How large companies monitor employees
In any organization, sooner or later there comes a time when intuitive work with staff ceases to be possible. Most often this is due to the growth of the organization - in a company of 10-15 people, it is still possible to control the situation in the company manually, but with a large number of employees the manager begins to "sink."
At the same time, the risk of security incidents increases. When an organization ceases to be a small group of like-minded friends, and this inevitably occurs as a result of growth, there are tasks associated with reducing the risks from unfair behavior of employees.
To obtain an objective picture of what is happening in the company, and, in particular, to ensure safety, various methods of personnel control are used. On organizational measures at another time, I want to talk today about the technical side of the issue and how different the methods are effective.
')
ACS + CCTV
In classical industries, the ACS + video surveillance bundle is usually used to control employees. The access control system (access control system) most often consists of the following: each employee has a pass that he applies to the reader at the entrance - the time of arrival and departure from work is logged and controlled. As a second line of defense, camera recordings are used.
In the case of large factories and enterprises, there are often some employees who do not have particularly warm feelings for the employer, but they do have sufficient “ingenuity” - someone at the entrance “punches” the pass not only for himself, someone tries to take the products out of the enterprise. Because of this, sometimes the work of security at such enterprises turns into endless cat and mouse with employees.
In case of suspicion - the security of the company takes control of the employee, views the video or may search it at the exit. This method of protection is more or less effective to protect against the removal of products, but in the context of information security it is helpless - software tools are already required for this.
Free and system tools
In the case of control over the work of staff in modern offices, the situation becomes more difficult - the working day is often not standardized, and it is not only the physical presence that needs to be controlled in companies.
To control working time, you can use the same access control system or download data from Active Directory. Sometimes the control of working time is integrated into CRM systems. The problem in this case is obvious - everything that is outside of the CRM system cannot be controlled.
Mail and messengers can be monitored using sniffers (modules that intercept messages) - the only problem is that then you have to sacrifice the antivirus protection of work computers. The overwhelming number of antiviruses will not allow to run such programs on the computer.
In the cloud products for business from Google and Microsoft (Google Apps Unlimited and Office 365 Business, respectively), it is possible to customize the rules that check employees' mail and documents for the presence of keywords or data types. This, of course, is not a replacement for a full-fledged security system, but it can be used. And to control certain aspects of the work of employees, you can use free remote access tools.
With the help of system administrators with all of the above funds, you can get some kind of personnel monitoring system. However, control in this way will be at least incomplete, and systematization and accounting of the data obtained will drive the employee responsible for it to mind.
Approximately the same result awaits a security man who will try to solve security issues without special software — this will require a number of crutches that are incompatible with effective work.
Time tracking and employee control systems
The ethics of analyzing employee correspondence raises questions and controversies — however, interception is used everywhere, especially in large companies. The main task is to protect confidential company data from insider threats. Also, the analysis of internal communications is often used to identify disloyal employees. A vivid example is the loud dismissal by Yandex of a number of employees of the Kinopoisk service it purchased. According to the dismissed, the reason is sharp criticism of restarting the service in the internal chat of employees. According to a statement from Yandex, employees in this chatroom disclosed commercial secrets to third parties (former colleagues). Anyway, an unpleasant situation for the company was discovered by security staff, and most likely due to the use of a DLP system (from data leaks Prevention - data leakage prevention) or a similar product.
A castrated version of the DLP systems are the so-called personnel control systems. Most often, they are a “packaged” package of sniffers for a number of popular communication channels, such as Skype, email, or social networks, complemented by the ability to remotely connect an employee and keylogger to the desktop.
With the help of such a tool, you can see the working hours of employees, monitor their actions on workers and computers, and conduct partial monitoring of correspondence. In principle, for a very small company this may be enough, but more comprehensive solutions are needed for quality work.
DLP systems
More technologically sophisticated are DLP systems. If sniffers and “employee control tools” simply intercept information, then DLP systems go further - along with interceptions they also automatically analyze the intercepted information. Thus, the task of finding "harmful" information is shifted from the shoulders of the security officer to the car. He only needs to correctly configure the rules and pay attention to the system reports on incidents.
There are a lot of options for these rules and analysis methods - you can make a notification about the launch of a process on a workstation, check correspondence for regular expressions (for example, TIN or passport data) or set up notification and blocking of transmission of a certain file format to a USB drive. In general, you can automate anything and everything.
Most of these systems are also able to recognize the transliterated text (napisannyi latinskimi bukvami), changes in the file extension and other possible tricks of potential intruders.
With all this, it is worth remembering that no matter how effective the control method is used - it will be helpless if the company does not have adequate management and corporate culture. On the other hand, even in the most loyal in relation to the employees of the organization there is always the likelihood of the appearance of a “weak link” and in the absence of control this link can cause considerable damage. Finding a balance between these two extremes is the most important task for the security service and management.
At the same time, the risk of security incidents increases. When an organization ceases to be a small group of like-minded friends, and this inevitably occurs as a result of growth, there are tasks associated with reducing the risks from unfair behavior of employees.
To obtain an objective picture of what is happening in the company, and, in particular, to ensure safety, various methods of personnel control are used. On organizational measures at another time, I want to talk today about the technical side of the issue and how different the methods are effective.
')
ACS + CCTV
In classical industries, the ACS + video surveillance bundle is usually used to control employees. The access control system (access control system) most often consists of the following: each employee has a pass that he applies to the reader at the entrance - the time of arrival and departure from work is logged and controlled. As a second line of defense, camera recordings are used.
In the case of large factories and enterprises, there are often some employees who do not have particularly warm feelings for the employer, but they do have sufficient “ingenuity” - someone at the entrance “punches” the pass not only for himself, someone tries to take the products out of the enterprise. Because of this, sometimes the work of security at such enterprises turns into endless cat and mouse with employees.
In case of suspicion - the security of the company takes control of the employee, views the video or may search it at the exit. This method of protection is more or less effective to protect against the removal of products, but in the context of information security it is helpless - software tools are already required for this.
Free and system tools
In the case of control over the work of staff in modern offices, the situation becomes more difficult - the working day is often not standardized, and it is not only the physical presence that needs to be controlled in companies.
To control working time, you can use the same access control system or download data from Active Directory. Sometimes the control of working time is integrated into CRM systems. The problem in this case is obvious - everything that is outside of the CRM system cannot be controlled.
Mail and messengers can be monitored using sniffers (modules that intercept messages) - the only problem is that then you have to sacrifice the antivirus protection of work computers. The overwhelming number of antiviruses will not allow to run such programs on the computer.
In the cloud products for business from Google and Microsoft (Google Apps Unlimited and Office 365 Business, respectively), it is possible to customize the rules that check employees' mail and documents for the presence of keywords or data types. This, of course, is not a replacement for a full-fledged security system, but it can be used. And to control certain aspects of the work of employees, you can use free remote access tools.
With the help of system administrators with all of the above funds, you can get some kind of personnel monitoring system. However, control in this way will be at least incomplete, and systematization and accounting of the data obtained will drive the employee responsible for it to mind.
Approximately the same result awaits a security man who will try to solve security issues without special software — this will require a number of crutches that are incompatible with effective work.
Time tracking and employee control systems
The ethics of analyzing employee correspondence raises questions and controversies — however, interception is used everywhere, especially in large companies. The main task is to protect confidential company data from insider threats. Also, the analysis of internal communications is often used to identify disloyal employees. A vivid example is the loud dismissal by Yandex of a number of employees of the Kinopoisk service it purchased. According to the dismissed, the reason is sharp criticism of restarting the service in the internal chat of employees. According to a statement from Yandex, employees in this chatroom disclosed commercial secrets to third parties (former colleagues). Anyway, an unpleasant situation for the company was discovered by security staff, and most likely due to the use of a DLP system (from data leaks Prevention - data leakage prevention) or a similar product.
A castrated version of the DLP systems are the so-called personnel control systems. Most often, they are a “packaged” package of sniffers for a number of popular communication channels, such as Skype, email, or social networks, complemented by the ability to remotely connect an employee and keylogger to the desktop.
With the help of such a tool, you can see the working hours of employees, monitor their actions on workers and computers, and conduct partial monitoring of correspondence. In principle, for a very small company this may be enough, but more comprehensive solutions are needed for quality work.
DLP systems
More technologically sophisticated are DLP systems. If sniffers and “employee control tools” simply intercept information, then DLP systems go further - along with interceptions they also automatically analyze the intercepted information. Thus, the task of finding "harmful" information is shifted from the shoulders of the security officer to the car. He only needs to correctly configure the rules and pay attention to the system reports on incidents.
There are a lot of options for these rules and analysis methods - you can make a notification about the launch of a process on a workstation, check correspondence for regular expressions (for example, TIN or passport data) or set up notification and blocking of transmission of a certain file format to a USB drive. In general, you can automate anything and everything.
Most of these systems are also able to recognize the transliterated text (napisannyi latinskimi bukvami), changes in the file extension and other possible tricks of potential intruders.
With all this, it is worth remembering that no matter how effective the control method is used - it will be helpless if the company does not have adequate management and corporate culture. On the other hand, even in the most loyal in relation to the employees of the organization there is always the likelihood of the appearance of a “weak link” and in the absence of control this link can cause considerable damage. Finding a balance between these two extremes is the most important task for the security service and management.
Source: https://habr.com/ru/post/333384/
All Articles