Whomever you hire—ex-cons, Harvard grads, or combinations of the two—know how to respond to the common criminal motives.
Jay BloomBecker, a top computer crime expert, sums up one of the main motives by quoting the title of a collection of Doonesbury comic strips: But the Trust Fund Was Just Sitting There.
Reduce the temptation. Let your people know there’ll be surprise audits—and mandatory vacations. A thief busy slicing salami might be loath to take too much time off, lest his or her replacement catch on to what’s happening. Likewise, consider rotating duties every few months and also divvying them. People who write checks with computers, for example, ideally won’t be the ones approving them; in a small business, of course, this might not be possible.
The old need-to-know policy, of which the military is so fond, may also increase the criminals’ risks—by increasing the need for collusion. This, too, isn’t always possible, and it could boomerang. If employees aren’t supposed to know what their colleagues are doing, maybe a thief would actually have less chance of being noticed.
Also, tell people that stealing—even small amounts from a large company—will hurt. If you can’t prove how it will hurt the corporation noticeably, then you’d better make a good case that it will hurt them. Pretend you’re a department store warning the nimble fingered: “All will be prosecuted.” Well, within bounds. You needn’t fire and prosecute a thirty-year man because he once used a company micro to calculate his average golf score.
But do remind your employees of the applicable theft-of-service laws, larceny ones, and others.
Not that electronic theft is your only problem. Whiteside tells of a computer-ridden North Carolinian, working for an insurance firm, who reportedly shot a handgun several times at the hated machine. And Harold Joseph Highland offers another cautionary tale. Executives at an East Coast firm fired a crabby woman, then returned the next Monday to find its floppies sliced apart with a paper cutter. They never proved her guilt. Regardless, someone moved the blade up and down, costing the company several hundred thousand dollars in time reentering the paper versions of the records into the computer. And that doesn’t even include the orders canceled by customers angry over the delay. In yet another story, a disgruntled worker short-circuited a terminal by urinating on it.
“Hire well,” says Jack Bologna, an expert on the “people” side of computer security, summing up ways to avoid such traumas. “Pay fairly, praise people for good work, give them opportunities for advancement, and make them feel comfortable talking over their problems.”
Remember that the line can fuzz between outright sabotage and simple sloppiness induced by poor morale.
If there’s a disaster and you’re not sure if it’s accidental or deliberate, however, don’t be too quick to point your finger. You may find it chopped off with a lawsuit filed by your suspect, perhaps for less than $1,000, while your firm must spend several times that to defend itself. Unjustified accusations, also, hurt morale and may even add to security problems.