Upload
zubeditufail
View
10
Download
0
Embed Size (px)
Citation preview
7/24/2015 The enemy within | The Economist
http://www.economist.com/node/21659776/print 1/3
Schumpeter
The enemy withinRogue employees can wreak more damage on a company than competitors
Jul 25th 2015 | From the print edition
EMPLOYEES are often said to be a company’s
biggest resource. It is equally true that they are its
biggest liability. Scarcely a week goes by without a
company falling victim to employeesturned
enemiesorembarrassments. On July 20th Ashley
Madison, a website for married people looking to
have an affair, announced that it had been
hacked. Noel Biderman, the company’s chief
executive, says that he thinks the attack was “an inside job”. On July 6th HSBC fired a group of
employees when it emerged that they had filmed themselves engaged in an “ISISstyle mock
beheading” of an Asian colleague dressed in an orange jumpsuit.
The most familiar type of enemy within is the fraudster. The Economist Intelligence Unit, a
sister organisation of The Economist, conducts a regular poll of senior executives on the subject
of fraud committed by insiders. In 2013 the poll discovered that about 70% of companies had
suffered from at least one instance of fraud, up from 61% in the previous survey. Fraud is often
petty: a survey of British employees for YouGov in 2010 found that a quarter of staff eligible for
expenses admitted to inflating claims. But fraud can also be more audacious and more harmful:
think of former employees setting up rivals using stolen technology and purloined client lists.
Even more dangerous than the fraudster is the vandal. Thieves at least have a rational motive.
Vandals are driven by a desire for revenge that can know no limits. David Robertson of K2
Intelligence, a company that specialises in corporate investigation, recounts the story of a British
manufacturing company that was undergoing restructuring. A member of the information
technology department discovered that his name was on the list of people whose services would
no longer be required. He built a “backdoor” into the company’s IT system from his home
computer and set about wreaking damage—deleting files, publishing the chief executive’s e
mails and distributing pornographic pictures.
7/24/2015 The enemy within | The Economist
http://www.economist.com/node/21659776/print 2/3
Some enemieswithin start out as star employees. A striking number of the worst corporate
scandals in recent years have been the work of highflyers who bend and then break the rules in
order to please their bosses. Barings, a collapsed British investment bank, showered Nick Leeson
with rewards before it discovered that he had produced his outsized results because he took
outsized (and unauthorised) risks.
Other enemieswithin are the very opposite of highflyers. The HSBC execution squad are only
the latest example of lowlevel employees who have either wittingly or unwittingly used the
power of the internet to blacken their employer’s reputation. In April 2009 two employees of
Domino’s, a fastfood chain, posted videos of themselves “abusing takeaway food”. And in July
2012 a Burger King employee posted photos of himself online which showed him standing in a
tub of lettuce in filthy shoes along with the caption “This is the lettuce you eat at Burger King”.
One of the most effective ways for outsiders to damage a company is to strike up a relationship
with an insider. This can sometimes be fairly crude: bribing a cleaner to replace a keyboard with
a carefullymodified lookalike or swapping a USB stick for a virusladen doppelganger. But it is
often more sophisticated. Many of the biggest corporate disasters in recent years are likely to
have involved collaborators. Security experts suspect that the hackers who stole the personal
information of about 40m customers from Target, an American retail chain, in 2013 may have
had help from insiders (the store refuses to comment).
What can companies do to reduce the threat from these wolves in sheep’s clothing? A lot
depends on which particular sorts of wolves you are dealing with: traps that work for vandals
may not work for fraudsters, for example. And even the bestmanaged companies are fighting
an uphill battle. Information is getting harder to control. A single USB stick can contain more
data than 500m typewritten pages. A mobile phone can be hijacked and turned into a listening
device. People regularly log in with their electronic devices in crowded places where they can be
watched, filmed or hacked.
Fifth column, three principles
Yet three precepts are always worth bearing in mind. The first is that firms need to focus on the
people who have the greatest capacity to do harm—those who control the money and
information. The more complicated companies become, the harder it is to identify where power
really lies. But one thing is clear. The more dependent on information firms get, the more IT
specialists can compromise the whole business. The least companies can do is to keep a careful
watch on the IT department—and, if you’re going to sack somebody from that team, do so
immediately.
The second is that the human touch is still invaluable. Companies can certainly strengthen their
7/24/2015 The enemy within | The Economist
http://www.economist.com/node/21659776/print 3/3
hand by installing software that can identify anomalous behaviour or monitor email, or by
employing forensic accountants to doublecheck the accounts. But rogue employees are usually
a step ahead of their employers: they will simply shift to text messaging if they think that their e
mails are being watched. Companies can probably do more by listening to company gossip.
Corporatesecurity firms get some of their best results by using “spies” to hang around in the
smoking room or go out for drinks after work.
The best way to fight the enemy within is to treat your employees with respect. And this third
principle is where many firms fail. They may embrace the rhetoric that nothing matters more
than their people, but too many workers feel that nothing matters less. According to a recent
survey by Accenture, a consultancy, 31% of employees don’t like their boss, 32% were actively
looking for a new job, and 43% felt that they received no recognition for their work. The biggest
problem with trying to do more with less is that you can end up turning your sheep into wolves
—and your biggest resources into your biggest liabilities.
From the print edition: Business