search menu icon-carat-right cmu-wordmark

Negative Issues in the Work Environment (Part 5 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Tracy Cassidy

The fifth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 5: Anticipate and manage negative issues in the work environment. In this post, I discuss the importance of understanding organizational issues that may cause employee disgruntlement, being proactive, and identifying and responding to concerning behaviors in the workplace.

The CERT Division announced the public release of the fifth edition of the Common Sense Guide to Mitigating Insider Threats in December 2016. The guide describes 20 practices that organizations should implement across the enterprise to mitigate (prevent, detect, and respond to) insider threats, as well as case studies of organizations that failed to do so. The fifth of the 20 best practices follows.

Practice 5: Anticipate and manage negative issues in the work environment

To reduce the risk of employee disgruntlement, many times caused by a perceived injustice done to the employee by the organization, it's essential to manage employee expectations and consistently enforce policies. The organization should also be aware of how events, actions, and conditions in the workplace can impact its employees. These changes can include reducing the workforce, transferring employees, mergers and acquisitions, or other events that have a negative impact on the workforce.

Stressors both internal and external to the organization can impact employee performance and behaviors. One way to manage this impact is to provide employees with adequate support and resources. Employee assistance programs (EAPs) can provide a confidential place to discuss external stressors, such as financial, professional, or personal, such as caregiver issues. Human Resources can also provide a confidential resource for employees to address organizational stressors.

There are other ways that organizations can manage changes and expectations in addition to providing support and resources to their employees. Organizations can regularly communicate and provide information to their employees about their policies and practices. Employees should be informed on their first day about the organizational policies and practices they are required to follow. For example, organizations should talk to employees about the acceptable use of computing systems and data, working hours, conflict resolution, acceptable workplace behavior, and career development.

All employees, new and old, need to understand the organization's policies and practices as well as the potential consequences for violating them. This approach gives employees a clear understanding of what is expected of them and decreases potential disgruntlement.

Raises and promotions can also affect the workplace environment. Employees can sometimes expect to receive these incentive-based awards based on their past experience with the organization. It's important for the organization to clearly address how raises and promotions are decided, especially when related policies and practices are changing, to set realistic expectations. Furthermore, providing employees with positive incentives for good work can aid in decreasing the risk of insider threat. For more information on this, please refer to CERT publication The Critical Role of Positive Incentives in Reducing Insider Threat.

Enhanced security measures and extra vigilance may be necessary during times of financial uncertainty, including when there is a pending workforce reduction or when a contract period is about to end and a new contract is not in place. Security measures may include enhanced monitoring of employees who exhibit personnel issues such as repeated disagreements with coworkers or repeated violations of acceptable use policy. All applicable components of the organization including but not limited to Human Resources, IT and Corporate Security, should be made aware of potential organizational changes so that they can monitor employee reactions and determine the need for additional resources or support.

A critical aspect of anticipating and managing negative issues in the work environment is having an open and transparent management team that communicates organizational changes to its employees. This approach empowers and educates employees and helps them feel respected by the organization, potentially mitigating future insider threat.

Refer to the complete fifth edition of the Common Sense Guide to Mitigating Insider Threats for a comprehensive understanding of the issues and recommendations mentioned in this post.

Check back next week to read Practice 6: Consider threats from insiders and business partners in enterprise-wide risk assessments, or subscribe to a feed of the Insider Threat blog to be alerted when a new post is available.

For more information about the CERT Insider Threat Center, see, or contact

Get updates on our latest work.

Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.

Subscribe Get our RSS feed