By Michelle Drolet
Founder & CEO
Michelle is a prominent leader in data security preparedness, renowned for her extensive expertise i
Read More3 Minute 54 Second Read
March 2, 2018
There are a lot of employee monitoring software options out there, like Teramind, InterGuard and SentryPC, that enable you to watch exactly what your employees are doing in real time. At the shallow end you can use these packages transparently and automatically filter out inappropriate content or limit social media time. At the deep end, you can use them silently to track exactly what websites your employees visit and even record keystrokes for online searches, messaging chats and emails.
You may consider this the nuclear option. It may not be illegal to monitor employees in this way, though some states have put protections in place, but it’s certainly an ethical quandary. It gives your IT department access to a lot of potentially sensitive information.
If you’re considering using software like this, then it’s worth asking, “Who watches the watchmen?” Depending on how you use it, monitoring can also be time consuming, so it’s certainly not the most efficient way to guard against the risk of a data breach.
From a security standpoint, what you really want is to be alerted when employees do something suspicious. User behavior analytics (UBA) are a smarter way to sniff out anomalies in users’ actions and flag them for further investigation. Companies like IBM and Varonis have developed advanced UBA tools that can detect unusual activity.
Is an employee trying to access a file they shouldn’t? Maybe they’re downloading something at 3:00am from a location that isn’t their home. Perhaps they’re trying to move laterally between systems. The beauty of UBA is that it highlights malicious insiders and outsiders using stolen credentials equally well, though it may require further investigation to determine which is which.
If you’re going to go to the trouble of monitoring your employees, then maybe you should extract more value from the data you collect.
There’s a new breed of software that offers the same potential security protections to ensure compliance but focuses on the end user experience and how it might be improved to remediate issues as they happen. Nexthink detects and addresses anomalies in endpoint behavior before they occur or worsen into bigger problems. Nyansa takes a similar approach to problem prediction and mitigation with its network analytics service. Emphasis is placed on end users that have been or could be impacted by a problem then address it before escalation.
“End users lose more than 20 minutes of time each day because of computer issues, resulting in lost productivity for the business and lost credibility for IT,” says Samuele Gantner, VP Products, Nexthink. “We see this happen even in the most advanced organizations.”
Realigning endpoint monitoring to focus on improving the daily work experience for your employees makes a lot of sense. You can tighten your cybersecurity and gain the oversight you need, while simultaneously facilitating greater productivity and lessening the workload on your IT department.
Whatever strategy you choose, there’s clearly a need to act. The 2018 Insider Threat report from Crowd Research Partners interviewed 472 cybersecurity professionals and 53% confirmed that an insider attack had happened at their organization in the last year. It also found that 90% of organizations feel vulnerable to insider attacks.
Pair good policy and training with effective monitoring software and you can reduce the risk.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |