How to ensure insider threat prevention with a privacy-friendly business culture
Today’s technology landscape is undoubtedly powered by data. It’s the lifeblood of the digital ecosystem, making it at once its most promising asset and its most significant liability.
Unfortunately, data breaches are on the rise, data misuse is frighteningly rampant, and few companies have demonstrated the prowess to stop these events from occurring. Now, in addition to shifting consumer sentiment about data security, formal regulations like Europe’s GDPR and California’s CCPA are forcing companies to rethink the importance of data security.
To put it simply, in 2019, data security – including leak prevention, theft, and misuse – is priority number one. At the same time, companies are challenged to balance compliance programs in a privacy-friendly environment for their own employees.
What’s the Solution?
With steep financial and logistical consequences for failure, companies have every incentive to get this right, which means prioritizing their most potent weaknesses by tackling the problem of insider threats. According to the Ponemon Institute’s 2018 global study on data security, “companies need to intensify their efforts to minimize the insider risk because of rising costs and frequency of incidents.”
With insider threats accounting for a remarkable number of data loss events, employee monitoring and data-loss prevention capabilities are quickly becoming a must-have component of any data security initiative.
Companies are taking notice. As many as 80% of major organizations monitor their employees to some degree, and better technology makes it possible for companies to detect and prevent insider threats from behaving maliciously.
Of course, employer oversight in the form of employee monitoring software can seem counterintuitive to proliferating a privacy-friendly environment. Preventing a data loss event at the expense of employee privacy is really just an elaborate version of “robbing Peter to pay Paul.”
The answer is privacy-friendly employee monitoring and data loss prevention software. Indeed, it’s possible to comply with data protection mandates without violating employee privacy. This is a best-of-both-worlds approach that benefits companies while also protecting employee privacy.
Today’s comprehensive employee monitoring software is highly configurable, allowing employers to capture and assess the information they need without casting a broad net.
These configurations can include:
- declining to record workstation sessions or limiting monitored applications
- enabling auto-redaction and masking of personal data
- creating rules that automatically suspend monitoring when a user engages in a private activity
- implementing tiered administration that limits the manager’s access to employee data
- assessing productivity reports for guidance rather than for evaluation purposes
For many employees, these guidelines represent a reasonable balance between accountability and autonomy. Meanwhile, GDPR and other regulatory guidelines require that some of these measures be put in place.
For instance, GDPR Article 22 limits employers ability to make personnel decisions based solely on automated processing like employee monitoring data.
Still, there is no getting around that data security and regulatory compliance and requirements of the modern business world. Technology, including employee monitoring and DLP software, is evolving to meet these needs, which broadens the options available for most companies.
Most importantly, it lets them simultaneously value their employees’ privacy while still guarding their company’s data, both of which are critical components of a successful company in 2019.