Page 106 -
P. 106
SeCUrity GUiDe Evolving Security
engages in a collaborative project with another firm? How many or all of these activities are permitted in most states. 105
can team leaders be sure their corporate partners have been Monitoring activities can be used to provide a fairly robust
evaluated with the same level of scrutiny? picture of employee behavior. They can also be used to iden-
The hard truth is that these types of assurances can- tify risk levels for each employee within the organization.
not be made in most cases. Granting network access to For example, in a recent study by Paul Taylor at
11
outside collaborators can pose a considerable threat. A tem- Lancaster University, researchers found that employees
porary collaborator granted access to an internal network who were planning to act maliciously changed the way they
could steal corporate data more easily than a cybercriminal interacted with their coworkers. They started to use singu-
attacking it from the outside. In a way, it’s similar to trusting lar pronouns (like I, me, or my) rather than plural pronouns
your siblings. You may trust your brother or sister, but do (like us, we, or our). They became more negative, and their
you trust their friends? language became more nuanced and error-prone.
Researchers are also developing new technologies that
Employee Monitoring can be used to monitor and interpret not only what users are
You may be wondering if there is anything employers can typing or clicking on but also how they are typing and how
do to mitigate the risks of an insider threat or a sketchy they are moving their mouse. These measurements can then
corporate partner. Employers are increasingly monitoring be used for any number of applications, like making sure you
12
Internet usage, tracking GPS information on vehicles and are not reusing corporate passwords or identifying stress or
mobile devices, recording keystrokes, monitoring social anxiety while you are writing an email. By the time you enter
10
media activity, and reviewing emails. While some of these the workforce, almost everything you do for your company
activities are illegal for employers to conduct in some states, has the potential to be monitored and analyzed!
QUeStionS
1. This guide emphasizes how information security strat- 4. How do you feel about the trend of companies using
egy has changed over the past two decades due to ad- new technologies to monitor their employees? Would
vancements in technology. What do these changes mean you want to work for a company that uses monitoring
for you personally in managing and securing your own technologies? Why or why not?
personal systems and data? 5. Monitoring digital activity is not exclusive to the work-
2. Take a few minutes to conduct an Internet search on place. Internet service providers monitor your Web traf-
insider threats. Besides some of the high-profile cases of fic, and many Web sites monitor everything that you do
employees stealing and selling or distributing corporate while interacting with their site. What does this mean
data, what other examples can you find? for users working from home? How might an ISP’s mon-
3. What kinds of collaboration tools have you used to com- itoring activities be a threat to corporations?
plete class assignments and projects? Could these col-
laboration tools pose a risk to you? How?
