New York: Employees who have low self-control pose a danger that can be just as damaging as a hacker, says a study. Researchers at Iowa State University measured brain activity to identify what might motivate an employee to violate company policy and sell or trade sensitive information.
The study found that self-control is a significant factor. Researchers defined a security violation as any unauthorised access to confidential data, which could include copying, transferring or selling that information to a third party for personal gains.
In the study, professor Qing Hu and colleagues found that people with low self-control spent less time considering the consequences of major security violations.
“What we can tell from this current study is that there are differences. The low self-control people and the high self-control people have different brain reactions when they are looking at security scenarios,” Hu said.
“If employees have low self-control to start with, they might be more tempted to commit a security violation if the situation presents itself,” he added.
Researchers found people with high self-control took longer to contemplate high-risk situations.
Instead of seeing opportunity, or instant reward, it’s possible they thought about how their actions might damage their career or lead to possible criminal charges, Hu said.
For the study, researchers surveyed 350 undergraduate students to identify those with high and low self-control.
They were given a series of security scenarios, ranging from minor to major violations, and had to decide how to respond while researchers measured their brain activity.
Robert West, a professor of psychology, analysed the results.
“When people are deliberating these decisions, we see activity in the prefrontal cortex that is related to risky decision-making, working memory and evaluation of reward versus punishment,” West said.
“People with low self-control were faster to make decisions for the major violation scenarios. It really seems like they were not thinking about it as much,” he added.
The findings were published in the Journal of Management Information Systems.