Human Resources/Risk Managers have become increasingly familiar with violence in the workplace and the warning signs of a threat potential for physical violence. However, malicious, digitally-based threats have appeared in the workplace as a new weapon for the disgruntled employee to perpetrate malice or unwanted pursuit. There have been increasing reports of cyber-stalking, email/SMS based harassment, sabotage, theft of intellectual properties and similar malicious behaviors in the workplace. These digital threats are emerging as a new variant of workplace violence.
Physically-Based vs. Digitally-Based Threats
The warning signs of physically-based threats are easy to spot; invasion of personal body space, hostile remarks, visual states of agitation, boundary probing, a clothing bulge that resembles a weapon.
Physically-based threats are often in close proximity of the target/victim, be it reactionary or predatory in nature. Digitally-based threats differ in that they are non-proximity sensitive. Some examples are identity theft, cyber-stalking, unauthorized access to email and voicemail accounts, spoofing (digital identity masking, disguises, aliases or online camouflaging), deletion/removal of files as well as defacement of web pages and inappropriate or libelous information made available on the Internet.
Barriers, What Barriers?
Physically threatening behaviors often occur in public settings and involve levels of commitment and accountability, desired or not. Psychological barriers towards these inappropriate behaviors are often present.
Digitally-based threats are often perpetrated privately and the lack of accountability and inability for discovery are often strived for: the psychological barriers have diminished through the anonymity of a keyboard. A disgruntled employee who is IT savvy can perpetrate unwanted pursuit or mayhem anonymously from the convenience of his home and away from public scrutiny.
There are many approaches to threat assessments, contingent on circumstantial and environmental variables. Subcomponents of a comprehensive threat assessment often include psychological, sociological and organizational risk factors. Let’s focus on these subcomponents and any presence of risk factors as it applies to a disgruntled employee and a digital threat potential.
Psychological Risk Factors
Things to watch for in technologically competent employees would be a high sense of entitlement, hostile or passive/aggressive behaviors, control issues, a low accountability for own behaviors, a history of depressions or obsessions, poor anger management and low frustration tolerance.
Sociological Risk Factors
Questions eliciting sociological risk factors include: Does the employee have a victim mentality, or need the “last word”? Is he or she a “drama creator”, damaging workplace morale? Does he or she have very poor people skills, tending to stay to his or herself? People who have an interest in hacking, attending DEFCON conventions may also give signs of concern. Internet savvy employees experiencing stressors such as financial and relationship problems who exhibit poor social boundaries, conducting unwanted pursuits of other people should be seen as a threat.
Organizational Risk Factors
Search your networks for possible inroads to delicate information or operation systems. Check for vulnerable intellectual properties, databases and internal memos, as well as Human Resources data. Does the business allow unmonitored data transfers to portable drives? If password management is vulnerable, or there are difficulties in assessing vulnerability in the IT department, this could be a disaster waiting to happen. IT departments and Human Resources departments need to have open communication to avoid leaving data crumbs that can be exploited by those with malicious intent.
With the pervasiveness of information technologies interwoven throughout our daily lives, one should not underestimate a tech-savvy disgruntled employee’s ability to have a devastating impact on businesses and institutions. Development of programs and systems to prevent digital threats should be taken as seriously to prevent workplace violence.