Firms expected to cyberstalk for security

Employers are beginning to monitor social media, not just to safeguard their brand, but also to maintain security, according to research from Gartner.

Employers are beginning to monitor social media, not just to safeguard their brand, but also to maintain security, according to research from Gartner.

(THINK before you image by ToGa Wanderings, CC BY 2.0)

The research and advisory organisation recently published a report into conducting digital surveillance ethically and legally, and found that 60 per cent of corporations will be monitoring social media channels for security breaches and incidents by 2015. At the moment, Gartner reports that less than 10 per cent of organisations are doing so.

"Security monitoring and surveillance must follow enterprise information assets and work processes into whichever technical environments are used by employees to execute work," said Gartner research vice president Andrew Walls.

"Given that employees with legitimate access to enterprise information assets are involved in most security violations, security monitoring must focus on employee actions and behaviour wherever the employees pursue business-related interactions on digital systems. In other words, the development of effective security intelligence and control depends on the ability to capture and analyse user actions that take place inside and outside of the enterprise IT environment."

Gartner reports that tapping into social media channels could allow organisations to identify physical threats to facilities and personnel, or threats by hacktivists, allowing them to adapt their security posture to minimise any negative impacts.

The Australian Federal Police (AFP) has already been using a contracted third party to conduct open-source intelligence activities, which includes trawling through publicly available information on social media sites for threat information, but it is a relatively new activity for corporations.

Walls warns that if employers opt to monitor their employees, they should be aware that although there are security benefits, there's also a swathe of issues surrounding privacy.

"Surveillance of individuals ... can both mitigate and create risk, which must be managed carefully to comply with ethical and legal standards," Walls said.

Even the accusation of spying on business emails has drawn the ire of user groups, such as the Systems Administrators Guild of Australia, which defended claims that almost half of all IT email administrators and IT managers are spying on employees.

Gartner further warned against organisations overstepping their bounds and covertly monitoring staff. While it may produce hard evidence of inappropriate or illegal behaviours, it might also violate privacy laws, and surveillance activities may be seen as a violation of policies or cultural expectations.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All