How to Set Up Alerts on Possible Insider Threats

Early identification is the key to minimizing the damage of a cyber attack or data breach. The sooner a problem is detected, the more you’ll be able to limit the damage. However, what’s even better than early identification is preventing the problem before it arises. That means that you need the ability to detect threats and put a stop to them before an attack or a breach occurs. Employee monitoring software is one tool that may be able to help you predict insider threats before they occur and prevent a data breach before it happens.

However, monitoring employee behaviors is a delicate balancing act. While the data provided by software helps to identify and stop data breaches and other inappropriate online employee behaviors, aggressive monitoring or stealthy monitoring (e.g. monitoring done without an employee’s knowledge) can lead to distrust and resentment.

Companies should always disclose monitoring to employees; ideally, monitoring policies should be detailed and outlined in the employee manual. Disclosure ensures that there are no grey areas.

So how can monitoring software protect your company from malicious threats and data breaches without resorting to Big Brother-type tactics? Here’s everything you need to know:

Why Employee Behavior Matters

Employee monitoring software can help you detect changes in employee behavior that could be red flags.

Often the threats to your data that are the most serious are the ones that come from inside the company. However, in order to spot these threats, you need to be aware of employee behavior and be able to track the way that it changes.

Disgruntled employees don’t appear out of thin air, and a good employee doesn’t suddenly turn against their employer for no reason. Often there is a pattern of behavior before an insider attack that could predict what is about to happen. A decline in employee performance, for example, could be a red flag, especially when combined with known personal problems, like a health crisis, divorce, or financial problems. Employee monitoring can help alert you to a change in employee work patterns that may signal problems.

Hacked Off: Companies that Have Been Targeted by Disgruntled Employees

The people who are in the best position to get past your firewalls and security measures to damage your network or steal your sensitive data aren’t outsiders. They’re people inside of your own organization, often people in positions of trust. No one likes to think that they’ve misjudged trusted employees, but there are several high-profile cases that should remind employers about the possibility of threats from within. 

ClickMotive

Hackers don’t necessarily look like movie villains.

ClickMotive is an auto industry web software provider. In 2011, an employee named Michael Thomas, then working as the company’s IT operations manager, became disgruntled with his employer. His method of getting revenge on ClickMotive involved deleting hundreds of files, interfering with system notifications so that other employees wouldn’t be notified of problems, and changing authentication settings to prevent some employees from working remotely.

Thomas also interfered with company email distribution, causing employee requests for assistance to go unanswered. Repairing the damage cost the company more than $130,000. 

Thomas was convicted for his tampering under the Computer Fraud and Abuse Act, but appealed the decision, arguing that in his position as an IT operations manager, part of his job included damaging the computer system occasionally as a means of troubleshooting. However, the U.S. Court of Appeals for the Fifth Circuit upheld his conviction.

Tesla

Often the people with access to sensitive information and motive to cause damage are trusted employees.

Another case involves the electric carmaker Tesla. Recently, CEO Elon Musk notified employees that an employee broke into the company’s computer system and made code changes to the operating system in an attempt to sabotage operations and disrupt manufacturing. What’s more, the employee also sent large amounts of company data to a third party. It may take some time to determine the full extent of the damages caused by the disgruntled employee’s actions.

The CIA

It isn’t just private companies that are at risk. Even government organizations aren’t immune to this kind of sabotage. Software engineer Joshua Adam Schulte, who formerly worked for the CIA, is alleged to have stolen classified information from the agency and disclosed that information to Wikileaks.

Schulte also is alleged to have tampered with the computer system, giving himself unauthorized access to more material, deleting information in an attempt to cover his tracks, and locking out other users. He’s been charged with 13 counts, including illegal gathering of national defense information, illegal transmission of lawfully possessed national defense information, and obstruction of justice.

Educating Employees: How to Spot Patterns in Security Compliance

Patterns in employee security compliance may indicate the need for more training or other adjustments.

Of course, not all insider threats are malicious threats like the examples we just discussed. A number of data breaches with an insider component arise from carelessness with security protocols or security shortcuts taken to improve efficiency, leading to unintentional weaknesses in the network.

Employee monitoring software can help you determine patterns in employee behavior that suggest potential weaknesses may arise. For example, you may notice that adherence to security protocols declines several months after a security training session, which may mean that refresher training is necessary. Or you may notice lapses that occur during particularly busy periods in the industry, which may indicate that employees are taking shortcuts when they’re under increased pressure. Noting these patterns can allow you to not only take steps to shore up security before the breach occurs, but also to take steps to interrupt the pattern before the next time it reoccurs, reducing your organization’s incidences of vulnerability. 

Preventing Outsider Interference

Employees are also vulnerable to being tricked or manipulated into exposing data via phishing scams, social engineering, and other outside interference. While these types of attacks can occur at any time, there may be times when the risk is higher for these types of attacks. For example, your organization may be at greater risk during a merger because attackers may perceive your organization as being weaker while it is integrating new employees and security systems.

Employee monitoring may be able to help you detect an uptick in outsider attempts to attack your organization through your employees. Not only will this information help you prepare your employees to be on their guard, but you’ll also know to look for the same patterns during similar phases in the future.

A Balancing Act: How to Monitor Employees without Corrupting Trust

Employee monitoring has some definite benefits for employers. It increases your company’s data security, reduces the likelihood of corporate espionage, and can have positive impacts on employee productivity. However, it can also seriously diminish employee morale. Employees may have concerns about their own privacy, fear punishment or termination, or feel pressured to conform to a style of work that doesn’t best suit their needs and abilities. You can maintain strong employee engagement while reaping the benefits of employee monitoring if you can find a way to balance the two. Take a look at some ways to do that. 

Avoid Using Monitoring Information to Punish

Using data to help workers improve is a net positive for everyone involved.

Everyone needs their job, and employees that are constantly worried about losing their job or being disciplined in the workplace are not the most engaged employees. Be careful about using information gleaned during monitoring to punish workers who aren’t meeting the standards that you want them to meet. Doing this will affect not only the individual worker affected, but also every other worker who will end up feeling that you’re constantly watching them, looking for an excuse to fire, demote, or otherwise discipline them.

Wherever possible, focus on improvement and mutual success instead. Chances are, your employees want to do well at their jobs and feel confident in their abilities. When your monitoring data shows weaknesses in an employee’s performance, use it as an opportunity to help them shore up their skills and working habits. That way, they’ll perform better for you, and they’ll also feel good about their own abilities in the workplace, resulting in better employee engagement. 

Don’t Rely Too Heavily on Monitoring Data

Data gleaned from monitoring can be a useful tool in improving your workplace, but it shouldn’t be the only tool in your toolbox. That data only shows part of the picture, and it shouldn’t be taken without context.

For example, client feedback can play an important role in contextualizing your data. If the data shows that an employee’s work is slower on a particular account, but the client is very pleased with that employee’s work, it may be the case that that particular client’s account is more complex than average, or that the client requires more frequent updates or explanations. In that case, the employee’s work speed is only part of the story – they’re putting in the effort to keep the client happy, and that is often more important than speed.

Don’t forget to also give workers a chance to speak for themselves and provide context as well. Employee feedback is also a valuable tool. If many employees are failing to meet a particular quota, for example, soliciting feedback may reveal that the quota is unrealistic, not that the employees are failing at their jobs. 

Don’t Jump The Gun

Being transparent and allowing time to adjust to changes reinforces that management and workers are in it together.

If you’re implementing a new monitoring system and policy, it’s important not to change things too radically all at once. Take the time to communicate the changes to your employees – transparency between management and workers helps to keep morale high. Do a gradual rollout and allow time for workers to acclimate to changes. 

While most employees are well-meaning and loyal, employers should not close their eyes to the possibility that employees in trusted positions may be the ones that can do the most harm to their organizations. Employee monitoring software is an important tool that can help employers protect their computer systems and their most valuable data. However, employers also need to understand that monitoring has the potential to destroy employee trust if implementation is not properly disclosed and discussed. Employers should disclose all monitoring policies clearly in an employee handbook to ensure that everyone understands the expectations and limitations of employer-controlled technology. To find out more about how employee monitoring software can protect your organization, Start your free 7-day trial.