On November 28 WikiLeaks began releasing a number of secret US diplomatic cables. They have continued – and will continue – to release more information affecting both the government and banking sectors. The incident has brought to light the risks that disgruntled employees may present to an organisation. The WikiLeaks website relies on whistleblowers to leak information. Although the identity of the insiders is protected, it has been suggested that former employees have been responsible for a number of the leaks.
Risks Posed by Disgruntled Workers
There are a number of significant risks that disgruntled employees pose. These acts may vary in terms of the malicious intent, the public profile of the content and the motivation of the individual.
As WikiLeaks has demonstrated, employees (or former employees) can be willing to release sensitive information into the public domain:
- In 2008, a senior employee figure within the British National Party was fined for releasing the party’s entire membership list, including members’ names, addresses, phone numbers and occupations
Malicious Product Tampering
Organisations can spend considerable time and resources creating a brand image that carries with it consumer confidence. All of this can be shattered if a disgruntled employee or member of the public maliciously tampers with a product.
- In 2008, it was reported that a well-known Sydney hotel allegedly served human faeces to a customer in an ice-cream. The negative fall-out demonstrated how such an incident can have a significant negative impact on the brand
Stealing IP on Departure
The intellectual property of an organisation can be incredibly valuable: there have been instances where employees, upon leaving the organisation, take (or are accused of taking) IP with them. This is common when the former employee is to start working for a competitor.
- In 2007, the Ferrari Formula One team alleged that a former employee passed on technical information to the McLaren team. Earlier that year, this employee had made public his dissatisfaction with Ferrari, and had announced plans to consider moving to another team
Minimising the Risks Posed by Disgruntled Workers
There are a number of measures organisations can take to reduce these risks.
Thorough background checks should be conducted for employees working in areas exposed to sensitive information. The obvious check includes a Criminal History Check, but it also may be worthwhile to determine why potential employees left their previous place of employment, and whether the employment ceased on a good note.
Some organisations patrol social media sites to determine what their employees are saying about the organisation. By doing so, they may able to identify disgruntled employees before more significant damage is done.
Another step is to ensure staff sign a confidentiality deed.
Once the announcement of employment termination or resignation has taken place, swift action may be required to minimise potential damage:
- Restricting access to confidential documents
- Changing passwords to restrict access to vulnerable systems
- Place employees on “gardening leave” – that is, paid leave for the remainder of their contract notice period
While there may be debate about whether the information posted on WikiLeaks is in the public interest, there is no doubt that it is in all companies’ interests to prevent disgruntled workers from being in situations where public malicious and damaging behaviour is possible.