If you assume most security incidents in your organization originate with a small subset of employees, you’d probably be right. Internal threats (which usually stem from employee negligence) are among the leading causes of security incidents across all industries.

And, after several years of experience correcting other peoples’ mistakes, it’s pretty easy to identify which employees are most likely to cause issues based purely on your analysis of their behavior.

For example, you might predict it’s the employees who aren’t paying attention in all-hands cybersecurity training, your least tech-savvy team members, and those who approach technology with an air of nonchalance. (I.e., Often sharing passwords and ignoring the IT department’s company-wide warning emails.)

But accusing these employees without clear evidence of wrongdoing could land you in hot water, especially if it turns out your assumptions were rooted in unconscious bias.

Photo by Emiliano Vittoriosi on Unsplash

So what can you do to identify and correct your worst cybersecurity offenders without inadvertently engaging in discriminatory practices? By analyzing and documenting user security behavior.

Today we’re delving into how — but first, let’s address the basics:

What is User Security Behavior?

User security behavior refers to how a user (in this case, an employee) interacts with technology, treats sensitive information, and engages with potential threats.

Some examples of poor user security behavior include:

  • Poor password practices
    ( I.e., Sharing passwords, creating weak passwords, writing down passwords, or failing to change passwords on a regular basis.)
  • Lack of due diligence
    ( I.e., Opening email attachments from unfamiliar senders, clicking unfamiliar or sketchy-looking links, or sharing sensitive information via email or through forms on unverified sites.)
  • Ignoring company regulations
    ( I.e., Downloading unapproved software or using employee devices for prohibited activities like online gambling or viewing and downloading adult content.)

Photo by Matthew Brodeur on Unsplash

How Can I Analyze User Security Behavior?

There are a couple of ways you can analyze employee’s security behavior.

One way is to engage in heavy surveillance by monitoring all employees’ online activities and blocking them from a significant portion of the web. This way, you can prevent risks before they even arise. But, as you might imagine, this sort of draconian cybersecurity can create a toxic workplace experience where employees don’t feel trusted. And policing web usage requires a lot of time and energy your team would be better off spending elsewhere.

The second and more realistic choice is to leverage actionable threat intelligence. This way, you’re alerted only when employees are engaging in risky behavior — like, for example, if their information shows up in a recent breach. Employees are also alerted and have an opportunity to correct their errors and learn from their mistakes. Over time, employees will become more educated and aware of potential threats. And, because all employees are taking responsibility for mitigating risks, this alleviates the burden on security teams.

Also, by using a robust threat intelligence solution to analyze user security behavior, you can identify who is slacking off based on real statistical data rather than assumptions.

Photo by Adeolu Eletu on Unsplash

3 Tips for Correcting Employees and Strengthening Cybersecurity

Once you’ve begun analyzing user security behavior, the next step is to determine how you can use your data to drive better decision-making. Here are a few tips:

  • Make it a part of the employee review process
    When an employee underperforms, it negatively impacts the organization’s ability to achieve important goals — like hitting revenue targets. Usually, this calls for a coaching session from the employee’s manager and, if necessary, a performance improvement plan (PIP). The same should hold true for individual employees’ security performance. After all, if poor security behavior leads to a hack or breach, it could cost your company dearly.
  • Incentivize good security behavior
    The more employees who take security measures seriously, the less likely you are to become a hacker’s next victim. Consider motivating the workforce at the employee or team level by allocating bonuses or other incentives to those who are the safest.
  • Document user security behavior
    It’s essential employees have a chance to correct their mistakes because it allows them to learn more about potential threats — and they’re more likely to make better decisions in the future. But, after a certain point, if an employee’s security behavior doesn’t improve (or worsens), then they’re a liability to your company. Documenting security behavior helps HR take the necessary steps in the event they need to let an employee go.

Even if you think you know who your worst offenders are, it’s critical you remain above repute. Because while poor security behavior is a liability, so is bias and discrimination. By analyzing user security behavior, you can use data to determine who puts your organization at risk and leave personal assumptions at the door.