This document is intended to assist company executives determining how to best implement a user activity monitoring and / or user behavior analytics program. The decision to begin monitoring employee digital activity is usually made for one of two reasons:
- Reactive Investigation: Something bad has happened or there is suspicion that something bad has happened or is about to happen. The organization has cause to investigate a person or group of people.
- Proactive Strategy: The organization seeks to improve its internal security against insider threats, improve productivity and efficiency, or both.
Monitoring user activity & behavior has significant benefits:
- Increased security against insider threats”
- Detection, the number one priority when dealing with insider threats, requires visibility into user activity and detecting for anomalies in user behavior
- Responding to insider threats requires detailed, contextual activity data that can be easily digested by the extended response team
- Productivity increases driven by:
- Identifying employees having trouble staying on task so that they can be managed effectively
- Identifying the top “time drain” activities enterprise-wide; implementing and tracking adherence to policies designed to maximize productivity
- More efficient and effective employee investigations, leading to:
- Termination protection – documentation of justification to head off wrongful termination claims
- Reduced cost associated with investigations through less time spent assembling evidence and reducing reliance on expensive, specialized skill sets forensic tool sets require
Security & Risk professionals recognize the value and benefits of analyzing user behavior and monitoring user activity. At times, legal and HR staff have questions that must be addressed prior to implementation.