Wednesday, 19 Jun 2019

Tips for ensuring insider threat prevention with a privacy-friendly business culture

Unfortunately, data breaches are increasing, misuse of data is worrying, and few companies have proven their ability to prevent these events. In addition to changing consumer confidence in data security, formal regulations such as the GDPR in Europe and the CCPA in California are forcing companies to rethink the importance of data security.

In short, in 2019, data security, including the prevention of loss, theft, and abuse, comes first. At the same time, companies face the challenge of balancing compliance programs in a confidential environment for their employees.

What is the solution?

With the financial and logistical consequences for bankruptcy, companies have all the incentives to do so, which means that their biggest weaknesses over the problem of internal threats prevail. According to the 2018 data security study by the Ponemon Institute‚Äôs, “companies should step up their efforts to minimize the risk of insider information due to increased costs and the frequency of incidents.”

With internal threats that represent a large number of data loss events, employee monitoring and data loss prevention capabilities are fast becoming an indispensable part of any data security initiative.

Of course, the supervision of the employer in the form of employee monitoring software can contradict the spread of a privacy-friendly environment. Preventing data loss at the expense of protecting the privacy of employees is indeed a complicated version of “stealing Peter to pay Paul.”

The answer is software that prevents data loss and monitors employees with privacy. Complying with data protection requirements without violating employee privacy is possible. It is best-of-both-world access that benefits businesses and at the same time protecting employee privacy.

Privacy-friendly monitoring

The complete monitoring software for today’s employees is highly configurable so that employers can capture and evaluate the information they need without a large network.

These configurations may include:

  • You cannot record workstation sessions or restrict the monitored applications
  • Enable self-editing and masking of personal information
  • Create rules that automatically suspend monitoring when a user participates in a private activity
  • Implement multi-level management that limits the manager’s access to employee data
  • Evaluate the productivity reports for guidance rather than evaluation purposes

For many employees, these guidelines represent an appropriate balance between responsibility and autonomy. In the meantime, according to the GDPR and other regulatory directives, some of these measures need to be implemented.

For example, GDPR Article 22 restricts employers’ ability to make decisions related to personnel that is based solely on automated processing, such as on employee monitoring data.

Most importantly, they enable them to simultaneously assess the privacy of their employees while safeguarding the privacy of their business, which is an integral part of a successful company in 2019.