When we think of surveillance in a business, there is no doubt that it is a double edged sword. It can’t be denied that surveillance can be an important part of keeping workers safe and providing security for staff – not only against outsiders, but also from the potential actions of other members of the team, whether intentional or otherwise.
However, surveillance can also be used in an extremely negative way. Many workers see business surveillance as little more than an excuse to spy on staff. It has even been noticed that some organizations go beyond looking at employees’ work activities, to also view their personal accounts.
“Despite it being around for a while, we have noticed an increased use of email, internet and telephone monitoring,” says HR specialist Vanessa Bell speaking with The HR Director “more employers are also taking it upon themselves to check in on employees’ social media platforms and regularly monitor the posts being uploaded”.
The kind of creeping invasion of surveillance might all be fine in the hands of professionals with a desire to keep the business and its staff safe. But where do we draw the line between valuable security work to keep staff safe, and simply unnecessary snooping? Of course there has to be a balance, and the best way to understand where to find that balance is to understand the kind of things staff surveillance might be used to defend against.
Insider attacks
It is unfortunately the case that insider attacks – those perpetrated by individuals working for an organization – are on the rise. In fact, recent statistics revealed that over 60% of data breaches come as a result of an insider attack.
“As a business leader, the last thing you want is an attack from a user with existing access to your environment,” says M.K. Palmore speaking to Security Roundtable “it doesn’t really matter whether a breach is caused by malice, negligence or mistake. Insider threats are particularly pernicious because of the knowledge, access and information malicious insiders may possess, and because even individuals who are cybersecurity-aware can make inadvertent or careless errors.”
It is naturally the case that one of the only ways to defend against these kinds of attacks are through closer monitoring of staff. However, this is not the only time that we see staff surveillance occurring. In some cases, the surveillance can occur in something of a test format.
Penetration testing
The term ‘ethical hacking’ can be controversial – how can hacking ever be ‘ethical’? The truth is that ethical hacking can play an important role in keeping any business secure against cyberattacks. However, having it carried out can create a situation where staff feel that they are being spied upon.
Perhaps the most common form of ethical hacking is known as penetration testing. A penetration test is an assessment of a business’ current cybersecurity measures to check for potential vulnerabilities and weaknesses. These tests utilize “the tools, techniques and procedures used by genuine criminal hackers including phishing, SQL injection, brute force and deployment of custom malware.”
Penetration testing can be extremely effective. But there has been some controversy around the use of elements such as fake phishing emails and ‘social engineering’ tactics. These are designed to replicate tactics used by criminals, but it functionally can involve the penetration testing conducting surveillance on staff without their knowledge.
Invasion of privacy?
It is important to consider whether staff surveillance is necessary for the protection of the business and for members of staff themselves. To some, it seems less for their good and more like a simple invasion of privacy. It has been argued that with potential changes being made in the future for data privacy, this could have an impact on surveillance.
In Europe, the General Data Protection Regulation (GDPR) was brought into effect, and there has been talk of similar legislation likely to become law in the US. Should this occur it could offer some protection for staff against some types of surveillance.
What to do if your business surveillance is too much
If you feel that workplace surveillance is becoming a major issue, it is a good idea to take these concerns to management. Remember that it is often the case that these changes to monitoring are made with the thought in mind to help keep businesses and their staff more secure. It could well be the case that overzealous changes have been implemented without anyone thinking through the negative consequences for staff.
Staff surveillance has huge advantages for both businesses and members of the team, if it is carried out correctly. Staff should feel that they have the opportunity to discuss changes to their monitoring without fear.
This blog was printed with permission.
About the Author: Dakota Murphey is a freelance writer based in the UK, specializing in Digital Trends in Business, Marketing, PR, Branding, Cybersecurity, Entrepreneurial Skills, and Company Growth. Having successfully contributed to a number of authoritative online resources, she has secured a platform to share her voice with like-minded professionals