Gartner 2020 Market Guide for Insider Risk Management Solutions | Get the report →
  • Partners
    • Technology Partners
    • Reseller Partners
    • Partner Portal
  • Customer Toolkit
  • University
  • Support
Code42 Logo
  • Products
    • Incydr™ Data risk detection and response for insider threat Product Overview right arrow icon
      • Features
      • Detection
      • Investigation
      • Response
      • Use Cases
      • Remote workforce monitoring
      • Departing employee monitoring
      • IP theft detection
      • View All
      • Information
      • Product Plans
      • Deployment
      • Integrations
      • Developer Portal
      • Trust & Security
      • Services
    • Incydr™ Gov Insider Risk detection for the federal government
  • Solutions
    • Insider Risk
    • Data Exfiltration
    • Incident Response
  • Company
    • About
    • News
    • Careers
    • Leadership
  • Resources
    • Resource Center
    • Reports, eBooks, Videos
    • Events & Webinars
    • Customer Stories
    • Product Resources
    • Integrations
    • Developer Portal
    • Trust & Security
    Data Protection: Code42 vs. DLP Leave DLP behind with a better, risk-based approach to protect data. Learn more right arrow icon
  • Blog
  • Get Started
  • Partners
    • Technology Partners
    • Reseller Partners
    • Partner Portal
  • Customer Toolkit
  • University
  • Support

DATA SECURITY STRATEGIES

Tough Love: Time to Start Wondering Why So Many Employees Are Mishandling Data


4 MIN READ

SHARE

Peter Hadjigeorgiou

Sr. Security Relationship Manager

In a world where consumers are constantly notified of the latest breach that compromised their data, why are we still so afraid to be bold and innovative with our approach to data security? As both a consumer and a cybersecurity practitioner, I get frustrated when I hear that my data has been compromised by a credit agency, a hotel chain, a retail store, a financial institution, a healthcare provider, or a government agency—and then hear complaints about security organizations being too heavy handed. No organization wants to be the victim of a breach and each event has its own nuances and complexities.

There has to be a better approach. There has to be more communication, more compromise, and a better collective strategy to securing data. It’s time to face the facts—insider data loss is getting worse, not better. We’ve spent too long being misled into thinking employee privacy and corporate security are at opposite ends of a zero-sum equation. It’s time to bring employers and employees together in a new paradigm where privacy and security go hand in hand.

To Continue Reading…

Share a few pieces of information and we’ll personalize your experience with us

Let’s get real about security

The old tagline of security being too “big brother” has devolved into a blanket excuse to avoid thinking critically about security policies and protocols in our increasingly digital world. We’re living in a world where a growing majority of us are using multiple social media platforms, smartphone applications, and cloud computing tools, and inviting nosey robot assistants into our homes. The number of sensors, microphones and camera lenses capturing information about us has never been higher. And, within reason and with a reasonable level of transparency, we tend to accept the privacy/productivity tradeoff. Why not extend the same rationale when evaluating corporate security programs?

Security teams can and should monitor company assets, protect their data, and be responsible stewards of the data of their customers, partners and employees. It’s OK to let security teams do their jobs and we should have high expectations of our employees when it comes to following the rules. This is a completely legitimate expectation. Employees need to hear that and companies shouldn’t be afraid to say that. We don’t need to tiptoe around the subject—if you’re using a company computer, company networks, company data and resources, you should expect your employer to be watching and protecting their assets. In fact, you should want them as both an employee who’s employment and paycheck depends on the continued success of the company, and as a customer of many other companies that have employees just like you. 

Responsible security is about balance, transparency, respect and accountability

There is a balance that needs to be achieved in order to make this arrangement work well for both employers and employees. Some security approaches may introduce an unnecessary amount of personal intrusion. The key is to responsibly define the line between work/personal, and then aggressively pursue security around work items. We’re rapidly entering an era where employees have a choice of which device to use for what purposes—if they aren’t comfortable with corporate monitoring tools, they can use personal mobile devices, tablets or home computers for personal activities. The idea that employers should provide technology assets to employees and then feel restricted in terms of protecting those assets defies logic. 

Engaging the workforce is better than enraging the workforce

When you look at the data about insider threat cases, from malicious to unintentional, the question naturally arises: “Why are so many employees mishandling data?” It could be that many of them are just trying to get work done. How can IT and security have been set up to provide an environment in which employees can collaborate and work quickly and remotely? We need to shift the focus to using security tools that enable instead of block the collaboration culture. Monitor away! Visibility is the single most powerful capability in your security toolkit. But be sure you let employees produce value while you’re at it. The “human firewall” is one of your most effective security assets. Collaboration rather than conflict with the workforce is key to strong cybersecurity posture—especially as it relates to insider threat. 

The conversation that pits corporate security against employee privacy is misleading and exacerbates the problem. The idea that these concepts are at odds with one another is antiquated. Corporate culture and technology are evolving in ways that allow security and privacy not only to coexist, but also to reinforce and support one another.

Peter Hadjigeorgiou

Peter Hadjigeorgiou is member of Code42’s Security Success Team with background and expertise designing, developing, and deploying Insider Threat and Data Protection programs to enhance an organization’s ability to prevent, detect and respond to insider threats. Peter is a Certified Insider Threat Program Manager and has held previous roles as a consultant to public and private sector entities as well as serving internal security roles at Deloitte and NetApp.

Code42 logo
Code42 logo

Code42

  • About Code42
  • News + Events
  • Awards
  • Investors
  • Leadership
  • Careers
  • Contact Sales

Learn More

  • Insider Risk Ecosystem
  • Reseller Partners
  • Federal Solutions
  • Higher Education Solutions
  • CrashPlan for Small Business
  • Customer Stories

Support

  • Help Center
  • Code42 University
  • Professional Services
  • Twitter Twitter
  • Facebook Facebook
  • LinkedIn LinkedIn
  • YouTube YouTube
  • Terms of Use
  • Privacy Statement
  • Impressum
© 2021 Code42 Software, Inc. All rights reserved.
Get Started with Incydr™
Contact Salesright arrow icon
We'll have an insider threat expert reach out within 24 hours
Start Free Trialright arrow icon
Try Incydr at no cost for 30 days to quickly uncover your data blindspots
Interactive Demo
Take Incydr for a spin in our free sandbox environment.
Launch the demo right arrow icon
Explore the deeper functionality of Incydr™
Contact Salesright arrow icon
We'll have an insider threat expert reach out within 24 hours
Interactive Demo
Take Incydr for a spin in our free sandbox environment.
Launch the demo right arrow icon

This website uses cookies to improve your user experience and to provide content tailored specifically to your interests. Detailed information on the use of cookies on this website, and how you can manage your preferences, is provided in our Cookie Notice. By clicking I Agree or continuing to use this website, you consent to the use of cookies. Learn more.

Code42
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.