'Information Security' this word has got a lot of power in it! In my MBA Curriculum (Information Security) at Symbiosis Institute, I often heard terminologies like Threats, Risks, Vulnerabilities and many more.
One of the Threat, i would say the most interesting one is - Disgruntled Employees. The reason i call it as interesting because I wonder how can one predict the intention of a Disgruntled Employee. Definitely it could be a risk for an organization but how can you control them? Just by disabling their access rights and controls? Do you think this would be enough?
Disabling/Revoking the access rights of a Disgruntled Employee can be one of the control measure but according to me the most critical and beyond an organization's control is something different - The Knowledge/insights learn by a Disgruntled Employee during his tenure at the organization.
Let me take an example: Ajay, a recent college graduate from a Well Known Technical Institute joined Fysat Technology Ltd. a small scale (50-80 employees) IT company into Services. Ajay was interested into Java Development, he also had sound knowledge of Java. But like every other IT Company, he was put into a Support project. Ajay was disheartened but he took interest and started learning things, he was a quick learner so soon he became one of the best knowledgeable resource of his team. But some senior members of the team couldn't digest the fact, they started troubling the newbie. The poor soul couldn't fight back and he fall prey to dirty office politics.
Time came when the Management announced Yearly Increment, Ajay received least increment, hardly 2%. Reason - His performance was degraded very much, due to some dirty tricks of his seniors Clients escalated many issues about Ajay to Fysat's Management.
Ajay got frustrated within a year though he had good knowledge and technical insights about the work but he couldn't understand and handle managerial things which comes by Experience.
Finally the day came, one fine morning Ajay put his resignation to his manager. Unaware of the facts manager simply accepted it as he thought Ajay is not worthy resource as he was portrayed by his Seniors to the manager. Even his exit interview was not done properly as the HR felt that this a case of inefficient resource getting kicked out of the company.
Ajay was disheartened, frustrated and angry. But his talent and knowledge that he had gain while working at Fysat helped him to get a decent job at Fysat's competitor Eryat IT Solutions.
Eryat is working into same market where Fysat is operating - South East Asia. Eryat is a market leader but since last few months due to a product launched by Fysat, Eryat was feeling the heat. Fortunately for Eryat, Ajay was the guy who worked extensively in supporting the product for some Big Clients of Fysat.
Now what do you think, by just disabling Ajay's accesses on Client Servers/DBs Fysat will get rid of their 'Disgruntled Employee' ? Can Ajay's knowledge and anger about Fysat help Eryat to beat Fysat?
I feel it's responsibility of Ajay's Manager at Fysat to understand the issues faced by Ajay instead of relying on opinions/view given by senior members of Ajay's team. At least HR should had identified the problems faced by the trainee and if possible change his mind to retain him. But as the person was just a year old at Fysat, HR didn't bother about it.
(I have seen IT industry not much but at least for two years such things happen at many of the IT Companies all over the globe)
For Eryat, Ajay might not prove to be the expert to beat Fysat's special product but his knowledge will definitely be used by Eryat to develop something better than Fysat, something which lacks in Fysat's product.
Disgruntled Employee can potentially impact a lot on the companies, I feel there has to be done something more than just worrying about the Access Control of the Disgruntled Employees.
What do you think should be done to prevent such losses which may impact organizations terribly! Do comment to respond :-)
[NOTE: Company names and character name in the above post is fictitious.]
One of the Threat, i would say the most interesting one is - Disgruntled Employees. The reason i call it as interesting because I wonder how can one predict the intention of a Disgruntled Employee. Definitely it could be a risk for an organization but how can you control them? Just by disabling their access rights and controls? Do you think this would be enough?
Disabling/Revoking the access rights of a Disgruntled Employee can be one of the control measure but according to me the most critical and beyond an organization's control is something different - The Knowledge/insights learn by a Disgruntled Employee during his tenure at the organization.
Let me take an example: Ajay, a recent college graduate from a Well Known Technical Institute joined Fysat Technology Ltd. a small scale (50-80 employees) IT company into Services. Ajay was interested into Java Development, he also had sound knowledge of Java. But like every other IT Company, he was put into a Support project. Ajay was disheartened but he took interest and started learning things, he was a quick learner so soon he became one of the best knowledgeable resource of his team. But some senior members of the team couldn't digest the fact, they started troubling the newbie. The poor soul couldn't fight back and he fall prey to dirty office politics.
Time came when the Management announced Yearly Increment, Ajay received least increment, hardly 2%. Reason - His performance was degraded very much, due to some dirty tricks of his seniors Clients escalated many issues about Ajay to Fysat's Management.
Ajay got frustrated within a year though he had good knowledge and technical insights about the work but he couldn't understand and handle managerial things which comes by Experience.
Finally the day came, one fine morning Ajay put his resignation to his manager. Unaware of the facts manager simply accepted it as he thought Ajay is not worthy resource as he was portrayed by his Seniors to the manager. Even his exit interview was not done properly as the HR felt that this a case of inefficient resource getting kicked out of the company.
Ajay was disheartened, frustrated and angry. But his talent and knowledge that he had gain while working at Fysat helped him to get a decent job at Fysat's competitor Eryat IT Solutions.
Eryat is working into same market where Fysat is operating - South East Asia. Eryat is a market leader but since last few months due to a product launched by Fysat, Eryat was feeling the heat. Fortunately for Eryat, Ajay was the guy who worked extensively in supporting the product for some Big Clients of Fysat.
Now what do you think, by just disabling Ajay's accesses on Client Servers/DBs Fysat will get rid of their 'Disgruntled Employee' ? Can Ajay's knowledge and anger about Fysat help Eryat to beat Fysat?
I feel it's responsibility of Ajay's Manager at Fysat to understand the issues faced by Ajay instead of relying on opinions/view given by senior members of Ajay's team. At least HR should had identified the problems faced by the trainee and if possible change his mind to retain him. But as the person was just a year old at Fysat, HR didn't bother about it.
(I have seen IT industry not much but at least for two years such things happen at many of the IT Companies all over the globe)
For Eryat, Ajay might not prove to be the expert to beat Fysat's special product but his knowledge will definitely be used by Eryat to develop something better than Fysat, something which lacks in Fysat's product.
Disgruntled Employee can potentially impact a lot on the companies, I feel there has to be done something more than just worrying about the Access Control of the Disgruntled Employees.
What do you think should be done to prevent such losses which may impact organizations terribly! Do comment to respond :-)
[NOTE: Company names and character name in the above post is fictitious.]
First things first, there is a nice fiction involved here. But personally, I feel this is more of a HR case rather than an IT security case. More than the manager, its the HR who should understand that small things add up to creating a happy and healthy organization. People are the real assets of any firm.
ReplyDeleteHi Mayur,
ReplyDeleteThanks for your opinion, yes this what I wanted to convey that when it comes to Disgruntled Employees - just disabling their controls wouldn't protect the Security in terms of IP breach. We need something more HR/Manager can play a big role in preventing such things!
Thanks,
Gaurav
First of all ajay should have talked about this dirty politics to his manager, also manager should build such a bonding with his team that they can talk about their problems directly with him. Nice post gaurav...
ReplyDelete