end.
Inter-departmental collaborations go smoothly, and communication improves as employees fraternize. Security isn't an issue. Fear is dispelled. Introverts are welcomed, and extroverts are managed.
As we've learned from this series of articles, the world of knowledge workers and their employees is not ideal. But as we negotiate the twists and turns of collaboration strategies, we hope we will never encounter the worst-case scenario: an employee that somehow has gone rogue: the proverbial bad egg.
Beware the rogue administrator
Employers must understand that employees can and do succumb to various temptations, and if circumstances are unfavorable, they can be detrimental to the organization and themselves. It doesn't happen often, but it does happen.
For example, Han Bing, a former database administrator at Chinese real-estate brokerage Lianjia (链家), went rogue in a 2018 incident, and the consequences were not pretty.
First of all, codify your firm's mission statement
The archetypal rogue sys admin is former network administrator Terry Childs, who was convicted in 2010 of felony network tampering for refusing to divulge the administrative passwords to San Francisco city and county government's FiberWAN system to his supervisors.
Childs tweaked the system for years, so only he knew the crucial passwords. He was arrested but still refused to divulge the network passwords, saying he would only give them to then-San Francisco mayor (now California governor) Gavin Newsom. The mayor paid Childs a visit in jail and received the passwords.
While these are worst-case scenarios, they did happen — needless to say, the employers of these tech personnel did not envision these situations or expect the relevant parties to create such havoc. The cure is to take steps to identify employees who seem disenfranchised, then take further steps.
At a minimum, you need cogent password policies in place.
Avoiding the problem
It sounds basic, but the easiest way to avoid problem employees is to address the situation proactively and early. IT staffers can be tricky to manage.
As we learned in the series, many technically inclined people are introverts. They may not relate well to others in the workplace and, more importantly, may not see this as especially problematic.
And here's where well-meaning managers can inadvertently make the problem worse. A manager might see problems with an employee's attitude or behavior and assume he or she is aware of the situation, which may not be the case. The manager becomes frustrated but doesn't know how to address what they see as obvious shortcomings.
Beware the rogue administrator
There's another danger: the manager overcompensates and overwhelms the problem employee with attention, which can be seen as rewarding the undesirable behavior. This can become a vicious spiral as the employee increasingly becomes convinced they're on the right path within the company.
Problem employees do require special attention, but they also require behavior modification. As with most tricky HR problems, there's no one-size-fits-all solution.
Progress not perfection
Turning a potential problem into Employee of the Month candidate isn't going to happen overnight. But it doesn't start with the staffer.
First of all, codify your firm's mission statement. Then find out how that aligns with the employee's sense of mission.
How do the values of the employee align with the company's mission? This question isn't asked often enough, but with knowledge workers, it should be. Remember that such workers often prize their skills to the point where they look beyond the company's goals, even if those goals are primarily in sync.
All employees need an outlet to provide feedback on their employment situations — what value they offer to the company and what value they expect in return. Keeping this transaction balanced goes a long way towards preventing employee resentment and thus reducing the risk of a rogue employee.
Remember that feedback has an expiry date. To be effective, you need to check in with the employee regularly.
But if they're collaborating with inter-departmental teams, that presents opportunities to assess an employee's capabilities further and give them a chance to provide feedback. Leverage your collaboration exercises to enhance communication with everyone on all your teams.
Employers must be proactive with their employees. Prevention will help forestall the likelihood of another Terry Childs.
This article is the tenth in a series on effective collaboration techniques for cybersecurity.
Stefan Hammond is a contributing editor to CDOTrends. Best practices, the IoT, payment gateways, robotics, and the ongoing battle against cyberpirates pique his interest. You can reach him at [email protected].
Image credit: iStockphoto/Prostock-Studio
