• United States




For true cybersecurity you must know what employees are doing

Feb 28, 20184 mins
Data and Information SecurityNetwork SecurityPrivacy

A look at some options for keeping tabs on your staff and the possible pros and cons.

eliminate insider threats 1
Credit: Thinkstock

Securing your data in the digital age is very challenging, but it has never been more necessary. We just looked at the hair-raising cost of a data breach in 2018 and we know that employees are often the weakest link. In fact, over 90% of all cyber-attacks are successfully executed with information stolen from employees, according to the Identity Management Institute.

The majority of these employees are the innocent victims of phishing attacks, but former, or even current, employees with an axe to grind can also cause enormous damage and typically prove more difficult to root out. There’s no doubt that security awareness training is vital, but it’s not enough on its own.

As many as 47% of all data breaches were caused by hackers or criminal insiders, according to the Ponemon Institute’s 2017 Cost of Data Breach Study, and these breaches were more costly to resolve at an average of $156 per stolen record, compared to an average cost of $128 per record when human error was the cause.

If you really want to secure your company data then you need to know what your employees are doing, and there are many ways of finding out.

Being Big Brother

There are a lot of employee monitoring software options out there, like Teramind, InterGuard and  SentryPC, that enable you to watch exactly what your employees are doing in real time. At the shallow end you can use these packages transparently and automatically filter out inappropriate content or limit social media time. At the deep end, you can use them silently to track exactly what websites your employees visit and even record keystrokes for online searches, messaging chats and emails.

You may consider this the nuclear option. It may not be illegal to monitor employees in this way, though some states have put protections in place, but it’s certainly an ethical quandary. It gives your IT department access to a lot of potentially sensitive information.

If you’re considering using software like this, then it’s worth asking, “Who watches the watchmen?” Depending on how you use it, monitoring can also be time consuming, so it’s certainly not the most efficient way to guard against the risk of a data breach.

User behavior analytics

From a security standpoint, what you really want is to be alerted when employees do something suspicious. User behavior analytics (UBA) are a smarter way to sniff out anomalies in users’ actions and flag them for further investigation. Companies like IBM and Varonis have developed advanced UBA tools that can detect unusual activity.

Is an employee trying to access a file they shouldn’t? Maybe they’re downloading something at 3:00am from a location that isn’t their home. Perhaps they’re trying to move laterally between systems. The beauty of UBA is that it highlights malicious insiders and outsiders using stolen credentials equally well, though it may require further investigation to determine which is which.

Applying security to the end user experience

If you’re going to go to the trouble of monitoring your employees, then maybe you should extract more value from the data you collect.

There’s a new breed of software that offers the same potential security protections to ensure compliance but focuses on the end user experience and how it might be improved to remediate issues as they happen. Nexthink detects and addresses anomalies in endpoint behavior before they occur or worsen into bigger problems. Nyansa takes a similar approach to problem prediction and mitigation with its network analytics service. Emphasis is placed on end users that have been or could be impacted by a problem then address it before escalation.

 “End users lose more than 20 minutes of time each day because of computer issues, resulting in lost productivity for the business and lost credibility for IT,” says Samuele Gantner, VP Products, Nexthink. “We see this happen even in the most advanced organizations.”

Realigning endpoint monitoring to focus on improving the daily work experience for your employees makes a lot of sense. You can tighten your cybersecurity and gain the oversight you need, while simultaneously facilitating greater productivity and lessening the workload on your IT department.

Whatever strategy you choose, there’s clearly a need to act. The 2018 Insider Threat report from Crowd Research Partners interviewed 472 cybersecurity professionals and 53% confirmed that an insider attack had happened at their organization in the last year. It also found that 90% of organizations feel vulnerable to insider attacks.

Pair good policy and training with effective monitoring software and you can reduce the risk.

[Disclaimer: neither I or my company have any affiliation or business relationship with the vendors mentioned in this article with the exception of Varonis, a reseller partner.]


Michelle Drolet is a seasoned security expert with 26 years of experience providing organizations with IT security technology services. Prior to founding Towerwall (formerly Conqwest) in 1993, she founded CDG Technologies, growing the IT consulting business from two to 17 employees in its first year. She then sold it to a public company and remained on board. Discouraged by the direction the parent company was taking, she decided to buy back her company. She re-launched the Framingham-based company as Towerwall. Her clients include Biogen Idec, Middlesex Savings Bank, PerkinElmer, Raytheon, Smith & Wesson, Covenant Healthcare and many mid-size organizations.

A community activist, she has received citations from State Senators Karen Spilka and David Magnani for her community service. Twice she has received a Cyber Citizenship award for community support and participation. She's also involved with the School-to-Career program, an intern and externship program, the Women’s Independent Network, Young Women and Minorities in Science and Technology, and Athena, a girl’s mentorship program.

Michelle is the founder of the Information Security Summit at Mass Bay Community College. Her numerous articles have appeared in Network World, Cloud Computing, Worcester Business Journal, SC Magazine, InfoSecurity,, Web Security Journal and others.

The opinions expressed in this blog are those of Michelle Drolet and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.