Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Privacy vs Employee Monitoring and Internal Investigations
January 25, 2021
An interview with Brian Wrozek, VP and CISO.
Companies have the right and need to monitor, but they must demonstrate a legitimate business purpose, especially when they’re monitoring oral and electronic communication.
We have an obligation to protect company IP as well as client data and employee information, all of which requires monitoring for inappropriate and unauthorized activities. This has become more of an issue lately with so many people working from home thanks to COVID.
It may not be possible to keep all information completely confidential, since other parties may need to be involved in the investigative process. But investigative information should be shared on a “need to know” basis only. The good news is this isn’t new for security pros. Confidentiality is part of the daily job.
I advocate a team approach to investigations: Legal, Security, HR and Ethics if it’s a separate role. Require at least two members from each function to be involved in all investigations. Each group brings their unique perspectives and proficiencies: HR specializes in interpersonal skills. Security specializes in investigative and evidence gathering techniques. Legal provides privileged and work product immunity protection. In addition, it also protects the investigators. With this approach, no individual can be accused of going after an employee because several others are involved in the investigation. It also gives the help desk and other IT administrators a safety net if they get pressure from a manager to do something that makes them uncomfortable. For example, say a manager asks the help desk to provide access to an employee’s email inbox. Help desk reps can now say – truthfully – that they’re required to open an investigation with Security. This ensures the right process is followed and protects the privacy of employees.
And this is especially important: care must be taken that security and compliance monitoring doesn’t morph into employee performance monitoring. That’s a pure management issue but it may involve some of the same tools. This is a greater concern today as managers are struggling with how to measure performance in a predominately remote workforce. Look at two recent developments that bring this struggle to the forefront: Zoom’s attention tracking feature and Microsoft’s productivity scoring. While these tools offer tremendous productivity benefits, they can easily be used in a way that fosters a culture of mistrust, which in turn hurts productivity and morale.
Again, transparency and oversight of management is key when it comes to performance monitoring.
Privacy and security will become more intertwined going forward. Now is the time to work together with HR, Legal and Audits to build the appropriate company culture when it comes to balancing employee privacy and protecting the company.
Data Privacy Day, sponsored by the National Security Alliance, is an international effort held annually on January 28 to create awareness about the importance of respecting privacy, safeguarding data and enabling trust.
January 03, 2019
Optiv’s Privacy and Governance service provides security assessments and strategy to build out your entire procedural framework.
September 09, 2019
With mounting regulations, connectivity, and an explosion in data, privacy management programs are critical components of an overall security program....
March 04, 2020
NIST’s Privacy through Enterprise Risk Management helps organizations improve privacy practices.
Let us know what you need, and we will have an Optiv professional contact you shortly.