In an article from the Journal of Management Information Systems the research team defines cyber-deviance as the “use of IT in the workplace that is contrary to the explicit and implicit norms of the organization, and that threatens the well-being of the organization and/or its members” (Venkatraman et al.). A more boiled down version of this was presented in the module as “the problem is in the chair, not the software.” As we see workplaces grow to become increasingly dependent on the use of digital devices the threat of internal cyber-deviance must be dealt with.

By giving employees the ability to use cyber technology at nearly all hours of the workday can create opportunities for a wide range of workplace deviance. This could mean using company computers to scroll social media, watch YouTube, or read personal emails while on the clock. It could also mean workplace cyberbullying or other ways of harassment. If the office provides more powerful processing power, then workplace deviance could be the misuse of the technology for personal projects. While intentional that type of cyber-deviance is not likely to be malicious in nature (Jones). This doesn’t mean this type of deviance can’t be dangerous. If busy doing personal activities on workplace devices, then an employee could fall for a phishing email, or open an application hiding malware. Simple phishing launched attacks are still effective in tricking people and could compromise the entire organization’s network. Deviance of this nature, would likely be handled internally and only have a marginal impact on the organization as a whole. More serious offenses would be accessing sensitive data without authorization, using said information for personal reasons, data hoarding, etc. Then there are acts that would be considered highly illegal, and could greatly hurt the organization. This could include data theft and selling of the data, insider trading, sabotaging the network, installing ransomware, identity theft, or using workplace resources to launch malware attacks (Jones). The motives behind such acts could just be for financial gain, a challenge, or as a form of revenge. Sometimes the most devasting form of cyber-deviance comes in the form of simply not following proper workplace procedures. An IBM backed study found that “over 95% of all [security] incidents investigated recognize ‘human error’ as a contributing factor” (Blau). Many attacks don’t start with a hacker breaking through a firewall or scouring lines of code for a vulnerability, instead it is often setting a trap and waiting for an employee to slip up.

Whether it is incidental, minor, criminal, or simply a mistake cyber-deviance in the workplace is and will continue to play a part in the cybersecurity landscape.

Works Cited:

Blau, Alex. “Better Cybersecurity Starts With Fixing Your Employees’ Bad Habits.” Harvard Business Review, 23 Aug. 2019, hbr.org/2017/12/better-cybersecurity-starts-with-fixing-your-employees-bad-habits.

Jones, John W., PhD. “Employee Cybercrime and Deviance: A Loss Prevention Psychology Perspective.” Loss Prevention Media, 10 Jan. 2024, losspreventionmedia.com/employee-cybercrime-and-deviance-a-loss-prevention-psychology-perspective/#:~:text=Examples%20of%20cyber%20deviance%20include,of%20company%20systems%20or%20data.

Venkatraman, Srinivasan, et al. “The ‘Darth’ Side of Technology Use: An Inductively Derived Typology of Cyberdeviance.” Journal of Management Information Systems, vol. 35, no. 4, Dec. 2018, pp. 1060–91. https://doi.org/10.1080/07421222.2018.1523531.