Monitoring Employee Activity on Organization’s Network

The technological age has completely changed the essence and value of business and company assets.

In the past, most of a company’s assets were tangible, stored in secured warehouses which are closely monitored and controlled.  Today, most companies’ assets, such as trade secrets, client files, financial data, and strategic plans, are not tangible but digital.  The past, present, and future of the company largely depend on protecting these assets.

In a computerized work environment which relies on online infrastructure, tracking employees’ work routines and monitoring their activities are an absolutely required part of normal company functioning.  Adopting an approach to information security based solely on scenarios of sophisticated hackers outside the organization could seriously damage companies’ ability to survive.

Abandoning control and monitoring within the organization opens companies up to many dangers, including:

1. “The Enemy Within”
   Research shows that more than 30% of cyber events experienced by businesses are caused as a result of activities of malicious employees taking advantage of the organization’s trust.Rogue employees take advantage of their status as users with access authority to company information systems and operate to steal trade secrets, patents, client lists and even maliciously sabotage and disrupt other employees’ work productivity.
2. Cyber attacks, industrial espionage, and information leaks
   Uncontrolled and unfiltered exposure to the net increases the risk of cyber attacks by external factors who specialize in taking advantage of naïve employees.
   Additionally, surfing to innocent-looking sites, or opening a tempting email from an unknown sender, could cause organization’s resources to be taken advantage of for the purposes of infiltration by business espionage software, viruses and malware, phishing attempts to gather passwords, sensitive business information, or conducting financial fraud.
3. Business Loss
   Employees holding high levels of authorization could make negative use of this authorization to carry out changes in actual data or supply-chain reports, and thus increase their ability to steal assets and products from the company. Preventing business loss is a recognized element mainly within the industrial and wholesale fields, since these are involved in the production of tangible assets. Beyond this, however, treating this issue is essential today in any company hoping to protect its assets and reduce the risk of embezzlement, fraud, and theft by employees.
4. Damage to Profits and Productivity
   Research shows that workers waste about 40 hours per month on activities unconnected with work. Online access is an inseparable component of all business activities, but it also brings with it numerous well-known disadvantages and dangers which can harm and occasionally even lead to disasters for business profitability, employee productivity, and protecting trade secrets and sensitive resources.
   The availability of social networks, news sites, and entertainment applications noticeably reduces productivity at work and the efficiency of employees who are tempted to waste precious work hours with leisure and personal activities. This phenomenon is known as “time theft,” and although it may not stem from malicious motives, its consequences for the functioning of the business and its financial resilience may be serious nonetheless.

The Solution –  Protective Tracking

HireWall provides a solution which allows reducing and identifying the possible risks through 3 layers of protection:

1. Technology:
   – Online monitoring, creating notifications about information theft in real time.
   – Ability to investigate events after the fact and provide digital evidence to court-required standards.
   – Ability to investigate actual work hours compared with attendance reports.
   – Meeting privacy protection standards requirements in Israel which requires, in part, the ability to monitor and audit access to sensitive information
   databases.
2. Human analysis
   Installation of a monitoring and control tool is usually done with a sense of excitement and satisfaction initially, but in most cases, within a short time, the excitement passes and monitoring is abandoned.  The combination of analysts with our company who specialize in cyber investigation and information security is critical in order to maintain a maximal monitoring ability and optimally productive use of the information that is gathered.  Gathering large amounts of information about employee activities loses its value if the results aren’t condensed into a precise, comprehensive executive summary which allows drawing conclusions and taking decisive action for operational optimization of the company and removing harmful parties who are behaving dishonestly.
3. “Honeypot” Strategy
   Malicious employees, whether they’re acting on their own behalf or have been recruited by competitors or were even planted in the organization as a Trojan horse, are occasionally aware of the possibility of monitoring and control over their activities, and they learn how to fool monitoring systems.  Implementing a “honeypot” strategy, which involves completely ordinary files (such as Word or Excel files) which contain interesting real or fictitious information of some value to the malicious party, serve as an additional protective layer to reduce the risk of sensitive information leaking out of the organization.  Opening this type of file, which encode, allow receiving of data which can serve as legal evidence.  In this way, it is possible to identify access to data by anyone who is unauthorized, as well as to reveal the digital signature containing information about the location where it the honeypot was opened and the identity of the individual causing the leak or the information thief.