A report published by security firm Imperva back in October revealed that insider threats became a major concern for many organizations. While many companies deploy all sorts of solutions for mitigating external attacks, experts warn that they should also focus on ones that originate from the inside.
One solution to this problem could be the use of monitoring software. In order to get an expert opinion on the matter, we’ve reached out to Nick Cavalancia, VP of marketing at SpectorSoft – a company that provides monitoring software that has proven itself very efficient on numerous occasions.
“As with any employee behavior that impacts a business, there are proactive and reactive measures that can be taken to either prevent, or at least be aware of said behavior,” Cavalancia explained.
“The challenge for businesses is knowing where and when to look - they spend effort and expense on solutions that watch data, transmission mediums, or high-level details of individual activity (e.g. Which websites someone went to). The issue is businesses are not looking at the source of the problem - the employee.”
By monitoring their employees’ every action – including application, email and web activities – organizations enable their ability to identify inappropriate behavior before anything unfortunate happens.
“By having a complete recording of every action performed by an employee, investigations are as simple as playing a DVR,” Cavalancia said.
Employee monitoring software allows businesses to achieve three important tasks: record, alert and review.
“The recording helps with the prevention. The alerting functionality, while reactive, when setup to detect initial suspicious activity, helps to prevent actual damage from taking place. And the ability to review actions, including screen playback, assist and simplify investigations,” he noted.
On the other hand, monitoring employees has a lot of privacy implications. However, Cavalancia explained that while employees, generally, do not have a right to privacy, they may have a reasonable expectation to privacy and this problem can be addressed with an Acceptable Use Policy (AUP).
“Employee monitoring software should go hand-in-hand with an Acceptable Use Policy (AUP) informing employees they may be monitored,” he said.
There are four key elements to ensure an efficient AUP:
* Disclosure – Informing employees that the activities conducted on company Internet and computing resources are in fact being monitored for security reasons, and that any and all activities are being recorded.
* Security – Let employees know that for their protection and the protection of the organization, any unauthorized use will be immediately addressed.
* Education – Providing employees with sufficient guidelines regarding what is acceptable and what isn't, as well as the opportunity to learn from mistakes and to correct them.
* Personal Direction – Providing employees with understanding that only they can ensure protection of their private, personal communications and interests, which starts by avoiding personal communications on monitored computers (at work or anywhere else).