Connect with us

Hi, what are you looking for?


Risk Management

Toxic Content, Insider Threats Lurk in Business Collaboration Tools: Report

A new report quantifies what every manager instinctively knows: private messaging within collaboration tools can hide worrying content sent between employees. This can include confidential and sensitive data inappropriately shared, password sharing, and even toxic sentiment that could harm workplace productivity or highlight a nascent insider threat.

A new report quantifies what every manager instinctively knows: private messaging within collaboration tools can hide worrying content sent between employees. This can include confidential and sensitive data inappropriately shared, password sharing, and even toxic sentiment that could harm workplace productivity or highlight a nascent insider threat.

Wiretap, a firm that provides monitoring for collaboration tools such as Slack, Microsoft Teams, Yammer, Workplace by Facebook and Skype for Business, has analyzed (PDF) more than a million enterprise collaboration messages from tens of thousands of authors. The premise of the study is that without knowledge of the risks hidden in collaboration tools, organizations could become victims of their own staff, or possibly worse, eschew the undoubted benefits of collaboration tools altogether. 

The Wiretap findings are categorized in three areas: sentiment, toxicity and insider threats.

Sentiment covers employees’ moods and feelings towards the company and its leadership. “With an understanding of employee opinion, leaders can better determine where to invest in company culture, development, and workplace conditions,” notes the report. Understanding how sentiment is shared in private conversations on company collaboration tools can help a firm reduce staff churn, and maintain a positive company culture. 

Toxicity covers behavior including sexual harassment, racism and bullying. “Toxic employees have a way of spreading their behavior to others around them, similar to a nasty virus; crippling others’ morale, performance, and productivity,” warns the report; adding, “Unfortunately, companies like Uber, Fox News, or Nike know all too well the repercussions of turning a blind eye to toxic behavior.”

In 2017, Uber fired more than 20 employees for sexual harassment. Had the company been aware of this toxic subculture within the firm, senior management could perhaps have prevented its growth. Wiretap believes that such issues could be first discovered by monitoring collaboration tools, and then remedied before they have a chance to root.

Insider threats come from naive users, malicious users, and even whistleblowers (whose motives may be subject to interpretation). They “are one of the most prevalent threats in an enterprise environment,” says the report, “and are difficult to mitigate.” It points out that an article in Harvard Business Review, “estimates that 80 million insider attacks occur annually, a cost that amounts to more than $10 billion in fines, penalties, or operational disruption.”

Wiretap’s analysis demonstrates that in each of these three areas, questionable content is far more likely to occur in the private areas of collaboration tools than in more traditional areas such as email. For example, 1 in 190 private messages are negative in sentiment, while only 1 in 280 public messages are similar.

Advertisement. Scroll to continue reading.

Messages in private groups are 135% more likely to be toxic in content than messages in a public environment. This rises to 250% more likely in a private one-to-one conversation.

Private messages — especially those displaying negative sentiment — may also indicate potential insider threat issues. Employees rarely join a company with an intent to be a threat — this grows over time as a response to real or perceived slights. Indeed, the cause may be entirely external to the company, caused by increasing domestic or financial pressures. Nevertheless, an indication of these stresses would likely show in internal private messages — and if detected early enough, management can step in to defuse the situation, offer assistance, and keep an otherwise valuable employee.

“The truth is,” warns the report, “people act one way in formal meetings and another way on their company’s digital collaboration network. And this inconvenient truth can add a layer of risk, or a blind spot, for the organization.”

“Our report sheds light on what we know,” comments Jason Morgan, Wiretap’s vice president behavioral intelligence; “that human behavior is unpredictable – and despite the small population of risky users engaging in this behavior, organizations must be able to identify toxic actors before they ruin company culture. Ultimately, organizations need to track sentiment and tone of both public and private conversations to get a true pulse on the health of their community, and to assess any areas of potential risk.”

Most companies already monitor their users’ use of corporate email — indeed this is almost a necessity to comply with the personal data protection requirements of regulations such as the EU’s General Data Protection Regulation (GDPR). Wiretap’s Behavior Risk Analysis Report demonstrates that risky user communications are even more likely to occur in the relative privacy of collaboration tools than in traditional communication systems such as email.

The company’s Aware by Wiretap product uses AI-infused monitoring to detect problems showing in private messages that would otherwise be missed by management. This allows for proactive recognition and mitigation before an issue can develop into a crisis.

In July 2017, Columbus, Ohio-based Wiretap closed a $4.9 million Series A financing round led by Pittsburgh-based Draper Triangle Ventures, Columbus-based Ohio Innovation Fund and Rev1 Ventures, as well as JumpStart Inc., bringing the total raised to $7.9 million.

Related: Psycho-Analytics Could Aid Insider Threat Detection 

Related: Insider Threats: Protecting Ourselves From Ourselves 

Related: Government Contractors Required to Provide Insider Threat Awareness Training 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...