[Column] John Mc Loughlin: The greatest asset becomes the biggest risk
It's never been more important to protect employees from cyber-attacks while also mitigating the risk they pose as trusted insiders. The erosion of the cyber-perimeter as a result of new virtual workforce models necessitates a new approach, one that baselines activities and behaviours and protects employees by highlighting anomalies.
Companies deploy multiple security, intelligence and productivity monitoring tools in the hopes of working smarter and safer. However, none of these solutions focus on the humans driving day-to-day operations.
Dtex offers the world’s first and only Workforce Cyber Intelligence Platform, capturing hundreds of elements of behavioural telemetry to produce dynamic “Indicators of Intent” and deliver holistic, real-time awareness about the workforce’s activities – without invading personal privacy.
It also empowers business owners to easily see, understand and act on contextual intelligence using scoring frameworks proven to stop insider threats, prevent data loss, maximise software investments and protect the workforce, wherever they may be.
Workforce Cyber Intelligence is a new approach to enterprise data collection and analysis that focuses on understanding how, when, why, where and for how long employees and third parties interact with data, machines, applications and their peers as they perform their job responsibilities to create a safer, smarter and more secure enterprise.
Workforce Cyber Intelligence is designed for today’s modern, distributed workforce model. It provides complete visibility into user and account activity, keeping all data anonymous to protect privacy and only shining a light on abnormal or inefficient behaviours that indicate risks and areas for operational improvement.
It is critical to ensure employees know that personal activities and behaviours that don't directly increase organisational risk, cause cultural conflict, or limit successful operations remain private and anonymous.
People are the heartbeat of every organisation so the human factor is the most important element of a business’s ability to operate effectively and safely. The enterprise workforce’s behaviour, habits and interactions ultimately determine opportunities and threats, the investments that contribute to efficiency or waste, how and where risks emerge and if compliance mandates are met.
Dtex’s Workforce Cyber Intelligence Platform enables organisations better understand their workforce, protect their data and make human-centric operational investments.
The ideas of employee monitoring, insider threat detection, data loss prevention (DLP), User Activity Monitoring (UAM), and human risk management aren’t new. The greatest challenge is improving security and operational performance in a way that benefits both the company and the employee. The best solution protects sensitive information and employee privacy.
Employees are increasingly aware of and diligent in understanding how employers monitor work activities and behaviours. Employees want to know that personal activities and behaviours remain private and anonymous unless those activities directly increase organisational risk, cause cultural conflict, or limit successful operations. This is a fair ask of employees and becoming a major factor in compliance regulations and mandates.
Gathering and analysing data
One may think that it is easy to gather a lot of data for analysis, discover some findings, and report on them. Unfortunately it's not, the process is straightforward, but the mechanics present challenges. Collecting user data often involves overtaxing endpoints and the network and consequently impeding end-user productivity.
Analysis of the captured data carries fears of data misuse and privacy infringement, not to mention wasted resources on false positives and “noise.” Noise is information that calls attention to insignificant findings that present little or no risk. Noise can overwhelm and mask true threats and is a distraction for scarce security resources.
Managing access and perception
Arguably one of the tougher challenges of collecting user data and monitoring the workforce is the workforce’s perception of an organisation’s motivation. When employees hear about monitoring, their initial impression is negative. Changing those perceptions requires openness and assurance that any data being collected is intended to protect individuals, sensitive data, and the organisation, and is handled in the most secure, private, and respectful way possible.
Privacy will be the primary concern to alleviate. In addition to regulatory requirements, protecting employees’ privacy is crucial if you want to have employee engagement and partnership. Managing access to the collected data is another challenge to overcome. Information on individual employees should be anonymised and unmasked only on a strict “need to know” basis.
Data minimisation is a critical prerequisite to privacy. Invasive surveillance such as keystroke logging and screen capture, as well as the collection of user content such as emails and instant messages, isn’t required to detect insider risks and protect organisational data. Employees don’t want corporate IP leaked on purpose or by accident.
Protection for the Employee
Workforce Cyber Intelligence protects employees in many ways, including increased security awareness, smarter engagement, and fewer violations or incidents and the corresponding interruptions. Having a clear and unalterable audit trail provides non-repudiation and defence for the employee. But perhaps the biggest benefit is simply protection against external threats.
Employees are an appealing target of malicious actors and are subject to constant exploitation attempts. People by their nature want to be helpful and trusting, and these are the underlying human traits enabling social engineering.
Businesses need to shift their focus and learn from the workforce by observing employees' interactions with data, systems and machines and using that intelligence to improve performance.