Mitigating insider threats while maintaining employee privacy is a win-win

Written by Neil Thomas


The concept of an “insider threat” means different things to different people. In fact, business owners and leaders must consider a broad variety of insider threats in their risk management policies, platforms, and processes. Some threats are financial, such as corporate fraud and intellectual property theft, while others can damage the reputation of a business and its employees, such as workplace bullying, discrimination, and sexual harassment. 



The past couple of years has brought about substantial changes that have made it more critical than ever to consider every element of the insider threat and take appropriate mitigating action. These changes have included: 

  • The COVID pandemic has accelerated the adoption of a remote workforce, and there is strong evidence this change can provide the perfect conditions for inappropriate employee behavior to flourish.  
  • Remote employees are isolated and far from the eyes of managers and compliance officers – they may feel less connected to their employers and therefore less loyal. If they have cause to be disgruntled, they may look to get even. 
  • Data has been growing exponentially for years, but the virtualization of the workplace has turbocharged this growth. Employees looking to harvest data for financial gain have a much bigger field in which to reap.  

In response, the information security industry has developed a range of data-centric approaches and workflows to monitor employees – in the office and remotely – to help organizations deal with insider threats. However, it’s already clear that not all these solutions will stand the test of time.  



Thanks to advances in data collection technologies, it’s now theoretically possible to watch everything an employee does at every moment of the day. But just because you can doesn’t mean you should. Blanket surveillance can be detrimental to employee morale and workplace culture. It raises concerns around privacy and may fall afoul of regulations in a growing number of jurisdictions that require employee monitoring to be reserved for specific situations and with valid reasons. 

However, there are less intrusive ways of managing insider threats. Nuix’s Paul Slater and I worked with digital forensic experts to develop a white paper, Using Digital Forensic Workflows to Address Insider Threats with Privacy-Centric Activity Monitoring.  



Our white paper discusses a privacy-first approach to insider threats that combines Deloitte’s Digital Forensic Insider Threat methodology with Nuix Adaptive Security. Using this approach means employees are at no point being actively monitored. Rather, any unusual endpoint activity that breaks a set of predefined rules alerts digital forensic teams that potentially malicious activity is underway and captures potential evidence for further review. This defensible workflow will only capture digital forensic artifacts when it is likely malicious activity is occurring.  

For me, the digital forensic approach is the future of insider threat risk management – a model that balances the need to protect the business with employees’ privacy. Done well, insider threat activity monitoring can protect businesses’ financial and reputational interests while promoting an inclusive, safe, and respectful environment for all employees – a clear win-win.