The Great Wall of China is one of the most formidable defense systems of all times. A military wonder whose sheer scale and magnitude bewilders us to the day. Built over centuries and by successive generations, it called for an incredible will of the rulers of the day, who were willing to go to any extent to secure their borders from marauding armies. The untold suffering of those who built it, the heavy burden of taxes on the common men that went to finance it and the agony and anguish that accompanied the construction are ingredients of many myths that surround the wall.
History stands witness to the fact that the wall had successfully performed the duty for which it was built – holding back the marauding Mongols from reaching the Chinese heartland. History also bears mute testimony to the fact that the only time that the wall was breached was in 1644, when the gates at Shanhaiguan were opened by Wu Sangui, a Ming border general who disliked the activities of rulers of the Shun Dynasty. That’s employee dissatisfaction for you straight from the Ming Dynasty.
How relevant is the issue in today’s context? Surely, with the security guard at the entrance, in the clinically electronic, card swiped environment of the modern corporate office with the fire-walls and the server surveillance, security concerns are well addressed? Well, no and no. On a basic level, the workplace is guarded. That much and no more. For, today the overwhelming concern is information and who has access to what kind of information. Suffice to say, access to the right information by the wrong users can be devastating. And no firewall, can block the misuse if the perpetrator is someone from within.
Remember how a few years back the story of defense secrets being smuggled out by the now ubiquitous pen drive? It is that simple. Since employees often spend a considerable amount of time developing contacts and confidential and copyrighted information for the company they work for, they often feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment.
Getting back to my field, one cannot over emphasise the need to contain and mitigate disgruntlement among employees. An unhappy, dissatisfied employee is more prone to mischief than a satisfied one. As terms like “pod-slurping” and “thumb-sucking” (the intentional or unintentional use of a portable USB mass storage device, such as a USB flash drive to illicitly download confidential data from a network endpoint) get into the mainline corporate lingo, the matters cannot be simply shrugged off any more.
Gone are the days when a disgruntled employee bad mouthed the boss and stole some office stationery. These days, the threats are real. How much damage can one disgruntled employee do? Lockheed Martin’s e-mail system crashed for six hours after an employee sent 60,000 coworkers a personal e-mail message complete with a request for an electronic receipt. The defense contractor, which posts 40 million e-mails a month, was forced to fly in a Microsoft rescue squad to repair the damage caused by that one employee.
On a smaller, but no less disturbing scale, a Forbes Inc. computer technician deliberately caused five of the publisher’s eight network servers to crash as retribution for his termination from a temporary position. All of the information on the affected servers was erased, and no data could be restored. As a result of this one act of sabotage, Forbes was forced to shut down its New York operations for two days and sustained losses in excess of $100,000.
What do you do then? Simple. Address the causes of resentment or disgruntlement. Ensure that the reasons for unhappiness are not only identified but are also taken care of, in a fair and benevolent way. Do not allow angers to seethe. Distinguish potential fires by a liberal use of the extinguisher. And as is instructed on all fire extinguishers, aim the jet at the bottom of the fire and not the flames.
No resentment will mean reduced threat perceptions. However, to ensure double coverage, you can follow the rules that I normally recommend:
1. Create an acceptable use policy for the Internet, Email and Computer systems. And by all means enforce it!
2. Monitor internet usage through the use of a content filtering device. This allows you to restrict what websites accessible to employees. Always restrict access to personal emails. One of the easiest things that an employee can do is “steal” company files by using their personal email accounts.
3. Do not allow employees to access social networking sites like MySpace, Facebook and the like freely. These sites can open you and your company up to an infinite amount of damage by the means of inappropriate content, viruses, and theft. If socially networked they want to be, tell them they are free to do so in personal time and space. However, as your employees are your best brand ambassadors, they can be given full social media access if they are trained and promise to be responsible and follow the rules set out for the purpose.
4. Each employee accessing a company computer and server should have their own username and password. And this password should not be known by anyone else, not even the CEO, or IT staff.
5. Audit your computer files. Most servers can be set up to tell you when a user accessed a file, and if they deleted files.
6. Monitor your server event logs.
8. Use Terminal Servers if possible.
9. Back up. At least once a month try to restore from your backup. 90% of the time business that are backing up their data think they are safe, only to find out when they need to restore that the data is corrupted, or worse was never backed up at all.
10. Let off steam. Use more frequent employee interactions. Get feed backs. Engage them in meaningful conversations. Try and mitigate disgruntlement before they take the form of raging fires.