How User Activity Monitoring Works
The main objectives of user activity monitoring are to ensure that users are acting responsibly with data and to protect all information held within an organization. This needs to be done alongside ensuring availability of the data when required and meeting data privacy compliance regulations.
UAM is used to track the various types of user activity, including all system, data, application, and network actions that users take. This could be, for example, their web browsing activity or tracking whether users are accessing unauthorized files. These onscreen user activities are maintained in a log, which is accessible to managers who can then evaluate workforce analytics.
All the information gathered during UAM must be looked at within the confines of company policy and with regard to the particular user role being analyzed to assess whether inappropriate activity is in play. What constitutes “inappropriate user activity” is for the company deploying the UAM solution to determine, and can include anything from shopping during work hours to theft of sensitive company data such as financial information.
User Activity Monitoring includes features such as:
Real-time activity monitoring
Real-time activity monitoring allows you to monitor employee activities taking place in real-time, so you can observe and analyze data about what’s happening now. Computer activity monitoring solutions track how employees are using their laptop or desktop computers, but these solutions can extend to mobile monitoring on phones and tablets in cases where there are employees who frequently swap between devices.
User Activity Reports
If there is a lot of user activity data to analyze, some solution providers organize all of this information in an easy-to-understand User Activity Report.
Malicious Website Blocking
This feature allows you to restrict access to websites that are distracting for employees. Often, companies choose to block social media websites, online gaming portals, entertainment, and streaming websites such as Netflix. However, this can be customized based on the needs of your organization.
Productivity Tracking
This feature assists in tracking the productivity level of any employee. With productivity tracking, you can help your employees to improve in areas of work where they have difficulty. This results in less burnout, higher engagement, and an overall improvement of the productivity of an organization.
Activity-based Alarms
Whenever a predefined condition is matched by an activity being performed, an alarm is triggered. These alarms give an immediate notification about unwanted activity.
Benefits of User Activity Monitoring
There are many different tools offering different levels of functionality related to user activity monitoring. Privileged Access Management (PAM) tools, User and Entity Behavior Analytics (UEBA) tools and other forms of general security software offer siloed aspects of user activity monitoring.
There is no complete user activity monitoring software. But, if you’re looking for the most value for your money, then I would suggest you look for a data security platform that offers real-time alerting and at least some UEBA functionality.
Data security platforms work to monitor, track and alert on suspicious user behavior on a continuous basis. Users can receive notifications in real time as to anomalous user activity so that they can react in a timely manner.
You do not have to employ a team of people or even one individual to do user activity monitoring. A good data security platform such as the Lepide Data Security Platform will do most of the work for you in this regard.
Here are some of the key benefits of implementing User Activity Monitoring:
Data Security
One key reason to monitor users is to secure a company’s data, both physically (IT security) and digitally (cybersecurity).
Malicious patterns associated with potential data breaches can be detected when a comprehensive UAM platform is implemented. This is true whether the patterns come from customers or employees and any kind of unwanted change will be logged and potentially blocked, depending on its severity.
Legal and Compliance
Compliance monitoring is a regulatory requirement for companies and it also involves looking at user data and behavior. Relevant data must also be logged when submitting a suspicious activity report.
Productive Workflow
It is essential to understand the strengths and weaknesses of an employee to assign them tasks which align to their potential. UAM allows companies to observe this and when the right tasks are assigned to the right people, it leads to an increase in the productivity of the organization.
The Legal and Ethical Aspects of UAM
As User Activity Monitoring is a form of surveillance, it is subject to both legal and ethical considerations.
In most European countries and most US states, it is legal for the entity that owns a network or a device to monitor the activities of individuals using those resources. The same general rule applies to personal devices that have been formally approved for work use within a BYOD (bring your own device) program. The memo on Workplace Privacy and Employee Monitoring maintained by the Privacy Rights Clearinghouse (last revised March 25, 2019) states clearly in its introduction that, “unless company policy specifically states otherwise, your employer may monitor most of your work activity.”
There are, however, wider laws that control the monitoring and storing of electronic communications that need to be considered when implementing user activity monitoring.
In the US, the relevant federal law is the Electronic Communications Privacy Act (ECPA) of 1986, which also includes the Stored Wire Electronic Communications Act. The ECPA safeguards “wire, oral, and electronic communications while those communications are being made, are in transit; and when they are stored on computers.”
In the European Union, the General Data Protection Regulation (GDPR) enacted in May 2018 includes clauses that restrict when and how personal data can be collected, stored, and used. Since collected UAM data may contain personal data, GDPR requirements are to ensure that care needs to be taken to store it safely, obfuscated and encrypted, and retained only for as long as minimally necessary.
Apart from strict legality, however, there are also ethical considerations that need to be considered regarding user activity monitoring. User activity monitoring should be implemented for legitimate business needs only. For example, monitoring content is not essential to assessing an employee’s performance or risk profile. In such cases, monitoring should be based on open data, such as the website which has been accessed, rather than the actual content viewed within the website. It is also important to ensure that the personnel with access to monitored data is limited and should be on a strict need-to-know basis only.
User Activity Tracking and Monitoring Best Practices
1. Determine What to Watch
As we previously discussed, user activity monitoring involves a variety of things you could potentially prioritize. You need to decide what’s important to you, whether that be session recording, event logging, UEBA and more. What you want to monitor will determine with UAM solution you should go for.
2. Cut Through the Noise
Getting a solution that can sift through the large volumes of data generated by event logs and present the information in a readable and actionable format is going to be key in reducing the time it takes to spot and react to a potential data breach.
3. Monitor Privileged Users as a Priority
The users who have access to your sensitive data (trade secrets, PII, intellectual property etc) are the ones that pose the greatest risk to your data security. As such, you need to be able to identify which users have these permissions and monitor them more closely. You should also keep an eye on permission changes to ensure that permissions don’t escalate.
4. Implementing Policies and Practices
This is where most of your users will switch off and be the cause of unintentional data breaches. No-one likes following strict password policies or attending data security awareness training. But these things are essential when it comes to reducing the risk of insider threats. Your challenge is to find a way to get your users to follow these policies.
5. Perfect Your Incident Response Plan
If you or your UAM solution does detect any anomalous user activity or that a potential data breach is in progress, it’s important that you are able to react quickly and efficiently. To do this you will need to have a well thought out and tested incident response plan. All members of the team and all members of the organization should know what to do in the event of a data breach to mitigate the potential damages.
UAM Tools
There are many types of user activity monitoring tools available. They have different features for different purposes, which could be tracking activity for many users or looking into activity for one user. Employee activity monitoring software may also vary based on the devices they can monitor. Some solutions can monitor computer activities only, while other more comprehensive tools may include monitoring for other types of devices including phones and tablets.
The more robust UAM tools analyze the gathered data in real-time to then be able to extract actionable insights. This enables the IT team to be alerted quickly about any anomalous or risky activity through dashboards, reports, and proactive notifications. These tools also retain historical data for offline auditing and compliance purposes.
Many UAM tools have modules for deploying and enforcing authentication and access control, with a focus on privileged user accounts. They can also identify and validate users who have been given access to shared accounts such as Google Drive which is often a high-risk practice commonly exploited by malicious attackers. The authentication and access control modules can establish and enforce corporate rules regarding password management as well as blocked websites and apps.
How Lepide Helps
The Lepide Data Security Platform is an award-winning solution that combines many of the user activity monitoring features that would otherwise be siloed. It enables users to find out where their sensitive data is, see who has access to it, monitor user activity (including anomaly spotting) and ensure that their environment is secure.
It also comes pre-packaged with those all-important real-time alerts and pre-defined reports that will help you save both time and money. Come and see how the Lepide Data Security Platform can help you improve your data security and reduce the risk of compliance penalties.