Have you ever seen the “gorilla” video experiment? It’s a classic example about the challenge of noticing problems. Viewers are asked to watch a video; look now. Your mission: count how many times players wearing white pass the basketball.
There’s a surprise lurking inside the video: a person in a gorilla suit walks through the video! However, many viewers don’t notice this surprising element. Detecting suspicious activities at your company is a lot like that. Unless you’re aware, trained, and equipped, you may not see suspicious activities.
Manual vs. Automated Ways to Detect Suspicious Activities
Fundamentally, there are two broad ways for companies to detect problematic activities. First, they can use manual methods, such as a manager noticing something strange about an employee. Second, they can rely upon software solutions to provide reports. Software tools need to be configured to filter truly suspicious activities from benign actions.
Both methods have a place, but they require support to be effective. Support and guidance are important because you don’t want to irritate employees with “false positive” reports of suspicious behavior. Not only will that approach make you “the boy who cried wolf,” but it also raises questions about the competence of your management team. To avoid those awkward questions, take a step back and think about suspicious activities.
Tip: A large number of password reset requests may be a signal of suspicious activity. That’s not the worst part. If your organization’s help desk is overwhelmed with these requests, you’re wasting money. How much? Find out about the true cost of password reset requests.
What Kinds of Suspicious Activities Matter for Security?
For our discussion, we’re going to focus on computer activities in the workplace. Here are some of the suspicious activities managers commonly look for:
- Slacking off: A bit of personal internet use is fine, but hours and hours of browsing and shopping raises suspicions that you have a disengaged and bored employee on your hands. However, if an employee still completes all of his or her work on time and to standard, you may choose to prioritize your focus on other matters.
- Personal email and social media: Unlike general web browsing, these activities are higher risk because confidential data may be shared without authorization. If employees use personal services at work, they’re more likely to fall victim to “password reuse disease.”
- Unusual access requests and changes: Are you seeing an above average number of access or change requests from a user? What about a spike in the number of password reset requests? These are potentially alarming changes.
- Unusual building access activity: Do you use access cards to control access to your building? If so, monitor those access card logs for unusual patterns. A sudden spike of late night visits to the office may be cause for concern. If the employee has access to server rooms and other sensitive assets, this after-hours access may be even more disconcerting.
Asking managers to notice every kind of suspicious activity is a tough sell. After all, they have a day job to do. Obsessively monitoring employee behavior isn’t going to work in the long term. Managers are already overworked; asking them to stay late to review employee activity logs is likely to be a burden. Thankfully, there’s an alternative.
How Can You Solve This Problem?
One of the best ways to solve the suspicious activities problem lies in reducing the “attack surface” for your organization. In brief, reduce the opportunity for misbehavior for your employees. That way, even if something does fall between the cracks, such problems will be infrequent. To make this happen, we recommend focusing on access governance.
How Does Access Governance Help Reduce Suspicious Activities?
To answer that question, let’s contrast two different situations where access privileges are abused. Let’s assume that your employees fall victim to a phishing scam, and a hacker has hijacked credentials.
John works in a fast growth company with minimal controls. He comes into work each day, logs into his PC, and gets down to work. He has access to dozens of company systems but only needs a handful of them to do his work. Everything goes smoothly until his employee access credentials are hacked. The next day, suspicious activity notifications start coming in. There are five password reset requests for different systems in less than an hour. Then, John’s account is used to approve some invoices for payment to a vendor nobody has heard of. Yikes!
What does this situation look like if you operate in an environment with tighter controls?
In this company, Jane has the same morning routine. She gets down to work after logging in. She still has significant access privileges to various systems as head of the software quality assurance department. Like John, her access credentials are hacked. However, that’s where the stories diverge. Since her company has robust access governance, hackers are not able to do much with her credentials. Specifically, there’s no ability to commit fraud.
When you have effective access governance, the impact of a potential fraud event is reduced substantially.
The Path to Automated Access Governance Starts Here
Bringing access governance to your company is an excellent way to reduce cybersecurity risk. To make the process easier, we recommend using software solutions so you have a reliable process in place. Start by using Password Management so employee password resets are centrally managed and convenient. Next, govern access privileges using Compliance Auditor. In combination, these solutions go a long way toward minimizing your security attack surface.
Reducing risk isn’t the only benefit of improving access governance; you can also save time on your annual IT audits and compliance reviews. Instead of manually collecting emails and spreadsheets to show approval over emails, all those records are maintained in Compliance Auditor. You merely need to download a few reports, send them to your auditor, and carry on with your day.