Events Knowledge Industry What's New Pinned Announcements Promotions News

Does “to trust” mean “to control”? Security is at stake!

• What's New• Knowledge12/17/2015

Fear of threats related to employee malevolence is growing in large companies. How to monitor people’s activity wisely in the security service?

Monitoring? Do not mistake it for surveillance

Many employees openly show their resentment toward the management and the IT department, when the employer considers the implementation of employee activity monitoring software. They believe it is proof of a lack of trust and that it will lead to constant surveillance. Those Orwellian visions are the result of inadequate education of the staff. Monitoring solutions are aimed to strengthen the corporate security chain and this needs to be explained to the employees in detail. How to approach such conversation? What monitoring policy should be adopted?

Let’s not assume in advance that each employee is a potential threat. However, each group includes some black sheep who, by their actions, can incite significant financial losses, loss of company goodwill or even the fall of the company. Therefore, the detection of malevolent actions should be a common goal for all employees. If an employee has a clean conscience, there is nothing he or she should worry about. Wise usage of monitoring tools is based on responding to incidents, not tracking of every click. Another argument for the implementation of such solutions is the growing number of threats based on social manipulation, such as spear phishing. An employee might be unaware that by clicking on a link or downloading an attachment, he or she contributed to a critical data leak or infection of the corporate network with a dangerous virus. Thanks to the monitoring tools, the administrators can quickly respond to such an attack attempt. The above policy and rhetoric should be applied by all management boards and IT departments – comments Marcin Matuszewski, Technical Support Engineer at Axence.

Companies are more and more aware

Large companies and corporations show the highest awareness of the losses which might occur from the unauthorized actions of their employees. The IT decision makers participating in the Orange Insights survey indicated that employee malevolence is the second worst threat to network security – right after the attack of cyber criminals. This answer was chosen by 52% of people taking part in the survey (for comparison, hacking attacks were quoted by 53%). In these companies the expenses born in relation to IT security, including network users’ activity monitoring tools, are constantly growing.

What solution should you choose?

When considering the choice of software for user activity monitoring, pay attention to the function allowing for the documentation of malevolent practices by an employee. If it is suspected that a person could be working to the detriment of the company, the administrator should be able to take screenshots (to catch the culprit red handed), to view the history of edited documents and visited websites and programs which have been run on the employee’s workstation. Evidence for the intended leak of strategic data can be also found in e-mail. The software should allow the monitoring of the names and sizes of sent attachments and the headers of sent e-mail messages. All the described functionalities are offered by the Users module of Axence nVision software.