By: Colin Murray, ITMG Insider Threat Analyst
Nobody wants their employees to feel like big brother is always watching, but employees can’t be allowed to do anything they want on their business computer either. Striking that balance is difficult and there are no easy answers. Getting the best balance requires an understanding of your environment and risk factors.
The most important question to ask when weighing security vs privacy is how at risk is your business? Are you a company that is always doing its best to maintain a narrow competitive advantage through innovation? Then you should be leaning towards security. If you are a company that is offering a service and have little proprietary information, then you can probably focus more on your employees’ privacy and let them operate with less oversight.
The next factor is company culture. This is a lot harder to quantify and does rely on those within the company to be objective. Ironically, this can run counter to the first consideration because it is often the companies that are always innovating that feel locking things down with security can stifle creativity. They want their employees to feel free to do whatever they need to do to come up with the next great idea. An employee feeling like their every move on a machine is tracked may feel inhibited and less creative. One solution is be transparent with how you track your employees. Monitoring in “secret” will put you on the fast track to losing company trust.
The last thing to consider is the maturity of your insider threat team? If you can trust that your team is only looking into employees that have given cause for concern and if the identities of those employees are masked in your system, then you are likely in a situation that can lean a little more towards security than a team that has not matured. One of the best ways to increase and maintain that maturity is through regular audits. Audits will help you improve but it will also signal to leadership that you are focused on caring about privacy.
Sadly, there is not a perfect way to determine where a company should fall on the security and privacy scale. Hopefully, over time, we as an industry can push to better maintain security in a way that doesn’t make employees feel like it is at the cost of privacy.
Contact ITMG to Develop Strategies and Protocols Designed to Help Your Company Mitigate Your Insider Risk
ITMG is an industry leader in helping organizations throughout the United States strengthen their insider risk management programs and secure sensitive data and intellectual property. Our team of bona fide experts has the real-world experience necessary to plan out and create holistic security solutions tailored to the needs and risks in your industry. Contact ITMG today to learn more about how we can help! You can also visit our Facebook, Twitter, and LinkedIn pages for more updates and insights into the world of insider risk management.