BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Employee Surveillance: Amazon Exploring the Feasibility of Keystroke Tracking Plan

Amazon Exploring the Feasibility of Keystroke Tracking Plan

An internal document obtained by Motherboard revealed Amazon’s plan to track employee’s keystroke entries. The tech and e-commerce giant plans to curb ever-increasing data leaks using this type of surveillance. Imposters, rogue employees, and hackers routinely compromise customers’ confidential information.

Amazon is considering deploying advanced keystroke tracking tools. A company known as BehavioSec is working with the e-commerce firm to license specialized tools capable of enhancing system surveillance. The vendor’s software relies on behavioral biometrics to determine the nature of user activity. Behavioral biometrics eliminates the need to depend on static data or personally identifiable information.

Profiles generated by BehavioSec’s software make it easier to detect suspicious activity. Amazon shortlisted BehavioSec’s product based on privacy considerations. Other tools considered by the firm presented privacy challenges linked to keystroke data collection.

Amazon Keylogger

Closing Security Gaps

According to the internal document, Amazon detected several breaches that compromised customers’ sensitive data. In one of the incidents, an imposter illegally accessed customer data by posing as a service agent. For this reason, the company is looking to deploy an effective IT security solution to verify users’ identities and monitor device usage.

The security gaps present a serious threat that could damage customers’ confidence and Amazon’s reputation. Data exfiltration is a major concern for the management team since many employees work from home. Amazon plans to thwart threats that arise under various conditions, including unauthorized access via a device that an employee forgot to lock.

It aims to eliminate imposter takeover by 2022 since employee and customer data security is a top priority. The company stated that it regularly explores and tests wide-ranging cybersecurity technologies to bolster data protection measures. However, it is mindful of the need to achieve a delicate balance between monitoring employee activity and remaining compliant with privacy laws.

Managing Employee Activity

The internal document also revealed that outsourced workers in the Philippines and India present a higher risk of data exfiltration. Most of the recorded incidents happen in these countries. Hence, Amazon is hoping that BehavioSec’s solution will address the problem.

In general, companies rely on the employee-manager team to enhance security controls. However, the remote work trend introduced a new dynamic that compromised companies’ basic security controls. When employees work from home, it becomes difficult to detect all unauthorized access to sensitive data.

Under such circumstances, companies need to find viable solutions to compensate for the reduced controls. Experts believe that keystroke monitoring is a security feature that remote workers should expect to find on company devices in the future. BehavioSec’s profiling mechanism plays an essential role in helping companies detect sophisticated cyber attacks.

Highly skilled hackers often gain access to corporate systems and remain undetected for lengthy periods. Behavioral profiling detects such intrusions by monitoring anomalous patterns and user behaviors. This approach detects patterns in one or more connected devices. For instance, security software will raise a red flag if a video surveillance camera connects to a suspicious domain.

In Amazon’s case, behavioral profiling makes it easier to identify compromised devices. Many of the company’s customer service agents work remotely in shared residences. Meanwhile, some agents store their devices on properties with poor physical security.

Employee Surveillance Key Considerations

Federal law allows businesses to monitor their employees’ activities under specific circumstances. Several states also provide regulatory guidelines on the subject. However, transparency is a key component of employee monitoring practices. Failing to inform employees about workplace or digital surveillance may result in legal action.

In some cases, the law does not compel companies to inform employees about surveillance activities. The (ECPA) Electronic Communications Privacy Act of 1986 legalizes surveillance for organizations with a legitimate business reason to monitor employees. As such, employers can view emails composed and sent by employees.

On the other hand, a different regulatory framework deals with web activity surveillance. It allows companies to track keystrokes and web browsing activity on corporate devices and networks. Employers should use information from the monitoring activities for internal purposes only. Sharing information with third parties is against the law.

Similarly, the law compels employers to safeguard the collected information to prevent unauthorized access. Employees can initiate legal action against an employer if with sensitive information leaks following a data breach.

These regulatory requirements necessitate a cautious deployment of keystroke tracking tools and other surveillance software. Thus, Amazon is treading carefully when it comes to the employee monitoring tool it wants to use.

More Like This

Are You Planning to Download Windows 11 Free Update?

Are You Planning to Download Windows 11 Free Update? Here’s a Quick Guide Microsoft’s new operating system has generated considerable interest from users and tech experts. Windows 11 brings many key new features that enhance the overall user experience. From October 5, 2021, Microsoft will roll out the update to eligible Windows 7 and 10 …

Are You Planning to Download Windows 11 Free Update? Read More »

Read More

AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for  referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States …

AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus Read More »

Read More

If You Own These Four Small Business Cisco Routers: It’s Time to Replace Them

If You Own These Four Small Business Cisco Routers: It’s Time to Replace Them A security flaw discovered in RV110W, RV130, RV130W, and RV215W Cisco routers creates significant vulnerabilities. Traditionally, these UPnP (universal plug and play) routers would receive security updates from the vendor. However, Cisco recently announced that it has no plans to release …

If You Own These Four Small Business Cisco Routers: It’s Time to Replace Them Read More »

Read More

Do You Want to Speed Up Your Computer?

Do You Want to Speed Up Your Computer? Here are Top Tips A slow computer can undermine productivity and become a source of frustration. Fortunately, there are several ways to boost speed and overall performance, irrespective of whether your computer is relatively new or older. You can achieve the desired performance by following specific tips …

Do You Want to Speed Up Your Computer? Read More »

Read More

AA21-243A: Ransomware Awareness for Holidays and Weekends

Original release date: August 31, 2021 Summary Immediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Update your OS and software. • Use strong passwords. • Use multi-factor authentication. …

AA21-243A: Ransomware Awareness for Holidays and Weekends Read More »

Read More

AA21-229A: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS

Original release date: August 17, 2021 Summary On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries.[1] A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code …

AA21-229A: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS Read More »

Read More