This page contains a Flash digital edition of a book.
WORKPLACE VIOLENCE TODAY


The Internal Workplace Threat: Are We Overly-Focused on Violence Instead of Sabotage? By Dr. Steve Albrecht, PHR, CPP, BCC


In the work of threat assessment and risk management, we are often called to consider the possibility of violence from a current or former employee, from a domestic violence- related employee situation, or even involving an angry taxpayer, customer, client, visitor or vendor. For most of these situations, the immediate concern is targeted violence, often based on other people recognizing pre-attack behaviors or third-party leakage from a potential perpetrator. Certainly we value the protection of human lives in these settings as our primary goal, using every assessment method, tool, partnership, or the


gift of intuitive experience, to make good decisions to keep people safe and enforce consequences on threateners.


But in our efforts to stop violence are we missing a more subtle form of attack? In light of the NSA-Snowden saga, are we overlooking the angry employee who prefers to do his damage with a keyboard instead of a gun? Certainly physical violence is more harmful than violence against data, but aren‘t the business continuity consequences just as severe? We all know of significant workplace violence incidents where the loss of life, the international media coverage, and the impact on the surviving employees and company senior leadership was so substantial that the firm closed. Besides the emotional traumas, the employee and customer retention issues, and the community‘s negative association with the time, date, and place of the incident, it was often the civil suits that put the firm under. And even after the doors were closed, the litigation continued, as the lawyers battled over who knew what and when, and why nothing was done or done better.


Consider the attacks on the City of San Francisco from Terry Childs, a senior member of the Department of Technology, who literally held the City‘s payroll and e-mail systems hostage back in July 2008. Childs created a new password system that only he knew, thereby locking out access to the critical IT infrastructure. It was only after he was arrested (and given $5M bail, so he wouldn‘t bail out and delete the system files), that the City was able to ―negotiate‖ the passwords out of him, with help from then-San Francisco Mayor Gavin Newsome. There were reports Childs was about to be suspended for insubordination just days prior to his cyber-attack.


City officials admitted that their password system, backups, and access control programs needed work, since Childs was able to exploit the weaknesses he already knew. Is this not possible in every organization, public or private, with a server?


Read m ore 17


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26