Combating insider business threats without harming trust

System Security Specialists

According to research from the Ponemon Institute [1] insider threats are now one of the biggest risks that businesses face globally, accounting for around 64 per cent of all security breaches. In order to combat these threats, many businesses are turning to employee monitoring, but how can this be managed without creating distrust among staff?

Around half of all large organisations were carrying out some form of monitoring in 2018. [2] This ranges from analysing the text of emails and logging computer use to tracking people’s movements.

In and out of work

The same study finds that only 30 per cent of employees are comfortable with being monitored, although this is significantly up from just 10 per cent in 2015. The most significant objections are to the monitoring of personal social media accounts, physical movements and personal interaction. This suggests that while there’s an acceptance of monitoring in the workplace, people are less happy about having their private life watched.

Part of the problem for employers is that a vast range of data on individuals is now publicly available. In addition to social media, this can include indications of financial problems which can have an adverse effect on employee behaviour.

While employer reviews of this information may seem controversial, used sensitively it can allow an HR department to talk to an employee and perhaps help with addressing any personal issues that they may be experiencing. Being aware of factors affecting an employee’s personal life that could be having an impact on their work can ultimately be good for both the staff member and the company.

Used sensitively, monitoring tools can help to protect the company but also improve the safety and welfare of staff. People are often the greatest asset in a business, but of course, the enterprise has a duty to use any data gathered in a responsible way and make sure that it is acting in accordance with laws and compliance rules.

Building a culture of trust

So what can employers do to use monitoring in a responsible way and allay the fears of their workforce? In order to build a culture of trust, there are a number of things to consider.

The key thing is to communicate with employees and listen to any concerns that they may have. It’s important to be transparent as to what level of monitoring is taking place and about how the data is going to be used. Employees need to understand how this benefits the company and what they themselves can gain from it in terms of protection of their interests. At the same time, the employer needs to be responsible as to how much data it is collecting, how it’s being used and how long it’s held for.

Ideally, the business should set up a multi-skilled team comprising HR, IT, security and legal staff in order to determine how monitoring will be used and establish a clear policy on the issue.

There’s also a case for educating employees as to the amount of data they are sharing. Companies need to make it clear that the data they are monitoring is already in the public domain. Many people don’t actually realise just how much of the information that they place on social media is public. Training on not over-sharing can benefit both sides; simple considerations such as not posting holiday pictures until you get home, or being careful about how much you reveal concerning your job for example. Recent Facebook and other scandals have made people more aware of the potential perils of social media but it can’t do any harm to reinforce the point.

Ultimately, the message should be that responsible monitoring is about protecting staff, not attempting to catch them out.

Give Cloudworks a call and we can discuss the best way to secure your IT systems from internal threats. We can monitor your network and identities to protect against cyber crime and also implement policies and controls that prevent unauthorized access and protect company data.

Call us on 0115 824 8244 or email info@cloudworks.co.uk to find out more.

[1] https://153j3ttjub71nfe89mc7r5gb-wpengine.netdna-ssl.com/wp-content/uploads/2018/04/ObserveIT-Insider-Threat-Global-Report-FINAL.pdf
[2] https://www.shrm.org/hr-today/news/all-things-work/pages/watching-the-workers.aspx