By Isaac Kohen, CTO of Teramind
This week, Wired published a somewhat controversial perspective on employee monitoring tools and the potential misuse of the technology and lack of effective use cases. This is great as the article addressed the elephant in the room for solutions like Teramind, and created the opportunity to discuss both sides of the coin on user activity monitoring.
On one side of the coin – we hear the perspective that:
“Spying on your employees is bad.”
“Employee monitoring tools cannot really measure the productivity of a user since many actions are not computer related”.
The above statements are common in our industry, as most recently published by Wired here. The reality is, there is some truth to those statements. If your use case is to monitor your employees and what they are working on unbeknownst to them, and you are solely relying on the computer utilization metrics to determine employee productivity, you would be proving Wired’s point that user activity monitoring tools are ineffective and possibly unethical.
On the flip side of the coin however are the hard facts for essential industries like finance and healthcare, among many others, where an absence of internal prevention-minded practices and protocols put customers/patients’ most sensitive data at risk from the very organization that they entrust to secure it. Consider these statistics for insider threat-related vulnerabilities:
- “58% of Healthcare PHI Data Breaches Caused by Insiders — Verizon found that healthcare PHI data breaches are most likely due to insider threats, with healthcare the only industry where internal actors are the greatest threat.” – Health IT Security
- And, according to a Kaspersky – The Human Factor in IT Security survey, in 46% of cyber security incidents in the last year, careless or uninformed staff had contributed to the attack. This statistic accounts for a large majority of attacks that are not commonly mitigated by traditional security methods.
Companies must change their approach to data security to accommodate negligent insiders and more commonly insider threats. We’ve been on the front lines of this as data breaches grew at an unprecedented level in 2017 and continue to rise in 2018.
With over 2,000 customers on the Teramind platform and hundreds of use cases later, we know our customers are not deploying our software as assumed in the ‘first side of the coin’ scenario noted above. Rather, the majority of our customers notify their users and employees that the desktop is capturing their activities, in order to capture the work they are doing, identify and prevent any misuse and collection of any confidential data, and process re-engineering and optimization based on data collected from how users interact with applications and data.
There are many use cases for Teramind beyond employee monitoring for productivity measurement:
- Teramind is used for audit and compliance, to capture the activity of third party vendors and privileged users accessing systems with sensitive data.
- Teramind is used to ensure ongoing compliance for PCI, GDPR, HIPAA and many other regulatory requirements to ensure users do not unknowingly take an action that would jeopardize their organizations’ compliance with these regulations.
- Teramind is used as a forensics tool to identify and demonstrate evidence for illegal use cases such as insider trading.
- Teramind is used to identify and stop malicious users attempting to steal IP or confidential data from their organizations, by leveraging user behavior analytics to pinpoint potential malicious behavior.
With over $400B on enterprise software spend as forecasted by the Gartner Group for 2019, enterprises need to ensure these products are utilized to improve the efficiency of their users. And with the latest data privacy regulations like GDPR discussed in every boardroom in the world, organizations need to ensure the data is safe and is stored appropriately, protected from any insider threats and unintentional misuse.
This is what Teramind is about. With over 2,000 customers on our platform since 2014, I think it’s safe to say our customers and the market agree.
We appreciate the editorial team at Wired for raising this topic and giving us the opportunity to further the dialogue. Companies should be transparent in how they monitor employees. In an ideal situation, teams work collaboratively to assess the analytics that come from monitoring to improve security and productivity alike. In the case of security alone, coupling the analytical insights with a prevention-minded, educational approach is the best course of action to mitigate the insider threat and ensure data loss prevention that starts and ends with the user.
With a purposeful focus on ensuring their companies’ commitment to keep customers’ data and other sensitive information secure, employees are empowered to stand by their brands in meeting users’ expectations for data security and industry compliance. Let’s have a conversation on transparent use of user activity monitoring tools to improve productivity and ensure security at the workplace, and how Teramind can help. Reach out to us on social media or email, and let’s talk!