The debate over monitoring employee data and privacy in the workplace is a delicate balance, according to Michael Brown, vice president of technology at Auvik. He argues that monitoring every action of an employee can provide valuable insights but may violate privacy, while a lack of monitoring can pose security and productivity risks for an organization. Brown emphasizes the need for a compromise that respects employee privacy while allowing organizations to monitor their environments effectively.
Brown’s emphasis on compromise and transparency resonates with many in the cybersecurity industry. Employees who understand the reasons for monitoring and how it may transition into surveillance under certain circumstances are more likely to support the need for monitoring to protect the organization as a whole.
It is widely understood in the cybersecurity community that collecting data comes with an obligation to protect that data. John A. Smith, founder and CSO of Conversant, emphasizes the importance of adhering to regulations and compliance requirements, but also emphasizes the need to go beyond compliance. He suggests measuring secure controls against current threat actor behaviors and changing paradigms to enhance data protection.
Smith’s idea of changing paradigms by hardening systems by default and only opening access by exception is a different way of thinking about data protection. He emphasizes the critical importance of protecting data, managing access controls, and orchestrating identities, particularly in the context of data stores and cloud-based systems.
On the other hand, limiting access to information can also present security issues. Many individuals are deterred from accessing valuable information on websites when asked to provide identifying information. This can hinder the spread of knowledge and benefit sales and marketing efforts at the expense of information access.
Overall, the cybersecurity community recognizes the delicate balance between monitoring employee data and privacy. Finding a compromise that respects privacy while ensuring effective monitoring is essential for organizations to protect their data and maintain security. The need to collect data comes with an obligation to protect it, and this can be achieved by adhering to compliance requirements, measuring security controls, and changing paradigms to enhance data protection. However, it is also important to consider the impact of limiting access to information on security issues and the spread of knowledge.