All too often, privacy and security are portrayed as at odds with each other. There was a time when this didn’t matter, as security at the expense of frequently won out. This is evidenced by the large number of solutions on the market that provide details into what’s taking place in enterprise IT environments through invasive means that violate privacy and trust. We are talking, of course, about legacy tools that capture users’ every keystroke and even go as far as making what amounts to a digital recording of everything that takes place on their computer monitors.
Nowadays, the world is becoming more aware of how many technology companies (specifically social networks and consumer apps) collect, share and analyze user data. Scandals that surround Facebook and Palantir and social chatter shows that people are aware of privacy issues and insisting that it be respected.
Demands for privacy now extend beyond consumers and online services providers. Employees are starting to make their voices heard within their own companies, governments are enacting regulations such as the GDPR, and public and private sector organizations are recognizing the vital role privacy plays when it comes to gaining employee respect, support and trust.
Dtex Systems already provides the most advanced user behavior intelligence platform for insider threat detection available. We are also ahead of the curve when it comes to giving customers the ability to implement activity and behavior monitoring that respects privacy. We decided to commission this Harris Pole to provide our customers, and the security industry in general, with guidance on how to conduct user behavior monitoring in a way that their employees expect, accept and even support. We found that employers can accomplish all of this by making sure that their monitoring programs follow a few simple rules.
- Make sure it is conducted with openness and transparency. Employees should be told when it’s taking place and why.
- Focus monitoring on security. Use monitoring to reduce security risk, don’t use keystroke logging and digital recording “spy” tools that eavesdrop on everything employees do. Workers want to know that their employers will not capture their password or a screen shot of their bank account if they take a 5-minute break to check their balance.
- Anonymize user data. Make sure that information being collected isn’t creating a personal profile on them. Be able to deanonymize data for review and analysis after a threat has been detected. For more information on data anonymization, see: Dtex Systems Patent Shows that Company is Only User Behavior Intelligence Provider Delivering Insider Threat Detection with Maximum Protection for Employee Privacy
Let’s take a look at the findings.
45% of Americans believe it is sometimes, often or always acceptable for employers to monitor employees’ digital activities to protect against security threats and data breaches.
64% of Americans somewhat to strongly agree that employers have the right to monitor employees’ digital activities on personal or work-issued devices used to conduct work for security purposes, as long as they are transparent about it and let employees know up front that it is taking place.
77% of employed Americans would be less concerned with their employer monitoring their digital activity on personal or work-issued devices they use to conduct work, as long as they are transparent about it and let them know up front.
71% of Americans would not accept a job with an employer that monitors its employees’ digital activities on work-issued or personal devices they use to conduct work without letting employees know about monitoring up front.
70% of Americans somewhat to strongly agree that they would consider leaving an employer if they found out that the employer was monitoring their digital activities on work-issued devices they use to conduct work without telling them up front.
62% of employed Americans would be comfortable with their employer monitoring their digital activities taking place on work-issued devices if it was for security purposes and the activity data was anonymized (i.e., the employer would only look at it if suspicious or threatening behaviors were detected). 36% of employed Americans feel the same about employer monitoring on personal devices.
Survey Methodology
This survey was conducted online within the United States by The Harris Poll on behalf of Dtex Systems from June 14 to 18, 2018 among 2,024 U.S. adults ages 18 and older, among whom 833 are employed full-time. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables and subgroup sample sizes, please see contact information in this release.