Disgruntled ex-employees or soon-to-be-ex employees are nothing new, and if some recent studies are to believed, they are legion. Research from the Corporate Executive Board shows that 75% of departing employees are disgruntled. And because the bad economy may have kept disgruntled employees in place longer due to fear, there may be a high level of pent up frustration with grievances real or imagined.

Most disgruntled employees will simply dust off their resumes and take their leave at the first opportunity. This will generally be a quiet affair because most people are eager to move on with their lives in a positive fashion and with little drama. The Steven Slaters of the world are a rare occurrence.
The real worry for you, the employer, may lie in the malevolent rogue employee lingering in your midst who has plans to wreak some degree of havoc, whether for reasons of revenge, resentment, or potential (larcenous) profit. With powerful and concealable data storage devices and the ability to disseminate communications instantly through texting and email, rogue employees are technology-enabled in an unprecedented way.

In an article entitled Worker-Departure Disaster Waiting to Happen in CFO magazine, John Reed Stark terms these employees “bad leavers” and defines them as “… disgruntled employees who “leave” a company on “bad” terms and cause deliberate harm before or after they exit, typically in clandestine fashion.” Such an employee might attempt to destroy, alter or steal information and a company must be prepared to detect, assess, and react quickly.

Stark discusses the need for employers to have established exit protocols, which would include the creation of an IT environment “conducive to locating the proverbial ‘smoking gun.'” It may also be essential to bring in independent forensics experts to preserve and safeguard evidence that might be needed in litigation.

The National Association of State Chief Information Officers published a brief on Insider Security Threats. The report includes a discussion of malicious employees, as well as other internal security vulnerabilities, such as inattentive, complacent or untrained employees, and contractors and outsourced services. They classify the overtly malicious threats as:

  • The IT Expert with a Hacker Mentality
  • The Dissatisfied or Disgruntled Employee
  • The Terminated or Demoted Employee
  • The Fraudster Motivated by Financial Gain
  • The Employee Who Wants Unauthorized Access to Information

The article discusses various security measures for dealing with each threat, including those that might address a “bad leaver,” which we excerpt below:

What’s in Their Background? Background checks of all job candidates, including interns and contractors, can identify those with a record of acting out inappropriately or using questionable judgment and could prevent their hiring in the first place. A credit and financial background check can help to identify job candidates in financial difficulty. They could have an incentive to use IT to defraud the state, especially if a position has financial responsibilities or access to financial IT systems.
Vigilance Pays Off: Management should be aware of the signs of a disgruntled employee who could cause damage with or to state IT resources.
Open Communication Channels with Management: A reporting system for employees who witness or know of a disgruntled employee with ill-intended plans can serve as an early-warning system to management. In addition, allowing employees an official channel for the expression of grievances may prevent them from taking their anger out behind management’s back.
Watch Them: For problem employees, managers may consider coordinating with state IT staff to monitor their access to email, the Internet and state IT systems.
The Value of Audits: Regular and ongoing audits may identify ill-intended behaviors of employees that management may not immediately recognize as disgruntled. Audits can include the review of access, activity and facilities logs.
The Exit Strategy: Employees who resign or are terminated may take one last swipe at their employer through sabotage or data theft. A formal and thorough exit process can prevent such occurrences. This includes cutting off access privileges before an employee is terminated or immediately after an employee resigns if the employee appears to be disgruntled and escorting an employee out of the office.

As with most things in life, a good offense is better than a good defense. Employers should be alert for changes in behavior to identify a potential disgruntled employee early. Signs might include a lack of motivation, a breakdown in communications, and a decline in performance. Training managers and supervisors in how to identify and act on changes in performance and behavior before they become problematic can allow for positive communication and intervention.


Request a Quote