Balancing security and trust in the workplace

Richard Bourne at Liverton Security explores the positive and negative effects of monitoring employee email and data usage with examples of the consequences organisations face, following internal errors and malicious insider actions

 

As cyber-threats evolve, data security and privacy have become critical concerns for organisations worldwide and regulatory requirements have become more stringent, especially in the UK, with GDPR and the Data Protection Act that impose heavy fines for companies that breach the law.  

 

Companies are increasingly turning to employee monitoring as a means of protecting sensitive data. Monitoring staff emails and data usage can provide valuable insights into security risks and ensure compliance, but it also comes with ethical and morale-related challenges.

 

When employees feel they are under constant surveillance, it can lead to stress, decreased productivity, and a breakdown in trust between staff and management. 

 

Excessive employee monitoring 

The negative effects of excessive monitoring of the workforce include damage to morale, decreased productivity and legal concerns.

 

Staff morale 

One of the primary concerns regarding employee monitoring is the impact on staff morale. When employees feel they are being excessively watched, they may begin to feel untrusted and undervalued. This can lead to increased stress and anxiety, particularly if monitoring policies are not clearly communicated.

 

Employees who believe they are under constant scrutiny may engage less in their work, fearing that any small mistake could be held against them. 

 

Invasion of privacy 

Monitoring work emails and data usage can sometimes blur the lines between professional oversight and invasion of privacy. If employees use work email for occasional personal communications or store personal files on company devices, they may feel that their privacy is being infringed upon. This can lead to a sense of discomfort and reluctance to fully engage in their roles. 

 

Decreased productivity and increased staff turnover 

Paradoxically, while the intent behind monitoring is often to improve efficiency and security, excessive surveillance can lead to decreased productivity. Employees may become preoccupied with navigating workplace scrutiny rather than focusing on their work.

 

In environments where monitoring feels excessive, job dissatisfaction may increase, leading to higher staff turnover rates. 

 

Legal and ethical concerns 

Monitoring staff activities must be carried out in compliance with data protection laws such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If monitoring is deemed excessive or implemented without proper transparency, an organisation could face legal challenges and reputational damage. 

 

Benefits of employee monitoring 

Despite these challenges there are several important benefits that arise from an appropriate degree of employee monitoring; these include enhanced security, increased operational efficiency and strengthened compliance.

 

Enhancing security and preventing data breaches 

One of the most significant benefits of employee monitoring is its ability to prevent security breaches before they happen. Organisations handle vast amounts of sensitive data, and employees—whether intentionally or unintentionally—can be a weak link in data security.

 

By monitoring email activity and data usage, companies can identify suspicious behaviour, detect unauthorised access attempts, and prevent potential data leaks. Although primarily an external cyber-attack, an incident with British Airways in 2018, exposed the personal and financial details of approximately 400,000 customers. Investigations suggested that inadequate monitoring of internal processes contributed to the breach, as security gaps went undetected. This breach resulted in a £20 million fine under GDPR regulations. 

 

Ensuring regulatory compliance 

Many industries, such as finance and healthcare, are subject to strict data protection regulations. Monitoring employee email and data usage helps organisations remain compliant by ensuring that sensitive information is not shared improperly. Failure to comply with regulations can lead to severe penalties and reputational harm.

 

The UK’s National Health Service (NHS) has experienced multiple data breaches due to employee errors, such as unauthorised access to patient records and accidental email disclosures. These incidents demonstrate the need for robust monitoring systems to ensure compliance with data protection laws while maintaining patient confidentiality. 

 

Reducing the risk of insider threats 

Insider threats, where employees or contractors misuse their access privileges, are a major concern for organisations. By implementing monitoring tools, companies can detect anomalies in employee behaviour, such as large file transfers or access to restricted information outside of work hours.

 

Companies should also deploy software solutions that ensure that users only have access to the data that they require to perform their role. This proactive approach can prevent potential data theft or sabotage.  

 

A notable case in the UK involved a disgruntled Morrisons employee who leaked the payroll data of nearly 100,000 employees. This breach exposed sensitive information, including bank account details, and resulted in a lawsuit against the company. The case highlighted the dangers of insider threats and underscored the importance of monitoring employee activity to detect malicious actions early. 

 

Improving operational efficiency 

Beyond security, monitoring employee activity can also provide insights into workflow inefficiencies. By analysing how employees interact with data and communication tools, organisations can identify areas where productivity can be improved, streamline operations, and implement better cybersecurity training programs. 

 

Best practices for ethical monitoring 

Excessive or unlawful monitoring can create a toxic work culture, an atmosphere of fear and distrust, leading to disengaged employees and difficulties in retaining top talent. Over-surveillance can also lead to regulatory fines and damage the company’s reputation. If employees or external parties believe their privacy rights are being violated, public backlash and legal action may follow. Implementing sophisticated monitoring systems can also be costly, requiring investment in software, training, and compliance measures. Organisations must balance these costs against the potential risks they aim to mitigate. 

 

However, a well-monitored environment helps protect sensitive information from internal and external threats, reducing the likelihood of cyber incidents which strengthens an organisation’s security position.

 

To maximise the benefits of employee monitoring, while minimising negative consequences, organisations should adopt transparent policies, clearly communicating all monitoring policies to employees, explaining the purpose, scope, and legal justification. Monitoring must be implemented in a way that respects personal privacy, focusing only on work-related activities.

 

The use of AI-driven monitoring tools can flag suspicious activities without excessive manual surveillance, and regular security training educates employees on data security best practices to reduce human errors and insider threats. 

 

Striking a balance

While monitoring employee email and data usage provides undeniable benefits in terms of security and compliance, excessive surveillance can damage workplace culture. Organisations must strike a delicate balance, safeguarding sensitive information while maintaining a positive and productive work environment. 

 

---

 

Richard Bourne is CEO of Liverton Security. With the driving ethos of protecting businesses by protecting their people, Liverton Security has a strong track record with government grade email security systems

 

Main image courtesy of iStockPhoto.com and Shutter2U