Can monitoring cyber behavior help in preventing cybercrimes?

By Amla Kanvinde, Founder at Winfield and Cyber Behavior Consultant 

Human error is one of the prime causes of data breaches and cyber security incidents even with well secured systems. The invasion of computer technology in our professional, private and social lives has exponentially increased the threat landscape. A person arriving at the workplace or logging into work is not a machine with the work mode switched on. He is a bundle of his values, beliefs, emotions, feelings and dreams. He is unique in terms of his aspirations, responses and reactions. He brings some of his home to work and continues to carry some of his work along when he leaves his office or logs out of work. The cyberspace has done away with the barriers of time and distance.

Most individuals aren’t naturally equipped to deal with cybercrimes at all. Others may incorrectly evaluate the risks and will fail to identify the tell-tale signs of a potential or a real cyber-attack. Misplaced trust, a false sense of urgency, curiosity, temptation, perceived loss or an expectation of a quick gain, any or all of these
can lead to wrong decisions and hasty actions.

And it may seem that the easiest solution to combat the threat posed, to the security posture, by human behavior quirks is monitoring employee behavior at the workplace. Monitoring employee behavior at the workplace has shown to partially help in increasing employee productivity and discipline. It could fulfill the need of micromanaging certain employees, who perform only when the bosses are watching. There are some employees who may lack self-drive and are inclined to do the minimum. Others may be prone to distractions, digital and otherwise.

Reports like idle time report, Internet use habits, new software usage logs, generated through the monitoring software can provide insights into the actual productivity and behavior at work. It can help in responsibility redistribution and rearrangement, to even out the load among peers and evaluate performance and contributions better. By using behavioral analytics and bio-data, you can track and even predict employee activity. It can prove useful in weeding out toxic workplace behavior with authentic and validated data collected through such systems. Considerable cost cutting can be achieved through redesigning workflows and business processes, streamlining procedures to make them quicker and more efficient and eliminating bottlenecks.

Whether such monitoring systems will have a net positive effect on employee behavior and engagement will depend on a number of factors, starting with the culture and climate of the organization. It cannot go drastically against the grain of the culture prevalent in the organization. A simple attendance monitoring system would not go down well in an organization that has had no such system so far. The transparency of the policy and the subsequent monitoring system, combined with the perceived fairness and flexibility of the system and the metrics will decide the acceptance level for the system among the employees. Initial indignation and resistance to any such systems is a given. To make the system widely acceptable it should be viewed as contributing to the organization’s legitimate business goals and adding value for all the stakeholders. The need and benefits of the system must be understood and appreciated for it to gain organization wide acceptance. Conditions have to be built up to the implementation of such systems through information sharing, clearly communicating the expectations and the desired outcomes

There will be regulatory limitations about how far the organization can go with such monitoring systems. You may be well within the legal boundaries and still damage trust and morale. These systems are not designed as spyware. They are not meant to run without employees’ knowledge and keep a constant eye on the people. Generating proof of work data should be the main purpose behind these systems.

But the looming question remains, will monitoring cyber behavior help in preventing cybercrimes? In the cyberspace, we have an interplay of complex systems and the complex human mind. And the cyberspace is now all encompassing for us, it is not limited to work. The employee behavior outside of office and work commitments cannot really be monitored. But its effects can spill over to the workplace. The social engineering attacks now target to catch the baits here, away from the secured systems and behavior monitoring tools of the office.

Spear phishing attacks rely on befriending the target in a non-work environment and then gradually encroaching into the workplace. Trust developed in the non-work environment may seem natural and non-intrusive. It is important to be aware about what is requested or demanded later based on this trust. At a social gathering, Aarav meets Sumeet who says he is a journalist with an online business magazine. They seem to have a lot of common interests and they exchange some messages on the personal chat in the following weeks. One day Aarav receives an email from Sumeet in his work email inbox. The system warns it’s an external email but trust has been established. Alex has a keen interest in photography and he befriends Amy, a nature photographer, on Facebook. Amy sends Alex some downloadable pictures of her nature photography to his work email

Tools monitoring cyber behavior, at the workplace, can add an extra layer to fortify the existing security framework in an organization. It can be an effective mechanism, yielding a number of benefits to the organization, if done right but marginally contribute to the actual prevention of cybercrimes. The monitoring tools could result in adding to the stress levels and disturbing the employee experience. A more comprehensive approach to understanding human behavior and cyber behavior, its consequences for the individual himself and the organization and maybe even the society is needed. This can be achieved through regular training and enrichment programs aimed at gaining some insights into behavior patterns, collective and individual, not necessarily only in the work context. The line where work begins and ends is very hazy and as we transcend this line time and again, a better behavior related awareness and appreciating its outcomes could go a long way in preventing cybercrimes.

Amla KanvindeCyber Behavior
Comments (0)
Add Comment