Your Bosses Could Have a File on You, and They May Misinterpret It

“You’re starting to get into some very, very iffy math,” he said.

Then there’s the iffiness of personal factors, something that concerns Margaret Cunningham, a behavioral scientist who, until recently, worked at Forcepoint, one of the firms that provides insider threat analysis to private companies.

Incorporating factors such as chronic or mental health issues and family history into insider threat behavioral analytics can, if used improperly, lead to models that call up that old phrase: “garbage in, garbage out.”

“Depending too heavily on personal factors identified using software solutions is a mistake, as we are unable to determine how much they influence future likelihood of engaging in malicious behaviors,” Dr. Cunningham said.

Implementing such systems the wrong way can, too, degrade the employee-employer relationship. Part of skirting such Big-Brother territory is avoiding injudicious surveillance: not simply ingesting all data that’s available and legal, regardless of its proven utility.

As an example of this, Raj Ananthanpillai, chief executive at Endera, imagines running a trucking company. “I could care less about some of these financial stress indicators, because that’s part of the blue-collar work force sometimes,” he said.

“But I would want to know if they had a DUI,” he said. “Absolutely.”

If workers know or find out surveillance beyond what’s necessary or useful is happening, it can turn an employer into an antagonist.

“Frankly, it builds a lot of resentment,” Dr. Cunningham said. “By doing that, you’re not actually helping your insider-threat case. You’re making it worse.”

Article source: https://www.nytimes.com/2022/05/17/science/insider-threat-private-companies.html