Security Experts:

Toxic Content, Insider Threats Lurk in Business Collaboration Tools: Report

A new report quantifies what every manager instinctively knows: private messaging within collaboration tools can hide worrying content sent between employees. This can include confidential and sensitive data inappropriately shared, password sharing, and even toxic sentiment that could harm workplace productivity or highlight a nascent insider threat.

Wiretap, a firm that provides monitoring for collaboration tools such as Slack, Microsoft Teams, Yammer, Workplace by Facebook and Skype for Business, has analyzed (PDF) more than a million enterprise collaboration messages from tens of thousands of authors. The premise of the study is that without knowledge of the risks hidden in collaboration tools, organizations could become victims of their own staff, or possibly worse, eschew the undoubted benefits of collaboration tools altogether. 

The Wiretap findings are categorized in three areas: sentiment, toxicity and insider threats.

Sentiment covers employees' moods and feelings towards the company and its leadership. "With an understanding of employee opinion, leaders can better determine where to invest in company culture, development, and workplace conditions," notes the report. Understanding how sentiment is shared in private conversations on company collaboration tools can help a firm reduce staff churn, and maintain a positive company culture. 

Toxicity covers behavior including sexual harassment, racism and bullying. "Toxic employees have a way of spreading their behavior to others around them, similar to a nasty virus; crippling others' morale, performance, and productivity," warns the report; adding, "Unfortunately, companies like Uber, Fox News, or Nike know all too well the repercussions of turning a blind eye to toxic behavior."

In 2017, Uber fired more than 20 employees for sexual harassment. Had the company been aware of this toxic subculture within the firm, senior management could perhaps have prevented its growth. Wiretap believes that such issues could be first discovered by monitoring collaboration tools, and then remedied before they have a chance to root.

Insider threats come from naive users, malicious users, and even whistleblowers (whose motives may be subject to interpretation). They "are one of the most prevalent threats in an enterprise environment," says the report, "and are difficult to mitigate." It points out that an article in Harvard Business Review, "estimates that 80 million insider attacks occur annually, a cost that amounts to more than $10 billion in fines, penalties, or operational disruption."

Wiretap's analysis demonstrates that in each of these three areas, questionable content is far more likely to occur in the private areas of collaboration tools than in more traditional areas such as email. For example, 1 in 190 private messages are negative in sentiment, while only 1 in 280 public messages are similar.

Messages in private groups are 135% more likely to be toxic in content than messages in a public environment. This rises to 250% more likely in a private one-to-one conversation.

Private messages -- especially those displaying negative sentiment -- may also indicate potential insider threat issues. Employees rarely join a company with an intent to be a threat -- this grows over time as a response to real or perceived slights. Indeed, the cause may be entirely external to the company, caused by increasing domestic or financial pressures. Nevertheless, an indication of these stresses would likely show in internal private messages -- and if detected early enough, management can step in to defuse the situation, offer assistance, and keep an otherwise valuable employee.

"The truth is," warns the report, "people act one way in formal meetings and another way on their company's digital collaboration network. And this inconvenient truth can add a layer of risk, or a blind spot, for the organization."

“Our report sheds light on what we know," comments Jason Morgan, Wiretap’s vice president behavioral intelligence; "that human behavior is unpredictable – and despite the small population of risky users engaging in this behavior, organizations must be able to identify toxic actors before they ruin company culture. Ultimately, organizations need to track sentiment and tone of both public and private conversations to get a true pulse on the health of their community, and to assess any areas of potential risk.”

Most companies already monitor their users' use of corporate email -- indeed this is almost a necessity to comply with the personal data protection requirements of regulations such as the EU's General Data Protection Regulation (GDPR). Wiretap's Behavior Risk Analysis Report demonstrates that risky user communications are even more likely to occur in the relative privacy of collaboration tools than in traditional communication systems such as email.

The company's Aware by Wiretap product uses AI-infused monitoring to detect problems showing in private messages that would otherwise be missed by management. This allows for proactive recognition and mitigation before an issue can develop into a crisis.

In July 2017, Columbus, Ohio-based Wiretap closed a $4.9 million Series A financing round led by Pittsburgh-based Draper Triangle Ventures, Columbus-based Ohio Innovation Fund and Rev1 Ventures, as well as JumpStart Inc., bringing the total raised to $7.9 million.

Related: Psycho-Analytics Could Aid Insider Threat Detection 

Related: Insider Threats: Protecting Ourselves From Ourselves 

Related: Government Contractors Required to Provide Insider Threat Awareness Training 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.