Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Managing the insider risk is extremely complicated

Residential Security Handbook 2022: SMART Living Information Security, Residential Estate (Industry)

By John Mc Loughlin, CEO, J2 Software.


John Mc Loughlin.

The risk from malicious insiders has long been a priority for CISOs and has now become a top priority for other executives and board members. Employees require access to sensitive information, but heavy-handed approaches using complicated and static rules can frustrate users. This hampers productivity and leads users to search for workarounds that can also put data at risk.

Employees, contractors and partners understandably have concerns about what activity is monitored. They have questions about what data may be in scope or out of scope. More importantly, users may wonder how these monitoring systems may be biased against them and intrude on their personal privacy.

There’s one consistent and prevalent security gap in every digital enterprise in the world. Regardless of the industry, whether it’s financial, healthcare, residential or logistics, the common denominator remains the same: the human element.

A complicated task

Addressing the insider risk is extremely complicated. A recent DTEX report compares two distinct approaches: Insider Risk Management and Insider Threat Surveillance. The approaches share common goals of preventing data loss, detecting insider threats, accelerating incident response and maintaining compliance.

Insider Risk Management (IRM) views the employee as a source of intelligence rather than a subject of surveillance. It effectively flips a model of invasive monitoring to one that anonymises user intelligence and collects only the minimum amount of metadata necessary to build a forensic audit trail, with full respect for an employee’s fundamental right to privacy.

File scanning, email, web, messaging application content capture, keystroke logging and screen recording are not necessary for effective security with a metadata collection model. IRM goes beyond compliance requirements, prioritising employee privacy while still enabling worker productivity.

Insider Threat Surveillance (ITS) technologies have not only employed invasive content inspection, keystroke logging and video capture capabilities, but also often collect more data than necessary for their stated purpose. This creates unnecessary employee privacy issues, as well as significant costs associated with excess data storage and processing.

In some countries it may be illegal to monitor employees (or to use evidence from monitoring) to reprimand or dismiss them unless an Acceptable Use Policy has been well communicated to staff. In countries with well-established data protection laws, organisations must provide information about the processing of personal data, including what type of data is collected, who has access to the data, and under what circumstances monitoring may occur.

Best strategy that delivers results

Businesses need to adapt quickly to changing customer requirements and competitive pressure, and this requires an insider risk solution that takes the best strategies from a variety of approaches.

This could include rules from data loss prevention for known bad behaviour, machine learning,and behaviour analytics based on better data to identify malicious intent, and a privacy-first approach to employee monitoring that protects employees and is used in a proportionate manner.

According to Gartner, surveillance of employee activities is not without risk. Organisations commonly monitor internal communications systems (for example, email or collaboration platforms) and investigate suspected policy violations. But expansion of these activities into a more pervasive inspection of the work life of employees can infringe on employee privacy expectations and rights in the workplace.

Gartner says before organisations explore the use of insider threat tools and services, they must consult legal counsel and human resources leaders, and set boundaries on the capture, storage, sharing, analysis and destruction of data regarding employee activities.

Download the Insider Risk Management and Insider Threat Surveillance e-book (www.securitysa.com/*dtex1) to learn more about the tools available and how workforce cyber intelligence and security can help.




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Fire Ops SA Partners with Matrix
News & Events Fire & Safety Residential Estate (Industry)
Fire Ops SA, a South African private fire and rescue service, has announced its partnership with Matrix Vehicle Tracking to launch FireStop, providing Matrix and Beame clients with direct access to a dedicated professional private fire service.

Read more...
Who has access to your face?
Access Control & Identity Management Residential Estate (Industry) AI & Data Analytics
While you may be adjusting your privacy settings on social media or thinking twice about who is recording you at public events, the reality is that your facial features may be used in other contexts,

Read more...
Human-centric control rooms
Iritron Integrated Solutions Surveillance Residential Estate (Industry)
Iritron and Oculus show that when it comes to control rooms, people, not just technology, are at the centre of the most significant performance differentiators today, not just how efficiently the technology works.

Read more...
Managed security solutions for organisations of all sizes
Information Security
Cyberattackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Multiple IoT devices targeted
Information Security Residential Estate (Industry)
Mirai remains one of the top threats to IoT in 2025 due to widespread exploitation of weak login credentials and unpatched vulnerabilities, enabling large-scale botnets for DDoS attacks, data theft and other malicious activities.

Read more...
SABRIC Annual Crime Statistics 2024
News & Events Security Services & Risk Management Residential Estate (Industry)
SABRIC has released its Annual Crime Statistics for 2024, reflecting a significant decline in financial crime losses, but also warning of the growing threat posed by artificial intelligence (AI) in fraud schemes.

Read more...
Adding AI analytics to security monitoring
SEON South Africa News & Events Perimeter Security, Alarms & Intruder Detection Residential Estate (Industry) AI & Data Analytics
SEON has announced its latest integration with Refraime, an AI-powered video analytics platform designed to elevate CCTV surveillance through real-time object detection and intelligent alerting.

Read more...
Passive fire protection for lithium-ion batteries
Fire & Safety Residential Estate (Industry)
In response to the increasing threat of lithium-ion (Li-ion) battery fires, a passive fire protection solution called PyroBubbles is now available in South Africa and is distributed locally through PyroBrand.

Read more...
Local-first data security is South Africa's new digital fortress
Infrastructure Information Security
With many global conversations taking place about data security and privacy, a distinct and powerful message is emerging from South Africa: the critical importance of a 'local first' approach to data security.

Read more...
Sophos launches advisory services to deliver proactive cybersecurity resilience
Information Security News & Events
Sophos has launched a suite of penetration testing and application security services, designed to identify gaps in organisations’ security programs, which is informed by Sophos X-Ops Threat Intelligence and delivered by world-class experts.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.