Article by Felix Nater, President, Nater Associates, Ltd.
Security Management Consultant
Recipient of the 2005 Long Island Works Coalitions Workforce Builder's Leadership Award: Small Business Category
"A small business that applies common sense and flexibility to achieve the best value."
Workplace Violence includes a new, emerging threat that causes concerned managers considerable angst, so say a variety of current surveys and research...
While traditional company approaches suggest that the problem typically deals with the hostile behavior of a disgruntled employee or the escalation of disputes between employees, security directors also include the risk posed by the armed robber and the opportunity criminals.
That was the traditional perspective. Not factored into the traditional equation is the calculated threat posed by the "Insider" who has privileged access to the company Intranet, company files, remote access and management, and oversight via his or her computer. The advent of remote access has further muddied the waters.
New, non-traditional approaches to the Prevention of Workplace Violence and Workplace Security do not disqualify any potential threat to the safety and security of the workplace, hence the discovery of new more potent threats. These new approaches require an analytical perspective that looks beyond the walls and into the world of minimized detection and maximum damage.
No longer should responsible officials limit their scope to preventing escalation of violence between employees. New, harder-to-detect methods have arisen for employees to exact revenge or "make a point".
One new retaliatory measure at employees' disposal involves network "privileged access". Devastating damage can be inflicted using such access. While we await the other "Threats from Within - the Terrorist" to strike, the new "lying in wait" culprit is the "privileged user" who might be a current employee, former employee, vendor or contractor with access...who has an ax to grind or score to settle.
What makes this perpetrator extremely dangerous and drastically effective is access. The physical access controls that deny unauthorized intruders do not deny the privileged user access.
"For many years external security threats received more attention than internal security threats, but the focus has changed. While viruses, worms, Trojans and DoS are serious, attacks perpetrated by people with trusted insider status - employee, ex-employees, contractors and business partners-pose a far greater threat to organizations in terms of potential cost per occurrence and total potential cost than attacks mounted from the outside". ("The Enemy Inside", Kristin Gallina Lovejoy, CSO, April 2006).
Following this thought process, one quickly surmises the magnitude and capability of this perpetrator's reach. Gone are days of risking exposure; this perpetrator chooses to wait for the opportunity, lay a trap, sabotage systems, disrupt operations and even transfer company files to competitors. "Getting even" takes on new dimensions.
And so, now we have a new, broader profile and threat to contend with. The traditional "going postal" profile: Males, 17-60 years of age, holds a technical position, being married... does not matter any more.
The new profile is racially and ethnically diverse and can come from a broad pool of employees. These are the new suspects. Common amongst perpetrators, though, is the perception of victimization and revenge and the facility of theft of information, conflicting interest, abuse of privileges and disgruntled behavior. Whereas the act of violence is physical in orientation, the Internet or Computer Predator chooses this medium of retaliation that is cleaner and has a faceless victim.
An employee of a major government agency, feeling victimized by coworkers and sensing no intervention by management, resorts to acts of retaliation and revenge.
Initially he adapts to the common threats of physical harm, which include use of his vehicle, and verbal threats through the escalatory phases, which included death threats. Fortunately, he did not ever get the chance to deliver on his believed threat. While searching the internet for bomb making materials, his unsuspecting supervisor happened on his computer terminal accidentally, as he returned from an early lunch. He found the employee browsing at what appeared to be a bomb-making website.
Sensing a serious breach of user privileges, superiors were notified and the computer was isolated and confiscated. An examination of the hard drive revealed an interesting forensic footprint.
Upon investigation, it was disclosed that the employee was on the last phase of his bomb-making venture, having left the purchase of the last ingredients as the last step.
The employee admitted to his actions but denied his intentions. Because his intent was not clearly established, no criminal charges were lodged. Suffice it to say, anyone can see the potential for, and potency of the power of abuse, for a computer with its built-in tools.
Why does this new approach matter? It matters because the workplace is the most exposed target for any predator with a revenge motivation, a terrorist bent or driven by greed and manipulation. Countermeasures call for a return to astute vigilance and new policies.
What can you implement immediately? Change passwords for ex-and former employees. Lock out contractors, vendors and business partners at the conclusion of official business dealings, and establish clear policies, guidelines and procedures - with consequences for breaches and criminal violations.
To efficiently evaluate all visible and camouflaged areas of risk, create experience-based policy development by consultation with a qualified security consultant.
When the policies have been set, secure the mindset and daily habits of managers and employees with follow-up implementation and education by the security consultant.
Not every company is fated to become a victim statistic in a publicized study or survey. Use a broad, new approach. In addition to securing against Workplace Violence using traditional methods, protect against the new, emerging threats that cause concerned managers considerable angst, engage a Security Consultant when necessary, and protect the health of employees and your business.
Article by Felix P. Nater
Posted with permission of Author.
Excerpted by webmaster,
"I help company executives stop worrying about the threat of workplace violence and workplace security." - Felix P. Nater, President, Nater Associates, Ltd.
|Please click on this link http://www.naterassociates.com/media/video/nater.html to launch my video. Please pass me along to others who may benefit from my services. |
Felix P. Nater, President
Nater Associates, Ltd.
Security Management Consultants
116-03 Parkway Drive
Elmont, New York 11003
Office: 1877-VALU101 or 516-285-8484
To sign up for Mr. Nater's Security Etips free newsletter click on this link:
http://www.mailermailer.com/x?oid=11730h. Visit my website: www.naterassociates.com.