How large companies monitor employees
In any organization, sooner or later, a moment comes when it is no longer possible to work with staff intuitively. Most often this is due to the growth of the organization - in a company of 10-15 people you can still control the situation in the company manually, however, with a large number of employees, the manager begins to “sink”.
At the same time, the risk of security incidents is increasing. When an organization ceases to be a small group of like-minded friends, and this inevitably occurs as a result of growth, tasks arise associated with reducing the risks of unfair employee behavior.
To obtain an objective picture of what is happening in the company, and, in particular, to ensure security, various methods of personnel control are used. On organizational measures another time, I want to talk today about the technical side of the issue and how different methods are effective.
ACS + Video Surveillance
In classic industries, the ACS + video surveillance link is usually used to control employees by the security service. ACS (access control and management system) most often represents the following: each employee has a pass that he attaches to the reader at the entrance - the time of arrival and departure from work is logged and monitored. As the second line of defense, camera recordings are used.
In the case of large factories and enterprises, there are often some employees who do not have particularly warm feelings for the employer, but who have enough "ingenuity" - someone at the entrance "breaks through" the pass not only for themselves, someone is trying to remove the products from the enterprise. Because of this, sometimes the work of security at such enterprises turns into endless cat and mouse with employees.
In case of suspicion, the company guards take control of the employee, view videos or can search him at the exit. Such protection method is more or less effective for protection against product removal, however, in the context of information security it is helpless - software tools are already required for this.
Free and system tools
In the case of monitoring the work of personnel in modern offices, the situation becomes more complicated - the working day is often not standardized, and it is far from being only a physical presence to control companies.
To control working time, you can use the same ACS or upload data from Active Directory. Sometimes time management is integrated into CRM systems. The problem in this case is obvious - everything that is outside the CRM-system cannot be controlled.
Mail and instant messengers can be controlled using sniffers (modules that intercept messages) - the only problem is that then you will have to sacrifice the antivirus protection of working computers. The vast majority of antiviruses will not allow such programs to run on the computer.
Google and Microsoft's cloud-based business products (Google Apps Unlimited and Office 365 Business, respectively) have the ability to set up rules that check employees' email and documents for keywords or data types. This, of course, is not a replacement for a full-fledged security system, but it can be used. And to control certain aspects of the work of employees, you can use free remote access tools.
With the help of system administrators with all of the above tools, you can get some kind of personnel control system. However, control in this way will be at least incomplete, and the systematization and accounting of the received data will drive the employee responsible for this crazy.
About the same result awaits a security guard who will try to solve security issues without special software — for this, an amount of “crutches” incompatible with effective work will be required.
Employee time and employee control systems The
ethics of analyzing employee correspondence raises questions and debates - however, interception is used everywhere, especially in large companies. The main task is to protect company confidential data from insider threats. Also, internal communications analysis is often used to identify disloyal employees. A vivid example - a loud dismissalYandex of a number of employees of the Kinopoisk service purchased by him. According to the dismissed, the reason is in sharp criticism of restarting the service in the internal chat of employees. According to a statement from Yandex, employees in this chat divulged trade secrets to third parties (former colleagues). Be that as it may, an unpleasant situation for the company was discovered by security officers, most likely due to the use of a DLP system (from the English Data Leak Prevention - preventing data leaks) or a similar product.
A castrated version of DLP systems are the so-called personnel control systems. Most often, they are a “packaged” sniffer package for a number of popular communication channels, such as Skype, email or social networks, supplemented by the ability to remotely connect to the employee’s desktop and keylogger.
With the help of such a tool, you can see the working hours of employees, monitor their actions for workers and computers and conduct partial monitoring of correspondence. In principle, this may be enough for a very small company, but more comprehensive solutions are needed for quality work.
DLP systems
More technologically sophisticated are DLP systems. If sniffers and “employee control tools” simply intercept information, then DLP systems go further - along with intercepts, they also automatically analyze intercepted information. Thus, the task of finding “harmful” information is transferred from the shoulders of the security officer to the machine. He only needs to correctly configure the rules and pay attention to the system messages about incidents.
There are a lot of options for these rules and analysis methods - you can make a notification about the start of a process on a workstation, check correspondence for regular expressions (for example, TIN or passport data) or set up a notification and block transfer to a USB drive of a certain file format - in in general, you can automate everything and everything.
Most of these systems also recognize transliterated text (napisannyi latinskimi bukvami), file extension changes, and other possible tricks of potential attackers.
At the same time, it is worth remembering that no matter how effective the control method is used, it will be helpless in the absence of adequate management and corporate culture in the company. On the other hand, even in the organization most loyal to employees, there is always the possibility of a “weak link” and in the absence of control this link can cause considerable damage. Finding a balance between these two extremes is the most important task for security and leadership.
At the same time, the risk of security incidents is increasing. When an organization ceases to be a small group of like-minded friends, and this inevitably occurs as a result of growth, tasks arise associated with reducing the risks of unfair employee behavior.
To obtain an objective picture of what is happening in the company, and, in particular, to ensure security, various methods of personnel control are used. On organizational measures another time, I want to talk today about the technical side of the issue and how different methods are effective.
ACS + Video Surveillance
In classic industries, the ACS + video surveillance link is usually used to control employees by the security service. ACS (access control and management system) most often represents the following: each employee has a pass that he attaches to the reader at the entrance - the time of arrival and departure from work is logged and monitored. As the second line of defense, camera recordings are used.
In the case of large factories and enterprises, there are often some employees who do not have particularly warm feelings for the employer, but who have enough "ingenuity" - someone at the entrance "breaks through" the pass not only for themselves, someone is trying to remove the products from the enterprise. Because of this, sometimes the work of security at such enterprises turns into endless cat and mouse with employees.
In case of suspicion, the company guards take control of the employee, view videos or can search him at the exit. Such protection method is more or less effective for protection against product removal, however, in the context of information security it is helpless - software tools are already required for this.
Free and system tools
In the case of monitoring the work of personnel in modern offices, the situation becomes more complicated - the working day is often not standardized, and it is far from being only a physical presence to control companies.
To control working time, you can use the same ACS or upload data from Active Directory. Sometimes time management is integrated into CRM systems. The problem in this case is obvious - everything that is outside the CRM-system cannot be controlled.
Mail and instant messengers can be controlled using sniffers (modules that intercept messages) - the only problem is that then you will have to sacrifice the antivirus protection of working computers. The vast majority of antiviruses will not allow such programs to run on the computer.
Google and Microsoft's cloud-based business products (Google Apps Unlimited and Office 365 Business, respectively) have the ability to set up rules that check employees' email and documents for keywords or data types. This, of course, is not a replacement for a full-fledged security system, but it can be used. And to control certain aspects of the work of employees, you can use free remote access tools.
With the help of system administrators with all of the above tools, you can get some kind of personnel control system. However, control in this way will be at least incomplete, and the systematization and accounting of the received data will drive the employee responsible for this crazy.
About the same result awaits a security guard who will try to solve security issues without special software — for this, an amount of “crutches” incompatible with effective work will be required.
Employee time and employee control systems The
ethics of analyzing employee correspondence raises questions and debates - however, interception is used everywhere, especially in large companies. The main task is to protect company confidential data from insider threats. Also, internal communications analysis is often used to identify disloyal employees. A vivid example - a loud dismissalYandex of a number of employees of the Kinopoisk service purchased by him. According to the dismissed, the reason is in sharp criticism of restarting the service in the internal chat of employees. According to a statement from Yandex, employees in this chat divulged trade secrets to third parties (former colleagues). Be that as it may, an unpleasant situation for the company was discovered by security officers, most likely due to the use of a DLP system (from the English Data Leak Prevention - preventing data leaks) or a similar product.
A castrated version of DLP systems are the so-called personnel control systems. Most often, they are a “packaged” sniffer package for a number of popular communication channels, such as Skype, email or social networks, supplemented by the ability to remotely connect to the employee’s desktop and keylogger.
With the help of such a tool, you can see the working hours of employees, monitor their actions for workers and computers and conduct partial monitoring of correspondence. In principle, this may be enough for a very small company, but more comprehensive solutions are needed for quality work.
DLP systems
More technologically sophisticated are DLP systems. If sniffers and “employee control tools” simply intercept information, then DLP systems go further - along with intercepts, they also automatically analyze intercepted information. Thus, the task of finding “harmful” information is transferred from the shoulders of the security officer to the machine. He only needs to correctly configure the rules and pay attention to the system messages about incidents.
There are a lot of options for these rules and analysis methods - you can make a notification about the start of a process on a workstation, check correspondence for regular expressions (for example, TIN or passport data) or set up a notification and block transfer to a USB drive of a certain file format - in in general, you can automate everything and everything.
Most of these systems also recognize transliterated text (napisannyi latinskimi bukvami), file extension changes, and other possible tricks of potential attackers.
At the same time, it is worth remembering that no matter how effective the control method is used, it will be helpless in the absence of adequate management and corporate culture in the company. On the other hand, even in the organization most loyal to employees, there is always the possibility of a “weak link” and in the absence of control this link can cause considerable damage. Finding a balance between these two extremes is the most important task for security and leadership.