Keep your resourceful employees from going rogue

by Dwayne Natwick 
Your employees are smart — that’s why you hired them. Unfortunately, they sometimes apply those creative problem solving skills in ways that might compromise the security of your company’s data.

We often think of breaches stemming from malicious behavior, but risks can also occur when employees are simply looking for workarounds to address the limitations of the technology at their disposal. Whether it’s creating an Outlook® rule to forward work mail to a personal device or using an unsecured file transfer system because it’s more effective than what the company provides, these employees are adept at getting past restrictions so they can work the way they want to.

Luckily, many of these common threats can be addressed through effective communication and standardization around approved, secure technologies.

​It’s crucial that you’re able to get an honest assessment of the situation, so your workers must feel free to share without fear of reprisal.

Step 1: Evaluate the risks

Your first move should be to take stock of how your employees are currently using technology in order to identify behaviors that may pose a security threat. Many of these risks are tied to the way files and information are transferred, stored and shared, so it is especially important to evaluate how information moves through — and out of — your organization.

For instance, how do your employees currently send files that exceed the file size limits of your corporate email system? Are they using a personal cloud-storage service such as Dropbox, Google Drive or OneDrive? Are they physically transferring files via unsecured USB drives? Employees may feel that these processes are a necessary part of getting their jobs done, but it also puts company information outside of any security systems you have in place.

The best way to learn how your employees work with technology is straight from the horse’s mouth. Ask them about the processes they are currently using and make it abundantly clear that they will not be in trouble if everything they’re doing hasn’t received the company stamp of approval. It’s crucial that you’re able to get an honest assessment of the situation, so your workers must feel free to share without fear of reprisal.

Step 2: Work together to find solution

When you have a handle on how things currently work, you can set your sights on how they should work. Understanding the frustrations that employees feel about the technology you provide will help you get at the root of their risky behavior.

Soliciting feedback can go a long way towards identifying common pain points that cause workers to circumvent your security. And if you involve them directly in the selection of technologies that you will use to address those frustrations, you greatly increase the likelihood that they will actually want to use the tools you provide.

One area where your workers are likely to have strong opinions is how they access emails and company files on personal devices. The “bring your own device” (BYOD) trend has become an accepted norm, as evidenced by a 2014 study which found that nearly 60 percent of workers access company networks through personal devices.1 If employees are doing this surreptitiously, it may be because they are wary of handing over authorization to wipe all of the data on their personal device. Working with your IT team or managed services provider to implement a mobile device management suite that uses app containers to only wipe corporate data in the event of loss or theft is a good example of a solution that strikes a balance between employee concerns and security needs.

​Many of your employees are likely unaware of the threats their behavior can pose, so educating them on security best practices can also help curb misuse.


Step 3: Educate and maintain an open dialog

You’ve developed an understanding of the risks within your organization, and decided on what technologies and policies to implement in addressing them. Your final step is ensuring that these changes stick and that your employees don’t slip back into bad habits. It’s vital that you train them on any new tools you’re providing to increase the probability that they actually get used.
Many of your employees are likely unaware of the threats their behavior can pose, so educating them on security best practices can also help curb misuse. It’s important to keep in mind that the needs of your employees and your organization are fluid and this is an ongoing process. Ensure that all new hires are trained on security policies and schedule yearly refreshers to keep current employees up to speed and identify any new technology challenges they are facing.

Evaluating and addressing your risks through this worker-centric lens will not only fortify the security of your organization, it will also increase employee satisfaction with the technology you provide and make them more productive. Ultimately, remember that the best way to keep your employees from going around your security is by providing them with solutions that make it unnecessary.

Put an end to DIY IT

Root out the risky behavior that puts your business at risk with the help of our business experts.
Author Icon
Dwayne Natwick, Senior Product Manager with mindSHIFT Technologies, a Ricoh company, manages the service offerings for cloudSHIFT℠ Hosted Desktop, Managed IT Services and security services. Natwick has worked in the voice and data industry for more than 30 years, and has a Master’s degree in business information technology from Walsh College. He also is a certified CISSP from ISC2 and received his PMP from the Project Management Institute.
1Tony Bradley. "Survey: BYOD security remains spotty, with users unaware or unmotivated about risks". PC World. October 2, 2014. http://www.pcworld.com/article/2690359/survey-byod-security-remains-spotty-with-users-unaware-or-unmotivated-about-risks.html
Cookie Policy

Ricoh uses data collection tools such as cookies to provide you with a better experience when using this site.
You can learn how to change these settings and get more information about cookies here.