Human Behavior Risk Analysis 

Unpredictable Human Behavior

Today, as organizations continue to undergo a massive digital transformation and seek new ways to connect employees, unpredictable human behavior still weighs on the minds of executives, perhaps even more so than ever before.

Despite the clear benefits of digital enterprise collaboration platforms such as Slack, Workplace from Meta, Microsoft Teams, and Yammer, organizations sometimes hesitate to fully implement these technologies. Leaders cite concerns around security against insider threats, regulatory compliance and company policies. 

With frequent data breaches and cloud storage infiltration, CIOs and CISOs are rightly concerned. After all, one study found that 94% of organizations experienced insider data breaches in the past 12 months, including 74% caused by employees breaking security rules.

Furthermore, leveraging digital enterprise collaboration creates blind spots within an organization; that is, little to no visibility into areas of shared content and conversations amongst employees. This exposes the organization to potential threats such as data loss, inappropriate workplace behavior (think: Uber) and damage to brand reputation.

Aware's Human Behavior Risk Analysis

1. Observations and Key Findings
2. Employee Sentiment in Shared Messages
3. Employee Toxicity in Shared Messages
4. Insider Threats in Shared Messages
5. Collaboration Tools & Human Behavior Risk 

Let us be clear: this Human Behavior Risk Analysis Report is not intended to scare leaders nor block the full implementation of enterprise collaboration platforms.

The purpose of this report is to expose collaboration blind spots, and illustrate where technology – and rapid advancements in machine learning, in particular – can play a key role in helping to understand and manage collaboration.

Employee Sentiment in Shared Messages

Sentiment is an attitude, thought, or judgement prompted by a feeling. A sentiment analysis aims to determine the attitude of the author within a given message. On an aggregate level, organizations can audit employee mood and feelings towards the company, culture, and leadership.

What is the definition of sentiment score?

A measurement of employees' mood and feelings toward the company, culture and leadership.

The Power of Employee Positivity

The majority of messages sent each day remain neutral, as scored by Aware's proprietary Sentiment Model. This is expected, as digital collaboration should focus mainly on achieving efficiencies with work. However, approximately 1 of every 5 private messages sent each day score positively; this might include messages of praise for an outstanding team or excitement over a recent initiative.

This number grows to 1 out of every 3 messages, when looking at public conversations. Positive messages, such as these, can help boost employee morale and overall productivity.

When tracked over time, organizations glean valuable insights regarding employee reaction to major announcements. Alternatively, leaders can identify negative trends quickly and search for a possible cause and appropriate solution.

By drilling down to specific business units or work groups, organizations can identify problem areas that might affect the entire company – or find stellar groups to acknowledge and use as role models.

The Impacts of Positive Employee Sentiment

1. Reduced Employee Turnover - Happy employees tend to stay in their companies. By understanding employee opinion, companies can implement workplace processes, perks, or changes to keep employee morale high.
2. Improved Customer Experience - Glassdoor discovered a direct correlation between employee happiness and customer satisfaction.
3. Boosted Brand Reputation - Employees are your strongest brand advocates and will share their opinion of your company with their community and networks. 

Negative Messages Cast a Larger Shadow

While negative messages comprise just 0.3% of the daily messages sent, unfortunately they often cast a much larger, darker shadow on an organization and live in the dark corners of digital collaboration.

In fact, only 1 out of every 380 public messages receives a negative sentiment score. As expected, private groups and conversations are even more likely to skew negatively—in fact, 1.5 times more likely.

But when looking at individuals who only communicate via private messages (2 out of every 13 individuals), they are 245% more likely to send negative messages.

Employee Toxicity in Shared Messages

Bullying, racial slurs, sexual harassment at work – are all examples of toxic employee behavior. These distracting behaviors make peers feel unsafe, isolated, and harassed. And a toxic employee, one whom engages in these activities, is one of the worst things that can infiltrate the workplace.

How is Workplace Toxicity Measured?

A toxicity score measures the level of distracting behaviors that make peers feel unsafe, isolated and/or harassed.

Toxic employees have a way of spreading their behavior to others around them, similar to a nasty virus; crippling others morale, performance, and productivity.

While not all employees are toxic, all employees are capable of adopting toxic behaviors and people who are close to a toxic employee are more likely to become toxic themselves.

The Impact of Toxicity in the Workplace

Most organizations want to track and understand toxicity in the workplace. A toxic culture is 10.4 times more indicative than compensation for predicting employee turnover, and culture-related turnover costs employers over $44 billion annually.

Tracking individual employee toxicity over time can help identify and differentiate habitually toxic employees from those who begin to trend more toxic than previously.

Using these insights, organizations can dig deeper to understand why an individual might suddenly exhibit toxic behaviors by looking into the context around the toxic messages.

The 3 Categories of Toxic Messages in the Workplace

1. Unprofessional - The message uses harsh language, slurs, phrases or innuendo that is not appropriate for a work environment, but wouldn't necessarily qualify as inappropriate in a personal setting.
2. General Harassing - The message contains off-color jokes that might offend a person or group; or includes a sexual innuendo that may be offensive to others, but is not targeted at the message recipient.
3. Discrimination - The author expresses a strong dislike of a person or group of people; the message contains racial, religious or sexual slurs; the messages creates an unpleasant or hostile situation.

Our data reveals that messages in private groups are 135% more likely to be toxic and messages in private, one-to-one conversations are 250% more likely to be toxic than messages in a public setting. 

Additionally, individuals who only communicate in private groups or conversations are 160% more likely to send toxic messages.

At one organization an individual revealed his or her sexual orientation and was subsequently harassed via private messages from colleagues. Using this scenario, if the harassment continues over time and goes unaddressed, the victim might begin to feel unsafe and unwelcome in the workplace, leading to disengagement and potentially toxic behavior.

However, if an organization quickly identifies the harassment, or begins to see that the victim is trending negatively, leaders can intervene appropriately.

With 43% of all messages occurring in private groups or conversations, organizations face the potential for toxic messages to proliferate out of control.

In addition to harassment, employers must also deal with toxic behaviors such as drug usage, discrimination, sexual misconduct and more. As expected, private messages are nearly 160% more likely to contain words associated with illicit and pharmaceutical drugs.

• As expected, private messages are nearly 160% more likely to contain words associated with illicit and pharmaceutical drugs.
  
• Somewhat surprisingly, 1 out of every 170 messages, including public messages, contains words associated with sex.
  
• 1 out of every 132 individuals sent a not-safe-for-work (NSFW) or toxic message within the first quarter of 2018.

In an organization with 15,000 employees, this translates to over 130 individuals who sent a message that could, at best, potentially harm workplace productivity, and at worst, cause a major PR crisis and open an organization up to risk of legal action. 

Insider Threats in Shared Employee Messages

Insider threats are one of the most prevalent threats in an enterprise environment, and are difficult to mitigate. Many of these breaches result simply from human error or negligence, rather than a malicious incident.

What Does an Insider Threat Level Mean?

An Insider Threat Level is the level of breach risk presented by individuals within the organization. This could include both inadvertent or malicious actors. 

Accounting For The Cost Of An Insider Breach

Information Sharing is Easier, and More Reckless, Than Ever

As employees become increasingly dependent on digital tools for day-to-day communication, the interactions become more casual and, at times, careless. This creates even more space for breaches or sensitive information sharing.

More and more organizations continue to adopt digital collaboration platforms, but the real-time sharing of unstructured data within these tools creates a critical gap in the overall business security fabric.

While nearly all organizations deploy security measures and data loss protection (DLP) for email and internet usage, few realize the blind spot created by using collaboration tools without proper monitoring and governance in place.

"But... we only hire good people in my organization!"

Aware COO, Greg Moran says that “it is an inconvenient truth that not everyone inside an enterprise is trustable, despite all efforts to hire trustworthy employees.” 

It’s tempting to fall in the trap of thinking:  'We hire good people here! We trust our employees.' However, the unfortunate truth is that nearly every organization will have an employee that is not acting in the best interest of the company.

Collaboration Tools & Human Behavior Risk

As with any emerging technology, introducing tools like Microsoft Teams, Yammer or Workplace by Facebook exposes organizations to some inherent risks.

These platforms house more informal, frequent correspondences in both private and public forums. Our research very clearly shows that employees do, in fact, behave differently in a public versus private digital environment, and this does introduce a new set of potential risks to the enterprise security ecosystem.

The most unpredictable risk of them all impacts both company security and organizational health: human behavior.

Our technology regularly helps organizations to better understand their blind spots and more accurately assess the risk of human behavior.

Reach out for a personalized demo of our platform.