Gamblers, terrorists, haters and other risk groups can threaten business information security. But should an employer be interested in the personal lives of employees, asks Sergey Ozhegov, CEO at SearchInform.
The question alone can trigger indignation – if employees cope well with the job, their boss has no reason to worry. However, staff ’hobbies’ have the potential to cause legal problems for the company, resulting either in substantial financial loss or that could potentially be the cause of huge quarrels among colleagues.
Office pools have proven to be quite popular in the US (especially during such cult sports events as March Madness) and these are gaining popularity in South Africa. However, they can also be a source of problems for a company.
PASPA of 1992 prohibits sports gambling in the majority of states. While such hobbies shared among employees seem to help instil and maintain the team dynamic, they can quickly get out of control and become clandestine or secretive in nature.
Illicit interests threaten the company, not only because of the serious legal implications but also in terms of financial and social problems.
Conflicts within the team can arise because of financial loss or even refusal to participate – and the amount involved often isn’t regulated. Those who have the opportunity also have the option to apply to the company for financial assistance.
Those who participate in office pools can discuss this vital issue at their workplace where illegal activities are organised.
The DLP system offers a variety of ways that will help to intercept situations that expose forbidden employee activity.
When a company hires an employee, they can never be truly certain of their integrity. Security specialists are tasked with risk reduction, incident prevention as well as a company’s weak spot – identification.
It’s a ‘professional paranoia’ which helps to understand the professional qualities of an employee and their nature. But can it be dangerous for your business and, if so, how?
The information security specialists establish so-called ‘risk groups’ based on security policies. These include an analysis of which websites an employee visits, how they communicate (and with whom), and what they are interested in. These are the markers which determine whether an employee has a particular ‘feature’ which could pose a future threat to the employer.
Risk groups consist of completely different people with different qualities, habits and hobbies:
This problem has already been outlined in the above example. However, we need to take into account a few points: gamblers bring their habit of taking risks to work quite easily.
It’s not difficult for them to commit a crime, especially if they have lost money and are desperate for a quick loan, and they can often require large amounts as quickly as possible. Competitors can benefit from the addiction of employees who work for another company, resorting to blackmail in order to recruit them or elicit confidential information from them.
Drugs: distribution, dependence
It is unlikely that the employer will be happy if the enter the office intoxicated with drugs or even don’t show up at all.
An employee will not hesitate to commit a crime if he or she needs to get ‘a fix’. There’s another situation – or, rather, another potential nightmare scenario for the manager to contend with – the organisation of illegal activity concerning drug trafficking within the company. This is tantamount to irreversible reputational damage and should appropriately attract serious sanctions. It’s no surprise that drug-dependent or addicted employees are almost always dismissed without hesitation.
The essence of the issue seems to be the same as in gambling or drug situations. However, alcohol is somewhat unique: in South Africa, it is not easy to terminate the employment of a member of staff who fails a breathalyser test.
If an employee is able to perform his or her duties at the required level, they have every chance of winning the case of unfair dismissal in court.
If an employer has paid special attention to “terms and conditions” which state that any sign and evidence of alcohol at a workplace leads to unavoidable dismissal then there could be a strong case, failing which it is virtually impossible to justify firing an employee.
Special software systems that control the behaviour and communication of employees within the team can detect such signs quicker than common observation.
Problems with the law
Such problems cover a range of offences. An employee can violate traffic rules, fight with a neighbour or refuse to pay alimony, but when he or she faces a trial for fraud, a major fine or punishment for criminal behaviour then the company-employer can’t remain silent and has no option but to act.
A rogue employee will definitely cast a shadow on the reputation of the organisation: he or she can drop out of work for a long time while the problems with paying a fine can be solved at the expense of the company – through fraud, bribes or kickbacks.
When it comes to any connection with banned organisations: terrorism, weapons, then I think it’s pretty much a no-comment section, as this issue is always tracked. Employees with radical views make you expect anything, including recruiting colleagues to organise a terrorist act on the territory of the company.
The problem of terrorism is one of those that require a well-conducted approach. The tragic events in France in 2015 contributed to the request from 87% of SearchInform clients asking to install anti-terrorist policies.
Debts and credits
Individual situations will also vary vastly, but such situations can be equally tense across the board, whether it be a debt, a large loan or the inability to pay it off. Circumstances force people to seek solutions and, invariably, they will go for it, such as accepting extra deals to earn money, or even taking kickbacks, bribes or agreeing to steal data to sell to a competitor.
South Africa ranks extremely high in terms of the number of debtors and, according to statistics, 86% of the population applied for a loan in 2014, when a total of 11 million South Africans took out a loan, which contributed to the total debt of $118-billion. One of these individuals is highly likely to be one of your employees and, of concern, is the fact that an average employee spends 20 working hours per month on solving financial problems and, as a consequence, loses about six hours of productive work time.
In total, 25- out of 37-million employable adults in South Africa have applied to lenders for financial assistance while, of these, only 10 million are officially employed. The situation is peculiar due to the inability of many of these people to pay off a considerably big loan, in addition to paying for their minimal daily needs. To cope with such a critical situation as quickly as possible, a surprisingly high number employees are ready to commit fraud within the company.
Haters or those consistently discontent
A negatively-minded employee is a ‘time bomb’. He or she is able to harm companies in the most unexpected way, either by leaving the team at a critical moment, moving to a competitor, influencing staff to turn against management, or even convincing employees to consider quitting their job. Loyalty to the employer matters a lot when it comes to the effectiveness of a business.
The line between the private and corporate
Personal qualities, hobbies and circumstances often affect the work of an employee as, having entered the office, we don’t automatically switch into robot-mode with a set of professional functions. We are still the people we have always been.
Some personal qualities contribute to work effectiveness, while some might appear harmful. The information security service is responsible for detecting such risks and controlling them – and this is the daily function of IS-specialists. This is conducted at three levels:
- Control of websites (the sources that employees visit) as well as an analysis of an employee’s online search requests.
- Control of communication and discussions in work chats.
- Control of employee activities, including files uploading to the cloud, and sharing information of document through e-mail and social networks, in addition to the copying to devices, sending of documents for printing, or even sending confidential documents within the corporate network.
However, not all risk groups are monitored with equal caution and diligence. The information security service is interested in intercepting direct threats to the company, something that can lead to loss of money and reputation through illegal activities, problems with law enforcement agencies, theft, fraud, and so on.
There will be no immediate consequences if the violation is found to be outside of the high-risk group, although it will help to form a comprehensive opinion when making managerial decisions. This calls to mind the reverse point system, under which if you score 10 points you will fall under the control of information security service. Getting into a risk group may, as a consequence, deprive an employee of potential career advancement, or result in the cancellation of an anticipation transfer to another branch.
The idea that drives the employer when controlling employees is to ensure that personal qualities don’t affect professional ones because, after all, business isn’t run by robots but, rather, by real people.