With the aim of helping improve cyber security but has decided not to follow this practice, officials at the Dutch Bank ABN-AMRO said that the bank was considered sending undercover security staff amid employees.
Many banks are developing more sophisticated ways to prevent security lapse as the risk of cyber attacks increases.
Unintentional compliance failures, such as clicking on “phishing” emails that carry viruses or giving out confidential information by phone, are the reasons that they want to understand in particular.
He was looking at sending staff undercover to observe employees’ security practices, ABN-AMRO Chief Information Security Officer Martijn Dekker said in September.
“We’ve been looking at indeed maybe (if) we can have someone in a department, work there as an intern for say, two months, and to really see what type of culture is there,” Dekker told a conference.
They were not examining the option, Dekker and a spokeswoman for the bank said last week. However Dekker did not say why he had dropped the possibility. The spokeswoman said it was not “seriously” considered.
But they were looking at other ways to examine behavior, Dekker said.
People with philosophy and music backgrounds are being hired increasingly by his team, for example. Compared to the technical people he used to mostly hire, people from these backgrounds were better at spotting and understanding staff’s behavioral habits, he said.
The idea behind this measure was to redesign systems so that when employees are presented with a decision “the easy choice is the secure choice” with the help of using the observations his team gleans, Dekker said last week.
In what cyber experts said was the first theft by a mass hacking of accounts at a western bank, this week Tesco Plc’s banking arm said hackers stole 2.5 million pounds from 9,000 customers and this incident was a stark reminder of security risks that are still involved to the most secure systems.
“Sometimes a team leader will ask us to sit in on their team meeting and then people know about this, why this person is here, and sometimes it’s undercover but usually it’s quite open,” Dekker added on the sidelines of the conference.
Offices of ABN are spread all over the world. Covertly monitoring employees may be against the law in some countries, such as the United Kingdom, Ben Willmott, Head of Public Policy at the Chartered Institute of Personnel and Development said.
However, it would be permitted in the Netherlands, Rob Zwanenberg a lawyer with Smart Advocaten in Eindhoven, said. They thought spying on staff would be unethical and an ineffective way to coax staff into changing their behavior, cyber security experts who were interviewed by the media said.
“I haven’t heard of ‘undercover’ type engagements getting much traction, mostly because of the …cultural effects of a ‘Big Brother’ type environment,” said Benjamin Caudill, Founder of Rhino Security Labs.
(Adapted from Reuters)