Get All Access for $5/mo

Identify and Stop Rogue Employees Before They Become a Security Threat There are three types of rogue employees: The Innovative, The Bad and The Lazy. Here's how you can identify and stop them in their tracks.

By Troy Moreland Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Our age of seemingly limitless technological advancements are rapidly transforming every aspect of our lives, particularly what it means to go to work in the 21st century. But this has also led to the likelihood that employees are using tools outside the scope of what their employers allow (think: cloud-based computing, storage and file-sharing tools), unintentionally jeopardizing the security of their organization.

Companies often overlook these rogue employees, despite the fact that they pose just as serious a threat as employees with malicious intent -- and even more for many organizations. There are three types of rogue employees: The Innovative, The Bad and The Lazy. Here's how you can identify and stop them in their tracks:

The Innovative

They are creative, curious, ambitious, resourceful and efficient. They have a relentless drive to get the job done and even a healthy dose of rebelliousness. Unfortunately, their effectiveness and independence can prove to be seriously deleterious to organizational security.

Related: 3 Tips for Legally and Ethically Monitoring Employees

These ambitious employees will seek out workarounds to improve their performance, even if that means bending the rules. Curious workers and early-adopter types might be fascinated by the latest and greatest technology advancements and enjoy trying them out. Others might feel constrained by onerous rules -- rules that they resent for slowing them down, and rules they view as intended for those less capable and less trustworthy than themselves.

The rise of BYOD working environments, mobile apps and cloud-storage solutions further enables such behavior, adding convenience with each advance in capability.

The reason The Innovative rogues can present such a danger is precisely because they are great at their jobs. But the danger their ruthless efficiency presents to the security of an organization should not be underestimated.

The Bad

It's easy to picture this variety of rogue employee: hackers, thieves and spies. But it's not always so Hollywood. Disgruntled employees with access to highly secure information and enough of a grudge to exploit it, slighted workers who dramatically quit and steal proprietary information and terminated employees determined to exact revenge are The Bad employees to look out for.

Related: How to Create Security Awareness at Your Company

The most prevalent example of The Bad might be the Access Hoarder, who demands to be involved in as many processes and systems as possible, even ones far removed from his or her role. But as they accrue access to more and more systems, the risks they pose also add up.

It's not only about them having the ability to see, share and potentially alter or steal sensitive information. It's also about the long lists of log-ins and passwords they leave in their wake, which increases the likelihood of some accounts being underused or forgotten.

Rarely will you see a scary headline explicitly mention how an Access Hoarder almost brought down a company. The reality, though, is that even in high-profile breaches, when the bad guys do break through an organization's perimeter security controls (e.g., firewalls), their first priority is often commandeering an account — and it's exactly these types of over-privileged accounts that serve as prime targets.

The Lazy

For any organization, the leading cause of risk is laziness. These employees may not be concerned with following drafted protocols -- that is, if they even understand them or know they exist at all.

Perhaps they store their usernames and passwords on post-it notes, or use Dropbox instead of a sanctioned storage and file-sharing service, because it's all they know and they don't want to learn something new. All the while they have no idea that their insistence on circumventing corporate policies opens up their organization to serious risk.

Even scarier might be a systems administrator who turns out to be part of The Lazy rogues. Maybe they grant access to people in the organization they're friends with and trust, rather than taking the time to go through proper channels, documentation and authorization.

Education, training, constant monitoring, severe access restrictions -- these might help alleviate the problem, but they are in no way fool-proof solutions to the threat posed by rogue employees of any type.

The surest course of action to protect the data, privacy, and stature of your organization is to use identity and access management software to automatically grant access to resources only when an employee needs it. This eliminates the ability of employees to access information they shouldn't be able to see, stopping them from going rogue even by accident.

Related: 5 Cutting Edge Ways to Combat Employee Theft

Troy Moreland

Co-Founder and CTO of Identity Automation

Troy Moreland is the co-founder and CTO of Identity Automation. He has more than 20 years of experience, including leading efforts to select, design and deploy one of the first commercially successful identity management implementations in the U.S. Since founding Identity Automation, Moreland has designed and implemented identity management solutions for hundreds of organizations.
 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Franchise

The Top 10 Coffee Franchises in 2024

From a classic cup of joe to a creamy latte, grab your favorite mug and get ready to brew up success with the best coffee franchises.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

'Jaw-Dropping Performance in 2024,' Says a Senior Analyst as Nvidia Reports Earnings

Nvidia reported its highly-anticipated third-quarter earnings on Wednesday.

Marketing

How Small Businesses Can Leverage Dark Social to Drive Word-of-Mouth Marketing

Dark social accounts for 70% of social media shares and is crucial for small businesses. Here's how you can tap into this hidden marketing opportunity.

Business News

'Do You Sell Cars?': Tesla CEO Elon Musk Trolls Jaguar Rebrand on X

The team running Jaguar's X account was working hard on social media this week.