Data breaches and hacking are on the shortlist of fears that plague many business executives, and with good reason. The Identity Theft Resource Center has been tracking data breaches since 2005, and almost every single year since then has seen a record number of breaches and hacking; these events aren’t limited to major companies either, but instead are found in businesses of every size and in every type of industry.
Unfortunately, the numbers of “inside job” data breaches, whether intentional or completely accidental, like the recent Snapchat boss phishing attack–mean companies would do well to guard their own gates while they’re investing in top-notch cybersecurity protocols. A 2015 data breach at Morgan Stanley resulted in the termination of employment and even criminal proceedings against a 30-year-old employee who downloaded the account information for about 10% of the investment firm’s wealthiest clients, or around 900 accounts. Unfortunately, not only was the employee not smart enough to cover his theft-tracks, he seems to have accidentally posted the full database of information online.
So how are companies supposed to stop unwanted activity while still giving their employees the necessary tools to do their jobs?
One concept is in employee monitoring software, or software that can work behind the scenes in your company’s network and monitor the computer activity that goes on. Largely using predictive data, like a dramatic increase in the number of emails someone sends, or a sudden shift in working extra hours when no one else is around, the software can at least alert the IT department or executives to the potential for data theft, insider trading, or even stealing proprietary products.
This type of spying actually sits well with industry watchers, who say it’s no different than monitoring the company’s network for fraudulent computer use or “piddling around” on the job. Where things get shady, though, is in the software’s ability to detect an employee who might be gathering his information in order to leave the company and head to a job with a competitor. So long as he’s not taking sensitive account data or company secrets with him, experts say that’s pretty much outside the employer’s right to know.