The recent story of the Morgan Stanley employee in the US who stole data relating to 350,000 clients and posted some of it online, highlights the potential need to monitor employee actions.
Security operations and monitoring of user activity is becoming more common with the secondary benefit that such technology can also monitor employee productivity.
So how much should organisations routinely monitor their employees?
Employers can see the potential benefits of having an employee monitoring program. Organisations can increase productivity by identifying and managing employees struggling with certain tasks. It is also possible that employers will identify tasks that are time consuming for employees with little benefit to the business. It can also help organisations identify top performers and top performing departments, as well as being able to see the impact a change to organisational strategy can have on the productivity of the organisation.
Security and risk professionals can also see the value and benefits, for example reducing risk by being able to detect fraudulent activity early; improving investigative ability in compiling case information against an employee thereby reducing the need for specialist forensic investigations and most importantly preventing such activity as undertaken by the now former Morgan Stanley employee.
The Alternative View
There is however the other side of the argument which comes from privacy lawyers, HR professionals and employee welfare groups, who see it simply as an invasion of employee privacy.
Employees are subject to an organisation’s rules by agreeing to abide by all security policies, processes and procedures by signing computer use policies as well as the codes of ethics and working practices.
It can often seem potentially difficult for organisations to balance their needs against the right of their employees to privacy.