With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is someone minding the store while all this is going on or should we be doing something more when the banks are going bust?
Malicious action from disgruntled employees is the highest impact, but lowest likelihood staff-related event, writes Jay Heiser, research vice-president at Gartner. However, organisations can expect to experience internal security problems as staff reductions in turn reduce morale. Undoubtedly, there will be malcontent about reductions in stock or bonuses, outsourcing or redundancy.
Brain drain is likely to occur as employees are laid off or outsourced, and some will choose voluntarily to leave.
Huge amounts of sensitive data is already being squirreled away by people who are concerned about their future employment prospects, and that they might not have a job tomorrow, particularly in The City and on Wall Street. As unease spreads through other industries, previously loyal employees will start bringing memory sticks into the office and collecting design documents and engineering material, contact and customer lists, best-practice documents and whatever else happens to be available on their laptops.
Where previous generations of employees would clean out their desks, today's wired workers will clean out their digital desktops, storing gigabytes of content on their personal hardware. Employees who feel they are getting a raw deal may have a propensity to steal data, possibly delete information of value to their employer or commit other acts of sabotage.
Ultimately, there is only so much that can be done to save the morale of employees within a struggling business. Realistically, employees have always leaked huge amounts of data out the door, but this issue needs to be addressed. Few organisations have actually told their employees what information is not appropriate for them to treat as their personal property, so it probably is a time when HR and IT managers need to consider making a new policy and communicating it to their employees. However, that will only result in a minor stemming of the data leakage flood, so organisations that cannot stomach the 'loss' of data need to consider putting in technical controls.
The worst option is to just pretend that this is not a growing problem.