Check this out. I’m featured in the January 2010 issue of Entrepreneur Magazine’s Ask A Pro section where I talk about employee monitoring:
Entrepreneur Magazine, January 2010. © 2010 By Entrepreneur Media, Inc. All rights reserved. Reproduced with permission of Entrepreneur Media, Inc.
In this piece, it may not be clear whether or not I support monitoring of employee email so let me clarify. I’m not for micromanagement and Big Brother but I am on the side of business when it comes to the issue of employee monitoring of email, social media, general browsing, or whatever which ultimately leads to improved information security.
Employees are there to provide some type of expertise, sweat labor, or other service in exchange for money. If people occasionally send/receive personal emails and surf the Web that’s fine. You can’t reasonably prevent that. However, if goofing off or otherwise putting your network and information at risk is most of what they do, huh uh. You wouldn’t believe what I see (and the studies back it up) on the typical network: 50%+ network bandwidth consumed by streaming audio and video, majority of Internet browsing sessions going to Facebook, Twitter, etc.
This is not only a matter of people goofing off, being unproductive, and ultimately providing limited value to their employers but it’s also creating a negative impact on the network – ultimately on IT. It’s also creating security issues. Not only the malware threats but also the risk of sensitive information leaking out of the network. If employee Internet and computer usage are not being proactively monitored – regardless of the protocol or media – it’s merely a free-for-all and a no doubt data breach in the making. The lesson here: know your enemy (hint: he’s on your network right now) and do something about it.
Speaking of the internal threat, here’s a new article I just wrote on what I believe is the real deal with the insider threat that you may be interested in.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”