https://www.facebook.com/tr?id=239616613522127&ev=PageView&noscript=1%22/>

Viewing entries in
Security & Risk

How A Fortune 100 Manager Got Away With Dozens of Sexual Harassment Cases

Comment

How A Fortune 100 Manager Got Away With Dozens of Sexual Harassment Cases

For every headline we see about workplace harassment or bigotry, it’s easy to forget that there are hundreds of stories that never surface. Today’s blog comes from an anonymous employee who recounts an instance of systematic, predatory behavior at one of largest tech companies in America. Their story illustrates the discomfort and trauma that employees (often women) face when toxic behavior is present, and explains why companies must take new approaches to preventing sexual harassment in the workplace.

I am grateful to have had so many positive experiences in the workplace. I worked at my previous company for six and a half years, during a time of tremendous growth in which the company grew from 3,000 to 25,000 employees and became one of the most highly recognized brands in the world. Throughout this time, the focus on culture and community was apparent from the top down and instilled a genuine feeling of family amongst my colleagues and myself. Even after leaving the company a year and a half ago, I still feel it. Four people on my former team became some of my best friends, and I think of my former colleagues as extended family.

So when I discovered that more than a dozen young women – my extended family members – all experienced the predatory behavior of another male colleague through a systematic and premeditated series of inappropriate conversations via an internal company chat tool, I was furious and heartbroken. I discovered this one night at our company’s annual sales conference, where thousands of people in my work family gather each year to connect, learn and grow together. After one of the sessions, I was catching up with friends from other offices when a teammate shared a story about his team dinner from the previous evening…

Comment

Online Screening: The Next Frontier of Insider Threat Detection

Comment

Online Screening: The Next Frontier of Insider Threat Detection

As more and more of our lives move onto the public web, businesses are becoming aware of the degree to which publicly available online information can help them stay ahead of potential risks. Previously, we discussed how online screening can help organizations manage their mergers and acquisitions. However, as the landscape of risk continues to grow, we’re also seeing companies leverage online screening to prevent insider threats—malicious threats to an organization’s security, data, and computer systems that comes from the people within.

Traditionally, businesses have mitigated insider threats by identifying and troubleshooting technical vulnerabilities in the enterprise or responding after the fact. But as more and more employees collaborate with criminal and activist groups, and the cost of the average insider threats reaches $8.7 million per incident, the success of your business can also hinge upon your ability to catch more emotional and qualitative vulnerabilities. How do these “emotional warning signs” indicate a potential attack, and how do you find them before it’s too late?

In this blog, we’ll discuss how employees’ interactions with social media and the public web can lead to costly breaches to information security. From there, we’ll break down the difference between negligent and malicious insiders, and why companies need a sophisticated online screening solutions to safeguard themselves from the full set of potential vulnerabilities.

Comment

The Rise of the Emotionally Intelligent Enterprise

Comment

The Rise of the Emotionally Intelligent Enterprise

The last 18 months have been transformative for the way companies do business. As people pushed corporations to adopt new policies through movements such as the global walkouts at Google, companies that were once driven purely by sales and revenue are starting to change. They are beginning to realize that they will need to take a stance on issues such as harassment and bigotry to remain in good standing. In an age where authenticity and accountability are key, empathy has become a driving force for business success.

However, as sexual harassment lawsuits and global anger reach record highs, and headline after headline continues to rock corporations across industries, the fact remains that companies must actively prove to consumers and employees that they care.

Today, employees and customers look to companies to understand where they stand on major social issues. Many businesses have responded to this trend with well-intentioned PR statements around their corporate culture and policy. However, the bar today has been set far higher than before. Customers and employees often feel that companies can’t gauge their emotions and are increasingly frustrated by well-meaning statements with little follow through. That means that to assuage consumer anger and combat a growing possibility of reputational loss, companies need to demonstrate emotional intelligence, not just a political stance.

Comment

No More Silos: How People Risk Will Change Your Department in 2019

Comment

No More Silos: How People Risk Will Change Your Department in 2019

In the age of social media, anyone can be a journalist. In a recent article about bad employee behaviors gone viral, Erik Deutsch of the LA-based ExcelPR group said that the ability to post anything in real time and make it accessible to the entire world has forced companies to rethink risk management. “If someone was mistreated in a store 15 years ago, they might make a scene and tell their friends, and that would be it,” he says. “Now, they post it online and it can become a sensation.”

As this year’s headlines around workplace harassment, bigotry, and violence suggest, individual departments are struggling to mitigate people-based risk on their own. HR is overwhelmed with paperwork. PR is scrambling to react quickly enough to control the narrative when bad news breaks. Security teams are often ill-prepared to handle allegations that boil down to “he said, she said” disputes. IT is asked to manage a growing set of channels not necessarily optimized for security. The new reality of people risk is exposing major cracks in traditional organizational structures. Unless companies adopt new approaches to people risk management (PRM), it will be increasingly difficult to stay ahead of potential threats.

So what’s on the horizon for people risk management? Moving forward, we will see significant shifts in structure, process, and technology to promote deeper collaboration between HR, risk, digital communications, and IT. While organizations will take a variety of approaches to mitigate these new threats, we predict three general trends…

Comment

5 Ways Social Media Behavior Can Create Security Risks

Comment

5 Ways Social Media Behavior Can Create Security Risks

There is increasing awareness among security experts about how social media behaviors can open the door for insider and outsider threats. However, other than an employee posting a direct threat online, it can sometimes be difficult to know what to look for.

When attackers want to penetrate an organization’s security, they look for vulnerabilities. These vulnerabilities may be technical in nature but oftentimes employees themselves can be the weakest links in a security system. The content that employees post on social media can give would-be attackers clues as to who in the organization might be susceptible. At Fama, we’ve worked with numerous organizations to help them interpret potential risk indicators on social media.

5 examples of social media posts that have left organizations vulnerable to an attack:

1. Complaining about security protocols – We’ve even seen employees complain online about security measures and even state that they don’t plan on abiding by those measures. In one instance, a government contractor had a policy prohibiting employees from bringing company phones to work. One employee complained on Facebook about the “absurdity” of the rule and joked about not following it. By posting these comments publicly, the employee not only encouraged others to ignore the protocols, but also advertises to potential outside attackers that his phone is a potential path into the organization. 

2. Bullying or harassing others online – We unfortunately see public bullying of co-workers on social media. This behavior is obviously unacceptable and hurtful in its own right but it also indicates to outside attackers someone who is potentially hurt, angry or resentful and would have a reason to lash out against the company.

3. Financial desperation – Financial debt is the second leading cause of insiders turning rogue[1]. An employee talking about student loan debt but not be a problem but when an individual starts talking about financial problems with emotional desperation it is an indicator that they may be willing to do something extreme.

4. Badmouthing the corporation – While most insider threats are motivated by financial gain, employees who are happy with their jobs and their companies are less likely to take such an extreme step. An employee who talks about hating their job, hating their boss, or calling their company “evil”, is more likely to rationalize self-serving behaviors.

5. Revealing sensitive client information – Revealing privileged information is a problem that you need to know about. When someone seems to talk too freely about clients or corporate IP, even if it’s not a direct privacy breach, it is an indicator that this person is likely to share information that he probably shouldn’t.

Make sure that your organization has clear policies for what is acceptable for your employees to post online. Have process in place to ensure that those policies are being followed because a policy with no enforcement might as well not exist. Finally, make sure you have options for how to act in the event a policy was violated whether it be further training, restrictions, or more serious action steps. We'd love to tell you more about how Fama can work with you to identify these kinds of risks at your organization.

Contact us at [email protected] if you’d like to learn more.

[1] “Insider Threats and the Need for Fast and Directed Response,” SANS Institute, 2016.

Comment