INNOVATION
A Loss EMPLOYEE Prevention CYBERCRIME Psychology AND DEVIANCE Perspective
A
n increasingly digital workplace provides opportunities for innovation and growth, but it also creates significant threats to businesses, including devastating types of employee‑driven cybercrime and deviance. Cybersecurity Ventures broadly estimates that overall global cybercrime costs will grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025. This estimate of damages is based on all sources of cyberthreats (e.g., cybercriminals, nation-state-sponsored threats, organized crime, insider threats, etc.). However, the purpose of this column is to focus more narrowly on employee threats and the types of workplace crimes and counterproductive acts they can commit or inadvertently assist through their negligence. Therefore, the tenets of loss prevention psychology (LPP) should prove useful to better understand, prevent, and remediate a greater percentage of insider cyberthreats.
Cybercrime: The Digital Pandemic Employee-driven cybercrime can be devastating to a company’s bottom line, brand reputation, and overall survival. A singular instance of cybercrime can potentially cripple an organization, leading to significant financial losses, damage to the company’s reputation, and long-term impacts on consumer trust. Given these high stakes, LPP applies an integrative, multi‑faceted approach to mitigating cybercrime risks. It emphasizes the importance of technical measures (secure systems and encryption), human measures
(employee education about cyber risks and safe practices), and organizational measures (risk-focused pre-employment screening, robust HR and IT policies and procedures, and an ethical culture that deters criminal behavior). Common types of employee cybercrime include the following: ● Data Theft: Unauthorized access and extraction of the company’s sensitive or proprietary data. ● Hacking Company Systems: Unauthorized intrusion into the company’s computer systems or networks with malicious intent. ● Insider Trading: Using confidential company information for personal financial gain. ● IT Sabotage: Deliberate actions to damage, disrupt, or slow down the company’s IT systems. ● Phishing Attacks Against Colleagues or Company Partners: Deceptive attempts to gain sensitive information by posing as a trusted entity within company communication channels. ● Installing Ransomware: Installing malicious software designed to block access to the company’s computer system until a sum of money is paid. ● Software Piracy: Unauthorized copying, distribution, or use of copyrighted software using company resources. ● Cyber Espionage: Illicitly accessing confidential information held within the company for personal gain or to benefit another organization. ● Identity Theft: Stealing and using a colleague’s or customer’s personal data for personal gain. ● Cryptojacking: Using the company’s IT resources to mine cryptocurrency without authorization.
PopTika / Shutterstock.com
By John W. Jones, PhD
