Yes, this post’s title is a little dramatic. Chalk it up to my excitement for next month’s release of the latest Star Wars installment, Star Wars Episode VII: The Force Awakens. Revenge of the Rogues seemed way too dramatic and not at all accurate (little bit of trivia for you, Revenge of the Jedi was the original planned name for Star Wars Episode VI) and The Rogues Strikes Back is probably even worse.
In all seriousness though, the word “rise” feels somewhat realistic. Earlier this year we published our eBook, The 3 Types of Rogue Employees - And How to Stop Them, which described the most common types of Rogue Employees you face (The Innovative, The Bad and The Lazy) and steps to keep them in check. Since then we keep hearing about incidents where Rogue Employees do things that put their employers at risk. At a macro level, it’s not slowing down (though on a micro level, we’re hearing just the opposite from customers).
In fact, we’ve identified a number of additional Rogue Employee types that we should add to our Rogues’ Gallery of Employees. It’s important that you know about these Rogues, their tendencies and how those put you at risk, so here’s a rundown.
Some may say that The Curious are a sub-rogue within The Innovative, but I disagree. They are their own specific type of employee because unlike The Innovative, The Curious is not putting you at risk because they’re attempting to do their job more efficiently or productively.
The Curious has access, often times quite a bit of access, but it may not be a granular as you’d like it to be. They may get bored, start digging and realize they have far more access than they should. These Rogues were most likely appropriately granted escalated access as they needed it, but if your system allows them to hold onto all of that access indefinitely, their human nature may lead them to dig around and discover how much they can see. When I was a kid, someone told me that you can make an honest person dishonest by putting them in situations where they’re constantly tempted. That’s the case with a Curious if they’re overprivileged.
I have a good real-world example to share that involved employees that were Curious. I once heard about three network admins who had full access to everything within their company. When they got bored, they’d open executive emails, simply because they had access and could. The eventually got busted because they opened an email that had been previously unopened, and triggered a read receipt. The next day all three were fired and police tape blocked off the network admin room. Investigations were underway to find out just how much they got into.
The Ignorant is a person who typically holds very little access, doesn’t understand the security protocols you’ve put in place and doesn’t know any better when they violate those security protocols.
When I think of The Ignorant, I think about those people who fall prey to the people who call you on the phone to try and gain access to your account - “Hello, I’m with the help desk and noticed some unusual things happening with your account. Can you give me your password and I’ll investigate for you?” The latest is the group that calls and says they’re with the IRS and in order to not be arrested for owed taxes, you must pay them within 24 hours.
Since they are easily hackable, that makes your organization easily hackable. The Ignorant serve as a very vulnerable point of entry for external threats.
The Rebel has an attitude that upper management doesn’t know a thing - they keep implementing these stupid policies and don’t have a clue what they’re doing.
This type of Rogue Employee is a little bit stronger than The Lazy. Actually, if you have a little bit of Lazy, a little bit of Bad and a lot of attitude, you probably have The Rebel. You can get in trouble with Rebels if they’re over privileged because if they have more access than they need, they could transition from a know-it-all-attitude to a Rogue type that has more malicious intent. If The Rebel only has access to do things when he or she needs it, you have a much better control over their activities.
Considered a subtype of The Bad, The Jerk just wants to do mischievous things. They often don’t want to cause substantial harm to the organization, but their intent is usually to inflict some type of minor damage.
The Jerk often arises during conversations with K-12 schools. A student with some technical prowess and a bad attitude can quickly become a Jerk.
Now we’re in full-fledged Bad territory. When we originally wrote about The Bad, we said “The Bad isn’t always a slighted worker out for revenge or a master cyberthief stealing proprietary information.” However, The Vengeful is that slighted worker out for revenge. It’s the type of Bad we all envision when we hear the name. The employee asking for a raise who didn’t get it is The Vengeful, or more commonly, it’s the employee who was terminated.
All Rogue Employees pose serious threats to your organization. It’s important that you take them all, not just The Bad or The Vengeful, seriously. For more information on combatting Rogue Employees, read our eBook, The 3 Types of Rogue Employees - And How to Stop Them.