search menu icon-carat-right cmu-wordmark

Preparing for Negative Workplace Events - Managing Employee Expectations


Hello, this is Randy Trzeciak, technical team lead for the Insider Threat Research Team at the CERT Insider Threat Center. This blog post is intended to serve as a reminder to organizations about the impact that an organization's actions can have on employees. Additionally, I want you to ask yourself the following question, what are you doing to manage employee expectations during negative workplace events?

When organizations are faced with difficult decisions, such as downsizing, reorganizations, mergers or acquisitions, the inability to give raises or bonuses, and so on, consider the employees who are impacted by such decisions. If you recall, our MERIT IT Sabotage Model, the one precipitating event that contributes to employees being disgruntled is negative organizational workplace events. When these events occur, it is essential that organizations communicate clearly with their employees as well as attempt to properly manage employee expectations.

While reviewing the cases in our database it became clear that a potential motivator in multiple incidents of insider IT sabotage and theft of intellectual property could be linked to this issue. We found that unmet expectations may have been a contributing factor to a disgruntled employee's decision to harm an organization. We are not saying that by talking to your employees you are immune to an incident such as a disgruntled system administrator exacting revenge by harming your IT systems, or a scientists taking intellectual property when they leave work. However, you do have a better chance of managing employee expectations by keeping the lines of communication open prior to a negative workplace event.

Also, you may want to consider implementing additional technical controls to protect critical assets in case these negative workplace events occur. Consider monitoring access to critical assets during this time of increased stress. This will allow your organization to detect if critical assets are being accessed, modified, downloaded, emailed, or printed by individuals who are not authorized to do so. Be sure to work with your legal counsel prior to implementing any monitoring strategies to ensure compliance with federal, state, and local laws.

To summarize, in today's tough economic climate, organizations are forced to make difficult decisions to ensure their financial stability. Consider the impact those decisions will have on your most critical asset, your employees. It is important to consider what you can do to manage employee expectation and how your organization can best use technology to enforce that only authorized individual are able to access your information, technology, and facilities.