Security is the one non-negotiable in business today. Whether it is securing the building one operates in, providing a safe working environment for employees, protecting IT systems from hackers and malicious software, or protecting corporate data from external and internal threats, business leaders cannot effectively meet their fiduciary duties without including security in their strategies.
"Our current lifestyles and business methodologies automatically take most security considerations into account when running a business," says Amir Lubashevsky, director of Magix Integration. "One area that is sorely neglected in South African businesses of all sizes, however, is the enormous internal security threat posed by employees.
"It is all very well to search employees when they leave a building to make sure they do not take their computer's hard drive home, but what are corporations doing to ensure their staff do not purposely corrupt information or sell it to a competitor. There are criminal syndicates in operation today making a lucrative business out of recruiting employees from various companies and paying them to change or steal data. Would you rather lose a piece of hardware worth R1000 or have sensitive data passed to a competitor and lose millions of rands in potential new business?"
Employee monitoring is a sensitive issue. Nobody likes to feel they are continually under suspicion, especially when only a small percentage of people actually engage in criminal activities. The reality, however, is that not monitoring employee activity is no longer an option.
Many companies perform regular analyses on their database and server log files to determine if any unauthorised or irregular activities have occurred. The results can often highlight suspicious activities and point out suspect employees. Unfortunately, this usually happens long after the damage is done.
Lubashevsky suggests the only workable preventative solution is to implement invisible employee monitoring technology to guard against specific information anomalies in realtime. This will enable businesses to catch malicious activity before any damage is inflicted.
"Managers can obviously not afford to pay people to play Big Brother and observe every employee all the time; nor can they afford to hinder the business's functions by installing software on computers and servers and slowing the performance of the company's IT," adds Lubashevsky. "Installing independent monitors keeps tabs on network traffic and highlights anomalies without wasting management time or hampering productivity."
Invisible monitors do not disrupt the flow of traffic across the network or slow down the operations of computers as they are simply programmed to monitor data flowing across the company's LAN. Should any predefined anomalies be detected, the system logs all the necessary information and alerts a manager or administrator.
"A critical factor in selecting monitoring software is to ensure it is not tied to any one vendor," notes Lubashevsky. "Effective security requires an independent program able to monitor data flowing from and to any application, irrespective of format, vendor or version."
Another aspect of employee monitoring is the ability to control all the end points in an organisation from which data can be copied. Current technology makes it easy to copy large amounts of data onto small devices that can be hidden in the back of a pen, for example.
"End-point monitoring, the ability to prevent USB and Firewire ports, for example, from being used by unauthorised users is therefore also a key aspect of an employee monitoring solution," says Lubashevsky. "And contrary to popular opinion, this functionality is available and easily implemented - even across companies with thousands of users."
Employee monitoring may be an uncomfortable issue for many businesses managers to deal with, but it is one that must be addressed. Leaving the most vulnerable point of your organisation unguarded is a gross dereliction of duty.