Word Up! For IT Security


By Tim Moran

IT has always been in a position of power, in the sense that those employed within its ranks often have access to the most sensitive company data. This isn't a problem when things are going well, but in tough times, such as today, disgruntled or simply disingenuous IT workers are more likely to take advantage of their position to act in ways that are not good for the company.

Heretofore, such behavior has often gone undetected; not so any more, according to a recent article in The Wall Street Journal. These days, the watchers are beginning to be watched.

According to the report, companies are now screening staff candidates before they are hired and then making sure there are "checks and balances in place once they're on the job." Much of the security involves networking activity, and new monitoring software is being used to track activities on the network and flag "anything unusual."

Especially telling, apparently, is email. The article states that "Some [companies] are even using new technology to look at the language of their IT staff's emails to determine whether their behavior or mindset has changed." In other words, if your opinion of or attitude about your company changes, so might the nature and content of your emails.

The story quotes Ed Stroz, co-president at digital-risk-management firm Stroz Friedberg: "If you start to feel differently about the company you work for and the people you work with, you'd be surprised how your language changes." He notes that differences in the length of emails, use of the word "me," and words such as "never" and "always" can indicate "anger and polarized thinking," which could be cause for concern. Other telltale signs in emails of possible funny business include the use of vulgar words, messages marked as high priority and the sending of privileged information, such as credit-card numbers.

Said one security analyst: "If something goes wrong, the first person you look at is the person with the highest amount of access." That would certainly be my plan. Over the years, as I worked for companies that had prodigious IT departments, I often wondered how much IT was lurking over my shoulder--especially since the advent of the Internet and email. (Yes, children, there was a time when communication and information was non-digital and non-instantaneous).

I still wonder: Are there processes in place to track my email in some way? Does some net-tech on the overnight shift check my Web logs to see what I've been looking at during the day? Is my email being run through some algorithm to see if I'm using scary or otherwise potent words? Perhaps.

I don't dwell on it, but this does cross my mind every now and again. If it is true, though, it's only fair that these same IT overseers get overseen, too. Of course, where the watching stops, nobody knows.