7 warning signs an employee has gone rogue

Red flag No. 4: Says they can hack a coworker or company systems

Most employees who hack coworkers often tell other coworkers that they can easily hack coworkers or company systems. It’s strange but often true. If a disgruntled employee verbalizes what they could do if they wanted to, consider yourself warned. In most cases, no one tells leadership about the threat, thinking nothing of it, or if they do, leadership blows it off.

Lesson learned. Verbalizing such a sentiment should be enough to take action. First, educate your employees to report these passive-aggressive threats. When they are reported, take them seriously. Have management talk to the employee with an HR representative present, and search the employee’s hard drives for hacking tools and evidence of unauthorized access.

This also applies to employees caught with unauthorized hacking tools (if hacking tools are not part of their job). Ditto for employees found with collections of other users' passwords (if having those passwords are not part of their job).

If an investigation reveals the employee has not been actively hacking in an unauthorized manner, they should be warned that such behavior is not condoned and can result in their immediate dismissal, and their actions should be heavily monitored for a set period.

You may think I’m being too tough, but decades of experience have taught me to nip these threats in the bud. I’ve found a few employees with data they should not have, and I believe treating the event seriously can help remind innocent employees to toe the line and stay out of trouble.

Red flag No. 5: Switches screens away from company assets as you walk up

The scenario plays out often: Stop by a cubicle, and watch the coworker quickly flip to a new screen. More than likely they are trying to hide the fact that they are goofing off and not doing company-related work.

But if you see them switching screens when they are obviously working on company assets, that is a huge red flag. Any company website or database they are working in should be able to be seen by a team leader. If this happens more than a few times, make sure you investigate properly.

Red flag No. 6: Never takes vacation

An old accounting canard says to be wary of employees who never take vacations. Because they have to constantly cover up their tracks so they don’t get caught, they simply can’t take a day off. This is why many companies force employees to take vacation.

I once worked with a woman who had been at the company for more than four decades. She was a hard worker, loved by everyone, although a bit cranky at times. She also never took a vacation, even when threatened. I was her boss for five years. At every annual review I would note that she didn’t take a vacation and I would cajole her to take one. She would say something nice or funny in response and say she would soon. But the next year would roll around and still no vacation.

The third year I threatened to fire her if she wouldn’t take a vacation. I even marked down her review score and reduced her bonus. Still she did not take a vacation, but I couldn’t follow through with the threat. She had been with the company so long, and I had a soft spot for her, as everyone did.

In the fifth year we forced her to take a week’s vacation. Lo and behold she continued to show up during the week to “see how things were going” in her absence. I physically had to escort her off the premises. I was truly worried about her health given how much she worked.

Then the checks started to arrive -- it turned out she was getting kickback checks from all sorts of telco-related companies for more than 20 years. She had also given her son a job doing telco in the company, one for which he never showed up, and the company was paying for both their cars. In total, she had stolen more than half a million dollars over the course of 20 years.

This sweet older woman who everyone treated like the company grandmother had fleeced the organization. Don’t let sentiment get the best of you.

Red flag No. 7: Leaves the company angry

Involuntary separation of employment is never easy on an employee, even in the best of circumstances, when not the result of the employee’s actions. A layoff can come as a complete surprise to an employee, and it can hit at a difficult time in that employee’s life. While a little venting might be expected, it can cross a line. Add to that mix a dedicated employee who has had lots of superadmin privileges for years with remote access, and you could have an impending disaster on your hands.

Of course, every separation of employment should involve the disabling of the ex-employee’s log-on accounts. Many times this is the mistake made by victim companies. But often that long-term superadmin employee is also aware of shared admin account passwords (a practice that should never be implemented) and may know other employees’ log-on names and passwords. This can become especially complicated in certain circumstances. While the average employee may have 10 to 15 different systems with different log-on credentials, that number skyrockets for admin employees.

Any system located on the Internet or a partner network should be scrutinized in depth. Any log-on credentials the employee might have known or might have used must be changed. Elevated service accounts, whose passwords are often not changed for years and widely known, should be changed as well. And be sure to investigate for any evidence of other accounts and passwords the ex-employee might have known about. Those, too, should be changed.

Postscript: Not everyone is a rogue in the making

For many of you, the above warning signs may be familiar. You may have encountered one or two of them even in the past week. In fact, some of you may remember times when you exhibited one of these warning signs (but certainly never hacked your employer). That’s the hard part about spotting rogue employees. People don’t always make the best decisions.

While it’s good to keep an eye out for folks who may be engaged in illegal activities at work, be sure to take a measured approach. Give additional responsibilities as earned trust allows. Sometimes your paranoid suspicions will be only that.

Related articles

• 10 security mistakes that will get you fired
• 7 sneak attacks used by today's most devious hackers
• True tales of (mostly) white-hat hacking
• 14 dirty IT tricks, security pros edition
• 6 lessons learned about the scariest security threats
• IT's 9 biggest security threats
• 9 popular IT security practices that just don't work
• 10 crazy IT security tricks that actually work

This story, "7 warning signs an employee has gone rogue" was originally published by InfoWorld.