When Big Brother Watches IT 234
bdking writes "In an effort to protect sensitive data from internal security threats, some organizations are 'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' the Wall Street Journal reports. Is secretly spying on and linguistically interpreting employee emails going too far in the name of security? From the article: 'I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk? And all without them even knowing there's a dossier being created of them and their "suspect" behavior?'"
Who manages it? (Score:5, Insightful)
Personal emails at work? (Score:4, Insightful)
"I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues?"
Not commenting on whether monitoring employee emails is right or wrong, but why would somebody use their corporate email account to deal with relationship or family issues? In a world where companies can and often will read their employees' emails, that anyone would use their work email for anything personal seems short-sited. Sign up for one of the free web-based mail accounts.
Creepy but... (Score:5, Insightful)
Re:kick 'em when they're down (Score:2, Insightful)
You became a liability. There were others inline for your job that weren't a liability. It wasn't that they didn't care about you personally, its just the reality of business. "Caring" doesn't pay the bills.
If you don't trust your sys/network admin... (Score:5, Insightful)
...do yourself and your admin a favor and get rid of him/her. He/she won't like working for someone who doesn't trust him/her, and you won't like constantly being suspicious.
I've given that advice to all my clients over the years. You can extend the concept to the rest of your IT and/or security team. That doesn't mean you shouldn't take precautions, have checks and balances in place, etc, but fundamentally, if there isn't a high level of trust, deal with the lack of trust, either by discussing it until there is an understanding and trust, or by ending the relationship.
Secretive monitoring is not the way to handle a lack of trust. The only exception is when there is already probable cause to believe a crime has been committed, then, in some cases, monitoring to gather proof may or may not be necessary or appropriate.
Re:Prevention cheaper (Score:3, Insightful)
If us bosses don't monitor the minions, how then should we know when they're onto our kickback schemes and other fraudulent privileges they are not entitled to know of us having?
Re:kick 'em when they're down (Score:4, Insightful)
And those other people are also a liability because they may not be able to do the job. Even if they can do the job it'd take them 2-3 months to get up to full efficiency at doing their job.
Furthermore, every other employee, including the replacement, now knows that the company will fire them at the drop of a hat. In other words, they now have a signal that they may want to start sending out resumes before it happens to them. The fired person's social network will now also know that the employer is an asshole and to steer clear if possible.
So yes, caring does pay the bills if a company cares about anything but the short term balance sheet (not even short term productivity).
Re:Prevention cheaper (Score:2, Insightful)
Those are not only the people in the greatest position to hurt the company, but also those with the greatest incentive not to do so - why hurt a company that is paying you millions of dollars a year? Top management positions aren't that common that one would risk losing one.
Re:Prevention cheaper (Score:5, Insightful)
In my experience, as you move up the chain of command, any formalized controls become more stringent – not less. In my case, every level I move up in the company I have to disclose more, with the CEO having to disclose the most.
On the other hand, I have found misalignment increases. CEO’s don’t (normally) need to commit outright fraud – there is a host of grey areas to exploit.
The corporate jet is a classic example. It helps the CEO meet with clients, survey the business, saves time, etc. All of time & money will be well disclosed in the annual reports. If the CEO uses it for personal reasons, he has to pay it out of pocket. So everything is above board. Yet, who do a disproportionate number of CEO schedule official trips to Aspin during skiing season and during the summer?
Suspicion is a dangerous thing (Score:4, Insightful)
Re:Suspicion is a dangerous thing (Score:4, Insightful)
"If you start to feel differently about the company you work for and the people you work with, you'd be surprised how your language changes," says Ed Stroz, co-president at digital-risk-management firm Stroz Friedberg LLC, New York. The company, like other consulting firms such as Ernst & Young, makes technology to examine linguistics .
It's usefulness is being touted by those selling the software:
Re:Prevention cheaper (Score:5, Insightful)
Those are not only the people in the greatest position to hurt the company, but also those with the greatest incentive not to do so - why hurt a company that is paying you millions of dollars a year? Top management positions aren't that common that one would risk losing one.
This flies in the face of reality. In the real world, some top managers develop such an inflated sense of entitlement that they believe they are worth far more than what they legitimately earn, deserve whatever they can take and that they will never get caught when they break the law.
Re:kick 'em when they're down (Score:4, Insightful)
Aside from the fact that what you're saying shows a total lack of humanity, it's also wrong.
If I saw another employee I worked with being treated that way, believe me, I'm looking for a new job the moment I get off work that day. And then all of the training, experience, etc., that they've paid me well to develop, walks right out the door.
That aside, loyalty is meant to be reciprocal. As long as a company is "paying the bills" adequately, a little decency for those undergoing tough times and have spent years of their lives helping to build the company is not exactly uncalled for. I have worked several places that coworkers were more than happy to pick up some slack for someone in a tough situation, especially since it was well understood they could accept the same in return. That type of environment is far more productive than one where everyone spends half the day looking over their shoulder.
"It's just business" is not an excuse for unconscionable behavior, and it's been used that way for far too long.
Re:Prevention cheaper (Score:5, Insightful)
" why hurt a company that is paying you millions of dollars a year?"
Because they can get even more by hurting them *and* getting their golden parachutes after the havoc?
Re:Prevention cheaper (Score:5, Insightful)
Re:Who manages it? (Score:4, Insightful)
As we tell our staff, get a smart phone and do whatever you want. Just never connect it to our network (including even USB to charge), and never use our network/PCs for personal use. Don't want to spring for a smart phone? Surf at home.
Re:Prevention cheaper (Score:3, Insightful)
Um, because? Seriously, you make it sound like it's a well considered and rational action of self-destruction to become a gambling addict and to start embezzling money. Sure, there are rationalized steps in the process to reduce the risk of getting caught, but one presumes that all employees are only really there to earn a paycheck, getting caught means criminal charges and/or being blacklisted from most companies, and that while people do tend to expand their spending to meet their paycheck, the less the paycheck overall is, the less savings you have and hence the more you really need that job. When you're talking about a million dollars a year, well that's equivalent to 20 years of $50,000/year*, which leaves a lot of room to not really care about a company.
How many CEOs, after having ran one business into the ground, have been hired up again to be CEO at another company? I guess that might be because as much as "top management positions aren't that common", it also holds people with top management position experience aren't that common; and why not hire someone with experience, even if it's mostly bad, rather than risk a person with no experience? Really, unless the CEO is stupid enough to be caught outright embezzling money, they're probably in the clear; and considering how much stuff can seemingly be written often as a "business expense" or "perk", it could take quite a lot. That's not to say, of course, it doesn't happen and people haven't been caught/punished; but, the CEO and other top management positions are in the best position of burying evidence, and vague accusations without proof might be enough to force a resignation but maybe not enough to prevent them being rehired elsewhere. After all, if your CEO was robbing you blind, would you like the world to know? And wouldn't you like it best if after they resigned they were rehired by a competitor who you can secretly hope they'll embezzle from as well?
*Yea, I know, because of progressive taxation it's probably closer to 3/4ths that, but then the discussion was "millions of dollars", so feel free to scale up that round figure of a million dollars to compensate--I'm sure the CEO would.
Re:Prevention cheaper (Score:2, Insightful)
have to repay fraudulently taken $$$
That's so sweet: You think directors embezzle their employer!
No, directors give generous contracts to their friends and get kick-backs. They do anything, which frequently involves some method of down-sizing, to increase the share price, then sell their part of the company. They leave after costing the company millions and get a payout of millions more.
Every accounting/management textbook talks about the need to align the director's greed with the company's growth. Yet, the golden parachute does the exact opposite.