While it’s generally agreed that employees pose a greater security threat than hackers, virus creators, or other cybercriminals, what’s less well known is that some of the newest tools for ferreting out evidence of wrongdoing can play other roles within companies. That complicates the buying decision, certainly — are you trying to help employees find data or making sure they don’t make off with it? — but it hasn’t stopped a handful of emerging companies from developing new software products that do double duty: acting as cop or concierge, depending on your point of view.
While annual computer-crime statistics are probably enough to make companies interested in such products, that interest gets a boost from new compliance regulations that make companies more responsible for protecting the privacy of clients, monitoring E-mail exchanges, and more. At the same time, lost productivity due to improper employee computer use (that is, unmitigated Web surfing) is mounting.
Although many legal issues remain murky regarding how closely companies can, or should, watch employees, many experts say the law is firmly on the side of the employer. Renee S. Schor, a partner in global law firm Baker & McKenzie in San Diego, acknowledges that some new monitoring technology is already in use among the firm’s clients. Companies address privacy issues by advising employees of any monitoring policy through company handbooks and sometimes through a pop-up reminder when an employee logs onto his or her company computer for the first time, she say. The employee must then acknowledge his or her acceptance of the policy. Schor says that “so long as there is a business necessity for it, and the employee is advised that he or she does not have a reasonable expectation of privacy, companies are going to have a fair bit of comfort in utilizing these systems.” The issue is more complicated for global firms, because privacy laws in some countries give employees more protections.
The systems most often in place — Web-filtering software — track or prohibit employees from accessing certain Websites. While that category continues to see plenty of development, other related types of software are emerging that don’t simply look over an employee’s shoulder, but study that worker’s habits for clues as to whether something is afoot. “I believe that companies have the right to know what their employees are doing on their computers at work while they’re being paid to do a certain job under the employment contract that already exists,” says William L. Tafoya, an expert on cybercrime investigation and a professor in the Criminal Justice Department in the School of Public Safety and Professional Studies at the University of New Haven. He says that a variety of concepts and advanced technology under development have workplace potential for analyzing cyberbehavior and uncovering, or even anticipating, crime. Keyboard logging, systems that track online behavior to determine intent, and neurolinguistic analysis are among the techniques that, particularly when used in combination, could give an employer new insights into whether an employee poses a risk.