6 minute read
The greatest asset becomes the biggest risk
by Media Xpose
The greatest asset
becomes the biggest risk
It's never been more important to protect employees from cyber-attacks while also mitigating the risk they pose as trusted insiders. The erosion of the cyber-perimeter as a result of new virtual workforce models necessitates a new approach, one that baselines activities and behaviours and protects employees by highlighting anomalies.
By Cybersecurity Expert and J2 CEO, John Mc Loughlin
Companies deploy multiple security, intelligence and productivity monitoring tools in the hopes of working smarter and safer. However, none of these solutions focus on the humans driving day-to-day operations. Dtex offers the world’s first and only Workforce Cyber Intelligence Platform, capturing hundreds of elements of behavioural telemetry to produce dynamic “Indicators of Intent” and deliver holistic, real-time awareness about the workforce’s activities – without invading personal privacy.
It also empowers business owners to easily see, understand and act on contextual intelligence using scoring frameworks proven to stop insider threats, prevent data loss, maximise software investments and protect the workforce, wherever they may be.
Workforce Cyber Intelligence is a new approach to enterprise data collection and analysis that focuses on understanding how, when, why, where and for how long employees and third parties interact with data, machines, applications and their peers as they perform their job responsibilities to create a safer, smarter and more secure enterprise. Workforce Cyber Intelligence is designed for today’s modern, distributed workforce model. It provides complete visibility into user and account activity, keeping all data anonymous to protect privacy and only shining a light on abnormal or inefficient behaviours that indicate risks and areas for operational improvement.
It is critical to ensure employees know that personal activities and behaviours that don't directly increase organisational risk, cause cultural conflict, or limit successful operations remain private and anonymous.
People are the heartbeat of every organisation, so the human factor is the most important element of a business’s ability to operate effectively and safely. The enterprise workforce’s behaviour, habits and interactions ultimately determine opportunities and threats, the investments that contribute to efficiency or waste, how and where risks emerge and if compliance mandates are met.
Dtex’s Workforce Cyber Intelligence Platform enables organisations better understand their workforce, protect their data and make human-centric operational investments.
The ideas of employee monitoring, insider threat detection, data loss prevention (DLP), User Activity Monitoring (UAM), and human risk management aren’t new. The greatest challenge is improving security and operational performance in a way that benefits both the company and the employee. The best solution protects sensitive information and employee privacy.
Privacy
Employees are increasingly aware of and diligent in understanding how employers monitor work activities and behaviours. Employees want to know that personal activities and behaviours remain private and anonymous unless those activities directly increase organisational risk, cause cultural conflict, or limit successful operations. This is a fair ask of employees and becoming a major factor in compliance regulations and mandates.
Gathering and analysing data
One may think that it is easy to gather a lot of data for analysis, discover some findings, and report on them. Unfortunately it's not, the process is straightforward, but the mechanics present challenges. Collecting user data often involves overtaxing endpoints and the network and consequently impeding enduser productivity.
J2 is a security focused African technology business founded in 2006 to address the need for effective cybersecurity, governance, risk and compliance solutions in Africa. The continued rise of cybercrime, identity theft and confidential data leakage drives the requirement for J2’s managed security service offerings, not only for competitive advantage, but as an absolute business necessity.
The company offers managed cyber security services for every business. J2 delivers essential tools that empower organisations to take control of their technology spend. The company's hand-picked solutions provide complete visibility over its customers' environment, while reducing risk and lowering costs.
J2 has provided services and solutions to renowned enterprise corporations with sites running in South Africa, Angola, Botswana, Kenya, Malawi, Mauritius, Mozambique, Tanzania, Uganda, Zambia, Australia, UK and Malta.
Analysis of the captured data carries fears of data misuse and privacy infringement, not to mention wasted resources on false positives and ‘noise’. Noise is information that calls attention to insignificant findings that present little or no risk. Noise can overwhelm and mask true threats and is a distraction for scarce security resources.
Managing access and perception
Arguably one of the tougher challenges of collecting user data and monitoring the workforce is the workforce’s perception of an organisation’s motivation. When employees hear about monitoring, their initial impression is negative.
Changing those perceptions requires openness and assurance that any data being collected is intended to protect individuals, sensitive data, and the organisation, and is handled in the most secure, private, and respectful way possible.
Privacy will be the primary concern to alleviate. In addition to regulatory requirements, protecting employees’ privacy is crucial if you want to have employee engagement and partnership. Managing access to the collected data is another challenge to overcome. Information on individual employees should be anonymised and unmasked only on a strict “need to know” basis.
Data minimisation is a critical prerequisite to privacy. Invasive surveillance such as keystroke logging and screen capture, as well as the collection of user content such as emails and instant messages, isn’t required to detect insider risks and protect organisational data. Employees don’t want corporate IP leaked on purpose or by accident.
Protection for the employee
Having a clear and unalterable audit trail provides nonrepudiation and defence for the employee. Employees are an appealing target of malicious actors. People by their nature want to be helpful and trusting, and these are the underlying human traits enabling social engineering. Businesses need to shift their focus and learn from the workforce by observing employees' interactions with data, systems and machines and using that intelligence to improve performance. ■
www.j2.co.za
Work with us this new year
Molefe Dlepu inc. is a black owned legal practice founded in 1995 by Daisy Sekao Molefe and Hlaleleni Kathleen Dlepu.
In its 26 years of practice we have perfected our skills in the areas of Litigation, Commercial Law, Labour Law, Regulatory and Compliance matters and Investigations.
Litigation: You can trust us to settle your civil disputes both in and out of court. Our professional staff are highly skilled in both the Magistrate’s and High Courts and we make use of a network of efficient advocates for specialised matters. We also pride ourselves in our mediation skills, always preferring to keep matters out of court unless absolutely necessary.
Commercial Law: we are equipped with the necessary skills to meet your commercial drafting and negotiating needs, ensuring that your business interests are met and prioritised. Labour Law: we are highly experienced in chairing disciplinary hearings on behalf of employers, representation at the CCMA and Labour Court. Regulatory and Compliance: we boast a wide range of experience including procurement and corporate governance. We also have legal practitioners registered with the South African Institute for Compliance.
Investigations: we have over a decade of experience in conducting and chairing investigations in the Occupational Safety and Health services
Clients: our past and present clients in the public and private sector include the Road Accident Fund, the City of Joburg Municipality, ESKOM, SANRAL, the Railway Safety Regulator, Mowana Properties, Brakpan Bus Company, ABSA and Nedbank to name a few.
We are ready to take care of your legal services needs
And best wishes from all of us at
