Utilizing Employee Monitoring Software For Operational Efficiency And Data Security
Dr Christine Izuakor: Welcome to the Veriato Insider, a podcast covering some of the latest trends and things to know in cybersecurity. This podcast is sponsored by Veriato, which is an award-winning employee monitoring and insider threat detection software provider. To learn more about how Veriato can help protect your company, check out very Veriato.com.
Employee activity links to productivity
Dr Christine Izuakor: I'm Dr. Christine Izuakor, your host for today's segment, and today we're covering the topic of leveling up from employee monitoring to operational efficiency. Of course employees are the heartbeat of an organization, and like any major organ, it's important to prioritize the health, safety, and efficient operation of your people, right? Now, remote working has made it challenging to oversee employee activities, and since day-to-day employee activity links to productivity and in turn operational efficiency, the measure and oversight of employee performance is vital to the health of an organization.
Dr Christine Izuakor: Now, before we jump into this more, I'd like to welcome Anthony Lauderdale, who is our special guest on today's podcast. Anthony is an established cybersecurity professional who has an extensive background building and leading cybersecurity teams in the intelligence community, and the startup industry, and large organizations as well, such as the FBI, Motorola, United Airlines, and now Zoom.
Dr Christine Izuakor: Anthony holds a Master's Degree in International Studies, and is a triple Bachelor's Degree, so triple threat in Economics, International Studies and Political Science. Anthony is also a certified information system security professional, and lastly, and probably one of my favorite things, Anthony is also very passionate about developing the next generation of professionals through mentoring and critical areas. Areas like networking, resume building and so on. Tons of valuable insight here at the virtual table with us today. Very excited to have you Anthony. Welcome to the podcast.
Insider threats and employee monitoring
Anthony Lauderdale: Yeah. Yeah. Thank you. Thank you very much for having me. I'm excited to discuss insider threats and employee monitoring.
Dr Christine Izuakor: Awesome. Why don't you kick us off with a little bit about your background.
Anthony Lauderdale: Yeah. Awesome. As you said in my introduction, I do have a non-traditional background. I didn't go to school even with the intent of being in cybersecurity. I really wanted to be a diplomat, so that's why I triple majored, and also studied Arabic. My goal was to really be, like I said, an ambassador, so I came to Chicago, studied at DePaul. Had only being here for two years, and then my goal is to be somewhere in the Middle East doing trade policy and things of that nature.
Anthony Lauderdale: As they say, "Life happens," so when I was finishing up my degree at DePaul, the economy really tanked. This is the 2008 timeframe, and I really just job hopped, like everyone else was doing, and I ended up moving back home to Nashville. I was actually a director of a daycare, which surprises people when I kind of tell them that. I had already applied to a job at the FBI, but getting a top secret clearance takes, depending, anywhere from, on a quick side it's six months, but it can be years, kind of just depending on your work history and background, and how many countries you've traveled to, et cetera.
Anthony Lauderdale: Had that job, and I was really kind of praying for the job of the FBI to come through, it did. Then my start at the FBI was a lot of the traditional stuff, right? Your drug type stuff, your healthcare fraud, your white collar crime, and I transitioned from there into cybersecurity, and I just kind of put my head down. I got my technical skill sets really from SANS, just studying and getting those certifications, so in three years I got eight certifications from there and navigated to the private sector. My first job was Motorola Solutions, quickly got to the head of it, and this was within a year. Pivoted to United, where I was a director, and now I'm at Zoom, or I'm the head of detection and response. That's a quick just summary of really the last 10 years of my career.
Dr Christine Izuakor: Yeah, nice. So much in so little time, so definitely an impressive just resume of experience and accomplishments.
Dr Christine Izuakor: Now, digging into the topic a bit more, so employee monitoring technology isn't new, right? However, it's evolving a lot, especially as employers work to ensure that potential insider threats are being monitored and expectations are being met, especially in this remote era. How have you seen the use and value of employee monitoring technology evolve over the last few years?
Anthony Lauderdale: Yeah, that's a great question. It's really evolved a lot when you think about it, right? Cybersecurity as a field really didn't even exist 10 years ago, 15 years ago. Historically, these programs were really built on relationships, and they really sat more in HR, compliance, and things of that nature. Essentially, "If we see something, say something," right? That would trigger an investigation, depending on who or what was involved, right? If it's insider training and things of that nature, you may get law enforcement involved, or it may be something that kind of stays internal, but as technology has evolved, and as now, this whole thing called cybersecurity exists, and you really see this within any Fortune 500 company, now we're willing to move into UEBA, right? To where you can really drill down into the user's behavior. Right?
Anthony Lauderdale: This is the first time they've accessed this file. If someone traditionally works Monday through Friday, from nine to five, and now we have this weird anomalous activity where two weekends in a row, they come in on a weekend, right? That's something that an insider threat team may kind of look into, because that's a red flag. Historically that type of stuff has been really hard to track, because again, we weren't really monitoring logs and things of that nature. It was more of, if you see something, say something. That's really the evolution that I've seen, is that now we really have UEBA, and we also have cybersecurity teams who are staffed to kind of look for this anomalous behavior and act on it.
Similarities between employee monitoring for insider threats versus operational efficiency
Dr Christine Izuakor: Yeah, absolutely, and on that same note, so we're starting to see organizations see these great opportunities to slice and dice employee monitoring data that is already being collected, and analyze that in ways that can have a positive impact on operational efficiency, drive better business results, and so on. From your perspective, what synergies or lack thereof do you see between employee monitoring for things like insider threat versus operational efficiency?
Anthony Lauderdale: Yeah. Great question. It really depends on where the organization is. Right? Say it's an organization that's already mature, when you take something like insider threat, you kind of tack that on. You're really just telling them first and foremost, look, insider threat, or whatever you want to call it, some people will say mitigation, because threat is a scary word. It's really, we're here to help. It's really kind of explaining to them, the use cases, the best practices, and that we're really looking for malicious and more importantly, non-malicious actors, right? I mean, there's a lot of people who come to work and they're just trying to get their job done, and through trying to get their job done, they may do something that comes across as an insider threat. Right?
Anthony Lauderdale: The classic example I usually use is Google Drive, OneDrive, what have you, you want to share it to 30 people. You're like, "Well, I just want to do this quick," so what most people do is they'll just say, "Well, share all," right? But the reason why that's not malicious is the intent is good, but if someone were to take that file and share it externally, we don't have control over that anymore. That's really, when I think through the mature organization, it's really just about aligning with HR, with compliance, with the internal stakeholders, and saying, "Hey, we're here to help." Some people go as far as calling it more of like a wellness program to where it isn't even an insider threat per se, it's just like it's...
Anthony Lauderdale: Then wording also matters. You'll see initially when these programs get stood up, you'll see where it's like Detect, Deter, Deny, right? Are those really the words you want to be using with your employees? Or Educate, Inform, right? Those are little things that I've kind of seen. If the program is a bit on the immature side, then obviously there's a bit more work to do, because you're kind of rapidly building with HR, with compliance, and things of that nature. Then we kind of just think through the overall efficiency. We kind of hit at it early with logging, right? At the end of the day, logs can be used in a variety of different ways. Insider threat is one, but there's other ways in which you can use those where they kind of get better efficiency with data analytics and things of that nature.
Anthony Lauderdale: Yeah, it really just depends on where you are in your journey. Obviously everybody wants to get to the point where you are a bit more mature, but if you're in a startup environment where you didn't have an insider threat program or HR compliance, then usually everyone's going to hit the ground running at the same time.
Dr Christine Izuakor: Yeah, absolutely. I love what you said about the branding piece and replacing things like threat detection with sort of wellness programs. I think that's so powerful.
Dr Christine Izuakor: Now, I'm curious. Do you have any examples that you've experienced, or maybe you've heard of case studies or companies have successfully been able to elevate from an employee monitoring mindset to operational efficiency, and what did that look like, if so?
Anthony Lauderdale: Yeah. I do. Unfortunately, the way that these things work is typically if you worked on it, you can't obviously talk about them. There's some that, within media, that I can kind of share. I guess to start with, a historically way that it's kind of been done. You look at, I want to say it was about probably 15 years ago, or so now, the classic Coke, Pepsi, insider theft, trading, whatever you want to call it. Well, actually trade secrets, sorry. There was a Coke employee who was trying to sell the latest product that they were making to Pepsi. What actually kind of happened in this case, is the Pepsi employee notified Coke, and then the two employees, the two Coke employees actually got arrested. That's the more traditional things that we've seen.
Anthony Lauderdale: Again, that's what I kind of began with though, right? Is the education, the awareness, the fact that, that employee... Everyone knows it's wrong, right? That's an obvious thing of, "Hey, I'll sell this to you for $1.5 million," but this is where the education, awareness, informing, kind of comes into play, because that employee was educated on insider threats, and really knew the next steps to take, to inform Coke and law enforcement on kind of what to do.
Anthony Lauderdale: More recently, what we've seen is, so Tesla, I want to say this earlier this year, or last year, there was an individual who approached a Tesla employee in a bar and essentially said, "I'll give you half a million dollars if you plant ransomware on your internal system." You do see some of that as well. Or people would get approached, either close to their company, or people do monitor social media and kind of know who you are. They know you're going to be going to a conference or something like that, and will actually approach you there.
Anthony Lauderdale: Then on the non-malicious side, this one was about 10 years ago or so. There was a iPhone 5 prototype, so there was an individual who worked for Apple, went to a bar, left that phone there. The reason why that's non-malicious, is again, he didn't have any malicious intent. He wasn't going to meet a competitor or anything like that. He was just out and about testing the phone, forgot about it, left it at the bar. But again, yeah, it's just a variety of ways where even if you don't have that malicious intent, you still can be an insider, because say, if a competitive where to get that phone, that prototype for what Apple has produced and then they can theoretically make a better product then than Apple can because of that.
Dr Christine Izuakor: Right. Yeah, exactly. Which does not help with business in general or efficiency by any means.
Best practices for employee monitoring to increase operational efficiency
Dr Christine Izuakor: As we wrap things up, one of the last questions, what best practices would you recommend for gathering and leveraging actionable employee monitoring data to increase operational efficiency? Then also, if there are any other final thoughts you want to add, feel free to share as well.
Anthony Lauderdale: Yeah. Great question, relationships. Where I've seen, not only insider threat, but quite frankly, any program that I've kind of built, fail, is people want to operate in silos. Starting my career at the FBI, something that was really drilled into me is September 11 occurred because FBI, CIA, and NSA weren't talking. One of the things that I do with any program I build, is relationships. With insider threat, I hit on it earlier, but like HR, legal, compliance, these are really the people who need to be key stakeholders. Right? You think about if an employee gets put on a PIP, right? In my view, that's something that I need to know right away, because no one starts off their career as an insider, they usually over time, kind of harden.
Anthony Lauderdale: With the FBI, there's an SF86 that everyone fills out, where it kind of digs into your personal life, and things like that. In law enforcement, if you were to get a DUI, or something like that, that's something that's actually reportable rather than private sector, you don't really have those type of mechanisms to kind of report that type of activity.
Anthony Lauderdale: For me, it's really about those relationships, because usually when people become an insider threat, it's the last resort, right? It's "Hey, we've tried all of these actions. We know that this person has X, Y, Z going on," whether another employee kind of came to them and said, "Hey, this person's harassing me." Or, "Hey, this person isn't showing up for work," or what have you, but if we get brought on as a last resort, as opposed to a first, there's not really too much we can do.
Anthony Lauderdale: The issue though, is people don't really understand what insider threat, or mitigation, or risk is, and because of that, if you don't have those relationships built out, then people typically don't really come to you. My personal philosophy is build out those relationships, and then quite frankly, have those teams come to you early and often. Then, "Let me tell you no," is what I always say. "Come to me, let me tell you no, that isn't anything to worry about," as opposed you saying, "Well, Anthony, isn't going to do anything about this."
Dr Christine Izuakor: Yeah, yeah, absolutely. Really, really good points. Any final thoughts or last thing that you want to add as we close out?
Anthony Lauderdale: Yeah, for sure. Thanks for having me. I think it's really the big thing, as far as last remarks, I think that insider threat and quite frankly, cybersecurity is definitely here to stay. I think that as organizations grow and mature, it really does lead to operational efficiencies, and it really sets you up for success, so thank you for having me.
Dr Christine Izuakor: Awesome. Well, thank you so much for joining as well, and hey, that concludes the Veriato Insider Podcast for this week. Again, this podcast is brought to you by Veriato, an award-winning cybersecurity company whose solutions are anchored around four core areas of cybersecurity protection, including employee monitoring and web filtering, insider threat detection, employee investigations, and ransomware support.
Dr Christine Izuakor: To learn more about how Veriato can help protect your company, check out Veriato.com. Thank you all for tuning in and again, a special thank you to Anthony for sharing your perspective. I'm Dr. Christine Izuakor, the CEO of Cyber Pop-up and it has been our pleasure to share these insights with you, so until next time, stay safe and secure insiders.