Workers need training to know what to do and what not to do. Humans make mistakes and some cyber risks are due to insider error. Workers also need proper motivation and incentive to perform well. They need to know why security and safety is important and be rewarded to do the right thing.

Workers need to know common ways hackers access the company so they don’t unwittingly help. They need to know about tailgating and Spam phishing emails. Insider threats should be minimized to actual acts of malice.

Some workplace deviance is workers acting out of accord with employee and worker agreements and business policies. It is important to communicate acceptable use of workplace resources and time to employees. It’s very easy to pick up computer viruses visiting inappropriate websites on workplace computers or downloading software. Employees shouldn’t generally have administrator access to download software on workplace computers. Tech makes it easier for employees to access time wasters like social media. Social media can even contribute to data leakage. Employees can unwittingly spread company secrets or customer information such as pii.

Some cyber crimes are committed by malcontent employees and former employees who misuse workplace resources or credentials. It’s very easy once you’re past the security guard and you have an account with appropriate permissions to access a company’s valuable resources such as hardware, easily stolen laptops and smart phones. Deliberate data theft or sabotage is also a danger. Scorned employees can steal data to sell to rival companies or the dark web.

Employees have easier access to airgapped networks than hackers. It’s essential that all employees are vetted. People should have background checks run on them that include debt. It’s important to know who is vulnerable to bribery and might be more easily convinced to steal or sabotage.