Skip to main content

Monitoring data to understand employee behavior

An organization’s critical digital and physical assets are at greater risk of theft, damage and manipulation by insiders than ever before. Increased global connectivity means that anyone with access to company data, anywhere in the world, can exploit weaknesses in data security. Often, these are trusted employees who have been permitted access to, or have knowledge of, critical data sources.


Insider threats and behavioral patterns

Threats posed by insiders are difficult to detect without gathering and analyzing data from a variety of sources.

By focusing on behavioral patterns such as anomalies in employee work hours, attempts to access restricted work areas and the use of unauthorized external storage devices, companies can identify individuals who may pose a higher risk to the business. Once risk ratings have been established, organizations can then consider, based on the new information, whether to place high-risk groups under further review.

Data monitoring and employee privacy

Despite the need to collect such data, our survey identified a tension between opinions about what data companies should monitor and the types of surveillance that their employees consider a violation of privacy. Seventy-five percent of our respondents say their companies should monitor data sources such as emails, telephone calls or messaging services, and yet, 89% of respondents would consider monitoring these data sources as a violation of their privacy.

Protecting assets from insider risk

Companies should bridge this gap by raising awareness of the importance of collecting such data and of the potential consequences if company data is leaked or stolen. The financial, reputational and regulatory impact of having an organization’s critical assets stolen or damaged can be catastrophic, as evidenced by significant news coverage on data leaks in recent years. Employees need to understand that companies can only protect themselves from such exposure by embedding an integrated insider threat program into their business, which is capable of protecting their most critical assets from insider risk.

What should be monitored?

Links to the next and previous sections

Back to top