Today, as organizations continue to undergo a massive digital transformation and seek new ways to connect employees, unpredictable human behavior still weighs on the minds of executives, perhaps even more so than ever before.
Despite the clear benefits of digital enterprise collaboration platforms such as Workplace by Facebook, Microsoft Teams, Yammer and Slack, organizations sometimes hesitate to fully implement these technologies. Leaders cite concerns around security against insider threats, regulatory compliance and company policies.
With frequent data breaches and cloud storage infiltration, CIOs and CISOs are rightly concerned. After all, 53% of data security incidents in 2017 resulted from employees, including factors such as human error.
Furthermore, leveraging digital enterprise collaboration creates blind spots within an organization; that is, little to no visibility into areas of shared content and conversations amongst employees. This exposes the organization to potential threats such as data loss, inappropriate workplace behavior (think: Uber) and damage to brand reputation.
Let us be clear: this Human Behavior Risk Analysis Report is not intended to scare leaders nor block the full implementation of enterprise collaboration platforms.
This purpose of this report is to expose collaboration blind spots, and illustrate where technology – and rapid advancements in machine learning, in particular – can play a key role in helping to understand and manage collaboration.
Collaboration platforms continue to gain traction in workplaces around the globe and employees tend to communicate in a much more casual and candid manner on these tools than more traditional platforms (e.g. email).
This new source of communication data presents your organization an opportunity to not only better understand sentiment, but also to monitor topics, keywords, and shared content that gives your teams the information they need to make better, more informed decisions.
Sentiment is an attitude, thought, or judgement prompted by a feeling. A sentiment analysis aims to determine the attitude of the author within a given message. On an aggregate level, organizations can audit employee mood and feelings towards the company, culture, and leadership.
A measurement of employees' mood and feelings toward the company, culture and leadership.
The majority of messages sent each day remain neutral, as scored by Aware's proprietary Sentiment Model. This is expected, as digital collaboration should focus mainly on achieving efficiencies with work. However, approximately 1 of every 5 private messages sent each day score positively; this might include messages of praise for an outstanding team or excitement over a recent initiative.
This number grows to 1 out of every 3 messages, when looking at public conversations. Positive messages, such as these, can help boost employee morale and overall productivity.
When tracked over time, organizations glean valuable insights regarding employee reaction to major announcements. Alternatively, leaders can identify negative trends quickly and search for a possible cause and appropriate solution.
By drilling down to specific business units or work groups, organizations can identify problem areas that might affect the entire company – or find stellar groups to acknowledge and use as role models.
While negative messages comprise just 0.3% of the daily messages sent, unfortunately they often cast a much larger, darker shadow on an organization and live in the dark corners of digital collaboration.
In fact, only 1 out of every 380 public messages receives a negative sentiment score. As expected, private groups and conversations are even more likely to skew negatively—in fact, 1.5 times more likely.
Sexual harassment, bullying, racial slurs – all of these are examples of toxic behaviors. These distracting behaviors make peers feel unsafe, isolated, and harassed. And a toxic employee, one whom engages in these activities, is one of the worst things that can infiltrate the workplace.
A toxicity score measures the level of distracting behaviors that make peers feel unsafe, isolated and/or harassed.
Toxic employees have a way of spreading their behavior to others around them, similar to a nasty virus; crippling others morale, performance, and productivity.
While not all employees are toxic, all employees are capable of adopting toxic behaviors and people who are close to a toxic employee are more likely to become toxic themselves.
Most organizations want to track and understand toxicity in the workplace. Toxicity causes the organization and the employees to suffer: poorly managed work groups are generally 50% less productive and 44% less profitable. And men who worked for toxic managers were 60% more likely to suffer a heart attack.
Tracking individual employee toxicity over time can help identify and differentiate habitually toxic employees from those who begin to trend more toxic than previously.
Using these insights, organizations can dig deeper to understand why an individual might suddenly exhibit toxic behaviors by looking into the context around the toxic messages.
Our data reveals that messages in private groups are 135% more likely to be toxic and messages in private, one-to-one conversations are 250% more likely to be toxic than messages in a public setting.
Additionally, individuals who only communicate in private groups or conversations are 160% more likely to send toxic messages.
At one organization an individual revealed his or her sexual orientation and was subsequently harassed via private messages from colleagues. Using this scenario, if the harassment continues over time and goes unaddressed, the victim might begin to feel unsafe and unwelcome in the workplace, leading to disengagement and potentially toxic behavior.
However, if an organization quickly identifies the harassment, or begins to see that the victim is trending negatively, leaders can intervene appropriately.
With 43% of all messages occurring in private groups or conversations, organizations face the potential for toxic messages to proliferate out of control.
In addition to harassment, employers must also deal with toxic behaviors such as drug usage, discrimination, sexual misconduct and more. As expected, private messages are nearly 160% more likely to contain words associated with illicit and pharmaceutical drugs.
In an organization with 15,000 employees, this translates to over 130 individuals who sent a message that could, at best, potentially harm workplace productivity, and at worst, cause a major PR crisis and open an organization up to risk of legal action.
Insider threats are one of the most prevalent threats in an enterprise environment, and are difficult to mitigate. Many of these breaches result simply from human error or negligence, rather than a malicious incident.
An Insider Threat Level is the level of breach risk presented by individuals within the organization. This could include both inadvertent or malicious actors.
Furthermore, an article in the Harvard Business Review estimates that 80 million insider attacks occur annually, a cost that amounts to more than $10 billion in fines, penalties, or operational disruption. That doesn’t even account for the unquantifiable damage to an organization’s brand and credibility.
As employees become increasingly dependent on digital tools for day-to-day communication, the interactions become more casual and, at times, careless. This creates even more space for breaches or sensitive information sharing.
More and more organizations continue to adopt digital collaboration platforms, but the real-time sharing of unstructured data within these tools creates a critical gap in the overall business security fabric.
While nearly all organizations deploy security measures and data loss protection (DLP) for email and internet usage, few realize the blind spot created by using collaboration tools without proper monitoring and governance in place.
Aware COO, Greg Moran says that “it is an inconvenient truth that not everyone inside an enterprise is trustable, despite all efforts to hire trustworthy employees.”
It’s tempting to fall in the trap of thinking: 'We hire good people here! We trust our employees.' However, the unfortunate truth is that nearly every organization will have an employee that is not acting in the best interest of the company.
As with any emerging technology, introducing tools like Microsoft Teams, Yammer or Workplace by Facebook exposes organizations to some inherent risks.
These platforms house more informal, frequent correspondences in both private and public forums. Our research very clearly shows that employees do, in fact, behave differently in a public versus private digital environment, and this does introduce a new set of potential risks to the enterprise security ecosystem.
The most unpredictable risk of them all impacts both company security and organizational health: human behavior.