In “The Minority Report,” a specialized police force called PreCrime deploys psychics called “Precogs,” who can see crimes before they happen, which allows the police to apprehend a would-be killer before he or she can do the deed.
A similar type of predictive behavior profiling is being deployed in workplace settings. Companies such as Boston Consulting and Microsoft have begun monitoring emails and chat logs to map the flow of employee communications.
It has long been technically possible for an employer to collect an employee’s digital breadcrumbs and use them to determine if an employee’s pattern of online behaviors signals an intent to do something the company frowns on–and of course they can see behaviors that could put the company in danger of a breach or compromise.
Wall Street brokerage firms and big casinos are big practitioners of this form of monitoring to guard the integrity of their network transactions.
Similar online employee surveillance is creeping into other industries as companies seek to strengthen overall network security, with an eye in particular on avoiding unauthorized access to systems, protecting proprietary information and trade secrets as well as creating better overall cyber hygiene.
This trend may seem alarming, but if handled correctly it makes sense. That means full transparency. With everyone fully aware that their work-time digital moves are being logged, employee monitoring is a direct way companies can bake security and privacy into their digital infrastructure.
Here are a few things all employees and employers should understand about the behavior profiling systems that, over time, will become common in most workplaces.
Creatures of Habit
The technology for profiling employee online behavior is well established and readily available. It uses the same tried-and-true data mining techniques used elsewhere in corporate settings. It begins with collecting worker-to-machine and machine-to-machine interactions in vast data sets. Machine learning algorithms then map each worker’s unique behavior patterns as he or she moves across business applications used during the work day.
By understanding how people interact with data and where information travels, a baseline understanding can be built. Behavior analytics perform brain-like functions, correlating data from every business application and all channels of interaction between the employee and the company network.
Over time, the system can begin to benchmark identity and begin to anticipate, and to get closer and closer to understanding intent. This is where science fiction writers like the late Phillip K. Dick, whose short story was the basis for the Tom Cruise blockbuster referenced earlier, guessed right, except instead of murder the goal is to root out pre-hacks and compromises.
It goes without saying that machine learning and artificial intelligence can be put to invasive use. However, this technical capability can also put companies in a position to more quickly respond when unusual activities occur, like when malicious code begins to worm its way from one worker’s computer deeper into the network, or when an imposter using an employee’s credentials exhibits behaviors atypical for that user, or that signal an intent to steal trade secrets.
So, about the potential for abuse: It’s difficult, if not impossible, to keep ones digital work life separate from ones digital private life. Balancing business interests against employees’ right to privacy is something that cybersecurity vendors, the legal community and privacy advocates have been debating for a while now.
Is it ethical for an employer to monitor an employee’s social media activities – and do it round the clock if that activity is pointed at gauging productivity or to prevent data theft? Of course it isn’t. But the difficulty in implementing monitoring is contained in the above hypothetical situation. Employers must balance legitimate business interests with the reasonable expectation of privacy.
This is where transparency comes into play. What is the monitoring for? This needs to be spelled out, and made clear to all employees. And especially in today’s volatile political and social landscape it is absolutely critical to avoid even the semblance of discrimination. If you monitor one, you must monitor all.
Companies may have good reason to spy on employees’ online behaviors in pursuit of preserving the security of their business operations, but they can’t do it at the expense of privacy. There’s nothing wrong with a strong, carefully-crafted governance model. If it is well executed, it should be infused with a healthy respect for employees’ right to privacy and promote a culture of strong cyber hygiene, which is the best way to keep from getting hacked or suffering a data compromise.