Motivated, information security policye-aware employees are the best defence

Keeping employees motivated is the best way to ensure you have satisfied customers, and if it is an employee's responsibility to keep the customers happy, then it is management's responsibility to keep the employees happy, writes Chris Parker.

Employees are looking for a clear understanding of what their job is about, and how it contributes to the strategy of the company; for fair and transparent compensation for their work. If they are really fortunate, they may even have an emotional investment in the deeper purpose of the organisation.

Not surprisingly, it is these same things which motivate employees to not commit fraud. There are always exceptions due to pressures in the employee's life outside managements control. However it should not be surprising that the 'fraud triangle' of opportunity, pressure and rationalisation, as described by Joseph Wells in Occupational Fraud and Abuse is typically resolved by common sense management. Treat your employees well, and they will be less likely to steal from you.

This is particularly relevant with your IT staff, where these employees with high levels of rights are able to access the ever increasing amount of customer information and other sensitive data. You can, and you should, do all the right things in the area of physical controls, policy enforcement and ensuring a high level of awareness. We all know that at the end of the day, none of this will actually keep your company completely secure and safe, and it is often the judgement of the employee which determines whether the company is harmed or not.

Providing good management based on common-sense is not always easy. Sometimes jobs need to change, and parts of jobs make no sense but need to be completed in a certain way due to historic bureaucracy. Sometimes compensation for one employee simply won't fit in the standard rules, and usually other employees learn about this. Sometimes business decisions need to be taken which are counter to the stated purpose and brand position of the company. This stuff all happens every day. The question is how you deal with these challenging events. Will you lie to your staff with nonsense reasons in an attempt to justify the decisions? Or will you simply acknowledge that sometimes unusual things happen and instead focus on establishing a history of fairness and transparency? When difficult decisions need to be taken, which approach do you think will result in the more motivated employees?

What I like most about ensuring your employee perimeter is solid and motivated is that this can also help to fund your security projects which are otherwise hard to get approved. If your employees are there to keep your customers happy, and management is there to keep the employees happy, then the customers are surely there to keep your shareholders happy! If your upper management also understands that motivated employees are good for business because it helps secure revenues and avoids fraud-related costs, and if their shareholders are also happy with the return, then you have a great environment to start discussing the next investment you believe is required to make your company just a little more secure than it is today.

Chris Parker is senior vice-president and chief information officer of LeasePlan Corporation. He will speak on "The Consumerisation Of IT - The Dawn Of The B.Y.O. Business" at Infosecurity Europe 2011 at Earls Court, London, 19 - 21 April