The fallout from a cybersecurity breach can be extremely damaging. With GDPR also in force, it feels like the stakes are only getting higher and the punishments more severe.
The responsibility for keeping companies safe from cyber attacks is shared, yet differs depending on roles within an organisation. What does it look like for HR professionals? And how can they determine if they’re doing enough to protect their company from attack?
The answer to some of these questions comes from a seemingly unexpected place: workplace monitoring programmes. By understanding and examining human intent within the workplace, organisations can ensure that any anomalous digital workplace activity can be flagged and dealt with in real time. What’s more, this tracking can happen with all data anonymised, so that staff only uncover a user’s identity under planned and controlled circumstances.
HR departments are crucial advocates of company-wide best practice and guardians of employee wellbeing. So, when it comes to implementing an approach that requires the monitoring of employee behaviour, they are best positioned to handle and manage such a task.
Workplace monitoring is notoriously surrounded by misplaced fear, especially when it comes to concerns over privacy. HR departments are therefore required to walk a narrow line between working with security personnel to protect against potential threats and ensuring privacy of employees is properly communicated and respected. This approach isn’t a threat to privacy; it’s a force for good that serves to protect an organisation and its people from the risk of cyber attacks.
In some industries such as finance, pharmaceuticals or defence, it is accepted that those with access to critical or top-secret data will be monitored for security purposes. However, a range of industries could benefit from this and discover that contextual information is critical to identifying malicious attackers or compromised users.
Understanding human behaviours and differences in an employee’s intent behind a suspicious activity is crucial – whether that’s accidental, compromised or malicious. For example, consider the idea that your work computer is hacked. Cybercriminals have begun to browse your machine and access company files. Without workplace monitoring in place, you would appear to be the culprit. Sophisticated behavioural monitoring programs would spot this activity, flagging that this would not be normal for you. Security teams would be automatically alerted to immediately limit (or completely deny) further access. As a result, both company and employee reputations are saved.
Many HR professionals spend a substantial amount of their time making micro-assessments – analysing mood, behaviour and even potential flight risks. When so much of their role focuses on improving and maintaining employee wellbeing, HR staff need further support. Workplace monitoring can help here, flagging when harmful behaviours may emerge because of changing attitudes to job responsibilities. HR staff are then in a position where they can prevent damage and potentially even steer employees back into the more positive workplace behaviours.
A perfect position
It has never been more important for businesses to have processes in place to protect their customers, intellectual property, brand reputation and employees. HR teams are in the perfect position to implement measures that monitor activity within the company’s network, in a way that prioritises the employee’s best interests. By making the reasons for monitoring clear and improving understanding of why an organisation would choose to do this, fears of ‘Big Brother’ issues can be addressed. This will ensure that every member of the organisation is an active participant in safeguarding the business.
Nico Fischbach is CTO at Forcepoint
How much employee monitoring is too much? Read the People Management feature on where to draw the line – and whether the line even exists