Using digital forensic to safeguard against employee misconduct

Workplace bullying on the rise 

The COVID-19 pandemic has led to a paradigm shift in the way we work, blurring physical and digital environments. With the increase in flexibility as many businesses have implemented hybrid working models, employee misconduct remains prevalent and we've seen a rise in workplace bullying. 

Since the pandemic, one in four employees have experienced an increase in gender-based harassment according to a report by Project Include. Meanwhile, racial hostility has become more prevalent with 30% of women and almost a quarter of non-binary (24%) people reporting it. Almost half (45%) have seen harassment in chat tools and 4 in 10 in video meetings and on email. 

Insider threat

Workplace bullying and discrimination encompasses a wider issue covering a broad range of malicious or negligent activities conducted by employees, contractors and other organisational insiders - also known as ‘insider threats.' 

The risks posed by insider threats include data exfiltration, workplace bullying or harassment, market abuse and the misuse of client data. These can have considerable financial consequences - criminal and malicious insiders cost companies an average of $756,760 per incident in 2019. Companies that suffer from high-profile cases of insider data theft, fraud, bullying and the like also suffer reputational damage. This damage can affect customers, who may be unwilling to trust the company again with their data, and employees, who may leave to work for a more reputable organisation.

How technology can help

There are digitised processes that can flag and catch misconduct in real time to prevent further escalation. Modern technology can detect infringements with unparalleled speed and precision for maximum efficiency in a timely manner to tackle the issue. Harnessing technology helps to flag threats of misconduct in real time and collects relevant data of specific incidents for further review and analysis by a forensic team. These technologies allow businesses to make evidence-led decisions and intercept problems before they snowball into crises. 

Privacy-first monitoring

Organisations should monitor employees with a privacy-first approach, and avoid constant surveillance, negatively impacting employee productivity and morale. Instead, companies should seek to leverage technology available to monitor for insider threats without infringing on the personal liberty of workers. They should aim to raise alarms of activities, not just individuals. A strong forensic workflow  alongside technologies can help identify negligent and criminal insider activity while mutually respecting the privacy of workers who are acting ethically. 

Policy and procedures 

Worryingly, research commissioned by Winckworth Sherwood, a UK law firm, revealed that over half (56%) of UK businesses do not have disciplinary processes or work dismissals in place for discriminatory behaviours within the workspace. 

It's essential that companies have the right policies and procedures in place to combat employee misconduct. Procedures regarding misconduct should be implemented at board level and reinforced by all members of staff in a unified approach. The workforce must be knowledgeable of protocol and reporting processes, creating a safe environment that respects the integrity of those reporting.  

Meanwhile, contracting an impartial third-party consultant helps organisations to analyse the foundations of the company from an outside human perspective, providing guidance and feedback without bias. 

Education and training 

Cyberbullying is defined as harassment through communications technology to intentionally hurt, embarrass or upset another person. According to UNISON, eight out of ten workers

said they had received some form of cyberbullying from colleagues within the past six months. These statistics highlight the importance and need for consistent and stern policies to fight the problem. 

Education and training is a must when navigating employee misconduct. By instilling and maintaining a zero tolerance anti-bullying culture throughout the workplace, team leaders can prevent cyberbullying for both those working remotely and in the office. 

Differentiating between misconduct from human error 

The nature of hybrid work environments means employees need more diverse forms of access to company documents and technology resources. Some of these may contain sensitive data or be stored in high-security portals. The necessity of granting this access has resulted in businesses delegating a greater level of control to the employee, while entrusting them to safeguard and defend company intelligence at the cost of potentially placing it in a vulnerable position. 

Employees could be on their personal devices, in different geographical locations, and may be at a higher risk of hacking, shoulder surfing, theft or simple ill-fated errors. A survey produced by The Cyber Resilience Centre, found that businesses lost £374 million due to cyber breaches stemming from remote working schemes. While identifying how to combat misconduct in a hybrid environment a new approach is needed; one which places integral importance on identifying and differentiating issues of human error, and issues fuelled by malicious intent. Unfortunately, some organisations don't need security until they do, and then it's far too late.