DTEX InTERCEPT for Critical Infrastructure Entities Enhanced. READ THE NEWS HERE.

WORKFORCE CYBER
INTELLLIGENCE

BLOG

A Human-centric Approach to Operational Awareness and Risk Management.

Workforce Cyber Intelligence 103: The Importance of User Privacy & Trust

Employee Privacy and trust

Welcome back! Last week we explored the challenges of user behavior analytics, monitoring and surveillance and how Workforce Cyber Intelligence is addressing the shortcomings of legacy solutions. Today, we dive deeper into one of the key pillars of this new approach to workforce security: privacy.

Employees typically feel uneasy if they learn their employer is monitoring their actions and behaviors – especially when they are left wondering how, what, and why data is being collected. Some may become angry, but at the very least, most will be curious to learn more. However, most employees are unlikely to ask questions about the monitoring taking place, for fear of seeming combative or like they have something to hide.

If an employer simply confirms that monitoring is taking place but withholds details on the how/what/why, employees have a justified right to be disgruntled. Instead, employers should inform employees directly of the monitoring – explaining the technology, what data is collected and why, how it works, and what’s not being monitored.

This transparency will encourage employees to ask questions about how the data is being used to benefit them and the business and importantly, how their privacy is maintained. By doing this, the employer can build trust and establish a sense of shared responsibility – showing that privacy and security can not only coexist but also make the other stronger and more efficient.

In today’s environment, managing the workforce extends beyond employees to include third-party vendors, partners, contractors and any individual with authenticated access to corporate systems – meaning the “workforce” represents more than just employees. In other words, “employee monitoring” has become an obsolete term and the idea of “Workforce Intelligence” is more applicable.

Beyond just monitoring, Workforce Cyber Intelligence allows companies to:

  • Secure company data
  • Protect company systems
  • Shield employees from external threats
  • Facilitate and assign projects better
  • Reduce legal and regulatory liabilities
  • Improve awareness of employee engagement

Overall, employee engagement and behavior analysis helps organizations increase performance, while reducing internal risk and keeping employees safe and secure.

To help you on this journey, following are some of the keys to success for companies working to balance employee monitoring and personal privacy to improve their security and enable their businesses.

Having an Engaged Workforce

A workforce’s engagement level can be measured by gaining an understanding of when, why, where and how individuals interact with data, machines, applications and their peers as they do their jobs. A truly engaged workforce that feels trusted and has its privacy respected provides an added layer of protection across the organization – creating a human firewall that only increases an environment’s security posture.

When an employer prioritizes engagement intelligence over intrusive monitoring, the result is a naturally occurring dedication on the part of employees. Concerns by employees that productivity monitoring is an output of engagement monitoring and behavior analytics is fair and accurate. However, treating employees as trusted insiders and a source of intelligence rather than the subject of surveillance instills a sense of shared responsibility across the organization, resulting in a renewed dedication and commitment that drives employee performance to new heights.

Employees are humans not machines

A shortcoming in legacy employee monitoring and behavioral analytics solutions is the lack of insight into “how” and “why” user activity occurs. Solutions today heavily weigh system activity and identify the user behind the activity. While accurate and important, this single data element fails to provide context and true intent of the user’s behavior.

When data is collected for Workforce Cyber Intelligence, the human becomes the central element — user activity is mapped and synthesized with machines, applications, and data to establish a multi-dimensional, contextually rich picture that answers much more than “who.” Only solutions that incorporate behavioral analysis can claim to accurately understand employee engagement.

Intelligence without invasive surveillance

Employees will have concerns about what specific data is collected – and rightfully so. They will most likely have questions about what activities may be in-scope or out-of-scope. Lastly, and perhaps the biggest concern, employees may wonder how these data points could be weighted when gauging individual job performance.

These are all valid concerns. Traditional data loss prevention and employee monitoring tools have not only deployed invasive content inspection, keystroke logging, and screen capture capabilities but also often collect more data than necessary for their stated purposes. This invasiveness creates unnecessary employee privacy issues, as well as significant costs associated with excess data storage and processing.

Workforce Cyber Intelligence views the employee as a source of intelligence rather than a subject of surveillance. This approach effectively flips a model of invasive and overabundant data collection to one that anonymizes user intelligence and collects only the minimum amount of metadata needed to build a forensic audit trail, with full respect for employee privacy. With a metadata collection model, invasive tools like file scanning, email, web browsing, messaging application content capture, keystroke logging, and screen recording data are no longer necessary.

Embracing Trust as an Insider

Being transparent with employees about the technology and approach to workforce visibility comes with a surprising but welcome benefit: employees embrace their responsibilities and better monitor themselves.

When an employee ponders whether an activity is questionable, an informed and trusted employee more thoughtfully considers their own behavior. Unless the behavior can be reasonably justified as part of the job, then they simply may choose to not behave in a manner that can introduce risk.

Good behavior is difficult in the dark

Employees know their roles, job functions, and what behavior is consistent with their jobs. And they understand there are behaviors that are clearly inappropriate. When the workforce is only vaguely aware of corporate visibility because a monitoring program is kept secret, employees don’t have a reference to understand or baseline their own behaviors in context of organizational policy or peer groups. In this case, a healthy amount of awareness and peer comparison often serves as a motivator to promote safe, secure, and efficient behaviors and activities.

When privacy-driven and transparent Workforce Cyber Intelligence is communicated, employees will feel more secure and welcome the responsibility of contributing to organizational performance and risk posture goals.

Balancing Trust and Access

While integrity and availability of the monitored data are important, the confidentiality of that data is critical. Indeed, data collected for the purpose of monitoring employees would be a treasure trove of information for any malicious actor.

Securing this sensitive data from external adversaries is obvious, and internal access control is critical as well. Information on individual employees should be anonymized and unmasked only on a strict need-to-know basis. This way, you’re able to toe the line of trust and access effectively.

Next up: Mitigating External & Internal Threats

Next week, we’ll be diving into Workforce Cyber Intelligence 104: An Examination of Protection for Mitigating External & Internal Threats. Can’t wait? You can always download the full Workforce Cyber Intelligence for Dummies eBook for additional insight now.