"A lot of times, the knee-jerk reaction of management is to call an employee on the carpet and say, ‘I know you did it.’ That’s very dangerous to a company," advises Susan Hubbell Nycum, an international partner with the law firm of Baker & McKenzie and a managing partner of the firm’s Palo Alto, California, office. She’s the chairman for her firm’s practice group on computers and high technology, and has been involved in outlining U.S. computer crime laws since the ’70s when she testified before the U.S. Senate and helped draft laws in this country and others. She has the following tips on dealing with sabotage:
- If you turn the investigation over to an independent investigator or investigation firm, it could be a good idea to do this under the control of your outside legal counsel. The reason: Outside counselors retain the attorney-client privilege and don’t have to disclose sensitive information except in certain situations under court order. "Whereas if you just turn it over to an investigator, he has no privilege," explains Nycum.
- Don’t instantly call the authorities. "First of all, the police don’t have to investigate everything that’s brought to their attention," says Nycum. "And if you’ve blown the whistle on someone and brought in the cops, but the cops decide not to take it further, the employee could sue you." On the other hand, once the police are involved, you can’t stop the process.
- Have policies and procedures in place so employees know what’s right and what’s wrong—what they can and can’t do—in the workplace. Particularly in the cyberspace arena, make sure employees know what’s appropriate behavior.
- Follow your policies. Having policies and not following them is as bad as not having them.
"Today, you just can’t accuse someone unless you’re absolutely sure it’s accurate," says Jerry M. Eisen, president of Human Resource Center Inc., a management consulting firm based in Phoenix. Eisen was formerly the vice president of HR at Parsippany, New Jersey-based Ramada Inn and other large organizations over the years. To minimize the risk of sabotage, he suggests that companies take the following precautions:
- When you terminate an employee, change company door locks and computer access codes. "I’ve even had this done while I was terminating the employee in my office," says Eisen. "This is so that when they go back to their desk to collect their things, they can’t bring up the hard drive and delete it."
- Make sure you have all your ducks in a row before you confront an employee about sabotage. Interview all employees who might have known about or have seen the sabotage. Get signed statements from those employees about the specifics of their knowledge of the incident. "Then confront the person and try to get him to admit it on his own," says Eisen. "Ninety-nine percent of the time, they admit it. They say why they did it—usually they were angry—and promise to make restitution."
- Don’t be afraid to immediately terminate an employee who’s committed an act of sabotage. Even if it was an isolated incident, it could potentially happen again. Don’t take chances.
"Companies really need to be aware that they’re most vulnerable during issues of separation, reduction in force, layoffs, terminations for cause—and even for no cause," says Darren Donovan, vice president of the consulting and investigations unit of Pinkerton’s Inc.’s Eastern U.S. region. "These are the times when people feel most agitated and feel like lashing back at the company." He says companies need to put more safeguards into place. Here are things that might help companies handle sabotage:
- Figure out what your company’s critical areas are and have contingency plans. For example, make an assessment that if an act of sabotage happened in each particular area of the business, what would be the result? Are the company’s assets protected? Are employees protected? Are the company’s information and property protected?
- Do a security survey and vulnerability study. For instance, figure out what you’d do if a product has been tainted or a computer system has been hacked into. Find out where your company is most at risk.
- Figure out your PR plan. Decide ahead of time in which instances your company will speak to the media, who’ll represent the company’s opinion and how to deliver the response.
- Decide how and who will investigate. Have a resource that you can go to quickly, because you can’t wait to act, especially if there’s some external impact or media concern. For example, if it’s an incident like finding a syringe in a Pepsi can, a prompt investigation can quickly help determine if it’s real or a hoax. (In this case, which actually happened, it was a hoax.)
- Do an investigation to understand the underlying cause of the sabotage. Are there a lot of labor issues going on? Is there anyone who’s been disciplined lately? Is anyone having personal problems? Scan the environment to link pieces of relevant information together, and formulate a hypothesis about who might have been involved in the sabotage.
- Contain the sabotage site for evidence. Make sure it stays intact and isn’t contaminated before your investigation team can collect all the information it needs.
Workforce, July 1999, Vol. 78, No. 7, p. 40.