Those in the finance function need to be particularly cautious about the risks associated with increased use of social media, and may be both heartened and concerned by analysis from the research firm Gartner.
There are parts of a business where providing widespread and open access can be a boon; finance is not one of them. The sensitivity of financial information, and the finance function's gatekeeper role makes it particularly sensitive to leaks, and heightens concerns about the threat to corporate data posed by social media may. So you will probably not be surprised to learn that monitoring of employee behavior in digital environments is on the rise.
An estimated 60 per cent of corporations are expected to implement formal programs for monitoring external social media for security breaches and incidents by 2015, according to Gartner. Many organizations already engage in social media monitoring as part of brand management and marketing, but less than 10 percent of organizations currently use these same techniques as part of their security monitoring program.
'The growth in monitoring employee behavior in digital environments is increasingly enabled by new technology and services,' says Andrew Walls, research vice president of Gartner. 'Surveillance of individuals, however, can both mitigate and create risk, which must be managed carefully to comply with ethical and legal standards.'
To prevent, detect and remediate security incidents, IT security organizations have traditionally focused attention on the monitoring of internal infrastructure. The impact of IT consumerisation, cloud services and social media renders this traditional approach inadequate for guiding decisions regarding the security of enterprise information and work processes.
'Security monitoring and surveillance must follow enterprise information assets and work processes into any environment used by employees to execute work, says Walls. 'As employees with legitimate access to information assets are involved in most security violations, security monitoring must focus on employee actions and behavior wherever the employees pursue business-related interactions on digital systems,' which means inside and outside of the enterprise IT environment.
Services such as Facebook, YouTube and LinkedIn, provide new targets for security monitoring, but surveillance of user activity can generate ethical and legal risks. Although the information available can assist in risk mitigation in cases such as employees posting videos of inappropriate activities within corporate facilities. But access can also generate liabilities, if for example, a manager reviews the Facebook profile of an employee to determine their religion or sexual orientation.
A wide range of products and services have emerged to support these actions and many public relations firms provide social media monitoring as a standard client service. Security organisations are also starting to see value in the capture and analysis of social media content, not just for internal security surveillance, but also to enable detection of shifting threats – such as physical threats to facilities and personnel revealed through postings concerning civil unrest or hacktivism.
But surveillance has benefits and burdens. While automated, covert monitoring of computer use by staff suspected of serious policy violations can produce hard evidence of inappropriate or illegal behaviors, and guide management response, it might also violate privacy laws, cautions Gartner. So businesses need to carefully control surveillance methods and tools and make sure that processes comply with legislation on privacy and the interception of electronic communications.