An article recently appeared in the New Scientist Magazine highlighting the potential of AI to track the digital behaviour of employees at work and report to their employers if they have been “slacking” or “showing signs of going rogue”. The article included complaints from digital campaigning organisation, the Open Rights Group, that employers were using AI to give legitimacy to work place surveillance and claiming that employees still have a right to privacy even at work.
This is an important issue and not one which should be dismissed with blanket statements from either side of this controversial debate. Behavioural monitoring solutions are now at the forefront of the fight against cyber crime, which is rapidly becoming the number one threat to business security, and so cannot be ignored. To discard them would be to fling open wide the door to the insider threat and ignore the fact that an increasing number of cyber breaches come through what is often the weakest link in the corporate security perimeter, employees either through misconduct or negligence.
Leading edge solutions, such as ThreatSpike, make use of complex algorithms to track and analyse unusual activity by employees. This analysis can signal behaviour which is suspicious (such as downloading a database and then doing nothing with it) or equally provide evidence that there has been no misconduct.
Employees do have the right to respect for their privacy at work, but employers also have the right to safeguard themselves against misconduct and protect their business and the confidential data of their customers and employees against cyber attack. This does include the right to conduct surveillance on their employees if they can demonstrate good cause and the Information Commissioner’s Office provides guidelines on how do so in accordance with the Data Protection Act. This includes informing employees about the company’s surveillance policy, unless there is evidence of criminal conduct.
In addition to protecting the business and its customers, a behavioural monitoring solution also offer protection to employees themselves. Employees can easily become the victim of a phishing scam on their work accounts, opening up their company and themselves to exploitation. This can badly damage the business and could have repercussions for the employee of there is any negligence on their part.
A recent client, a well respected law firm, suffered badly when a junior employee opened a phishing e-mail and in doing so allowed the hackers access to the company e-mail. This was then used to impersonate one of the firm’s lawyers and redirect a property deposit cheque of more than £50,000 to the hacker’s bank account. The employee whose actions facilitated this is, of course, devastated by the consequence of their mistake. Monitoring would have picked this up and prevented the fraud, protecting the firm, the customer and the employee.
Head of Cyber Security