Employee Monitoring: How to Prevent Insider Threats Without Being Called Big Brother
In today’s landscape, cyber security is an ongoing battle. Businesses of all sizes are constantly assessing their risks and deploying technology to mitigate them. At the same time, we’re trying to create a workplace culture of collaboration and trust, not fear.
Although hackers make the news, it is far more likely that our own employees will cause a data breach. A recent IBM study found that some 60 percent of cyber attacks are carried out by insiders, and three-quarters of those are purposeful, malicious acts.
As companies increasingly become aware of this fact, employee monitoring software seems like a logical solution. Tracking software allows you set rules that prevent risky behavior such as emailing sensitive information, and it alerts you when employees are violating policies. You can pinpoint who’s breaking the rules and put a stop to the behavior.
Employee monitoring software vastly reduces the risk of a data breach by identifying these insider risks, but how do you introduce it without alienating your employees? If your staff feels like ‘Big Brother’ is always watching, will morale and performance suffer? Follow these tips to deploy tracking tools without offending your staff and damaging the business.
Top Posts in Insider Threats
- The Decline of the Rogue Employee: Utilizing Behavioral Trends
- Insider Threat Statistics: 8 Convincing Findings [Infographic]
- 4 Different Types of Insider Attacks [Infographic]
- Where Hackers Roam: Enter The Darknet
An honest, straightforward approach is extremely important. Don’t try to be sneaky or hide the fact that you’re introducing employee monitoring software. Your employees want to hear this information directly from you, rather than finding out via the rumor mill or water cooler gossip. And they want to hear about it before implementation, not after the fact.
When notifying employees, the most important point to stress is the why. Your employees are smart — they will understand why the software is important if you explain how often data breaches are caused by insiders, even inadvertently. Explain that tracking tools prevent not only malicious attacks but honest mistakes that can cause a devastating data breach, damaging the company’s reputation and eroding public trust.
Consider scheduling brief staff or department meetings to share the news. You don’t want to make the implementation a bigger deal than it is, of course, but sharing the news over email doesn’t give you the chance to address questions and clear up misconceptions.
Top Posts in Data Security
If you haven’t already, consider launching a cyber security awareness and education campaign. The more your employees understand about how damaging a data breach can be, the more likely they are to support your prevention tactics and strategies.
The goal isn’t to instill fear in your employees, but it helps to share some statistics and facts. Nearly half of North American and European employees report being unaware of their company’s data use and handling policies, for example, and 60 percent of SMBs shut down for good within six months of a major data breach. Employees should understand that the future of the company and their jobs are at stake here.
Cyber security awareness campaigns can begin with efforts as simple as hanging posters around the office, sharing articles and holding brief ‘lunch and learn’ sessions. Then, when you have the time and budget, roll out more formal training with actionable steps.
Just as you restrict access to sensitive data to certain employees, it’s wise to limit oversight of employee monitoring software to just a few key people. If you have a large IT staff, not everyone needs to be involved in monitoring and analysis. Similarly, not every manager or supervisor in the company needs to be alerted when an employee violates a data policy.
Limiting access accomplishes a couple things. If just a few people are responsible for oversight, those staff members are more likely to feel personally accountable. If too many people are involved, policy violations can slip through the cracks because everyone assumes someone else is handling the situation. Also, your employees are likely to feel more comfortable knowing that just a few key people are monitoring their activities.