Bloomsburg University in PA is hosting the 2024 BloomCON - 0x08. Vestige is guest speaking on March 1 on Careers in Digital Forensics & Cybersecurity.

NOT #MeToo: Proactive Steps to Keep the Harvey Weinsteins Out of Your Workplace


NOT #MeToo: Proactive Steps to Keep the Harvey Weinsteins Out of Your Workplace

With the growth of the #MeToo movement, and decreased tolerance for inappropriate workplace behavior, companies are turning a very concerned eye towards sexual harassment and misconduct. Many employers are taking a hard stance which often involves termination of those accused of sexual harassment.  And thoughtful leaders want to know, what can be done ahead of time to prevent such occurrences or to make them much less likely?

From a technological standpoint, the answer is “quite a bit”. Here are some preventative measures to reduce workplace misconduct.

I.T. Usage Policies

The first step is to consider revisiting IT acceptable usage policies.  Considerations are:

  • What is the policy regarding web browsing? What sites are people allowed to go to?
  • What is the policy regarding emailing jokes or other questionable email content?
  • What policies do you have regarding text messaging at the workplace?

Preventive Technologies

Once policies are in place, the next area to consider are what technologies can be leveraged to monitor compliance with the policy and prevent policy violations.  One rather simple way is implementation of a firewall that has web filtering technology.  Firewalls from SonicWall (Dell), Cisco and others have built in web filtering technology.  Furthermore, with a subscription, new websites and rules are added to the firewall on a continual basis.  Web filtering technology isn’t perfect, however, and not only can certain websites make it through the filtering, but sometimes legitimate websites are blocked.  With that said, web filtering technology not only can help prevent viewing of websites that can lead to sexual harassment, but they can also filter websites that can lead to malware infections and general non-productivity.

The next preventive technology to consider is mobile device management (MDM) systems. There are many MDMs on the market and include such features as: web filtering, prevention of application installation and application configuration. This IT monitoring software can be used to prevent activities that can lead to sexual harassment.

Another area to consider ahead of time is what the company may be doing to store information so that allegations of sexual harassment can be investigated. For that we look to some of the technologies explained above and some other technologies we haven’t discussed.

Most, if not all, firewalls that have web filtering also have the ability to monitor and log web traffic.  Of course, for many companies, that logging can lead to a lot of data. Therefore, companies should consider ahead of time how much web traffic they are keeping and where that data is being kept.  Periodic audits of the data repository are useful in confirming whether the appropriate amount of traffic is being stored.

With emails being a source of sexual harassment, a company may consider email archiving software to capture all emails in one secure place. Again, data sizes can be considerable so it is important to review how much email a company feels should be kept and then periodically audit for compliance.  Consider that some email archiving systems will not record whether an email has been opened or whether it is put in a folder, two factors that may be important to a case.

For another source of assistance with investigations after the fact, we turn again to MDM software. The key component of the MDM software in this case is the ability to lock the phone down and prevent the user from deleting data or resetting the phone.  Data can now be preserved for the purposes of the investigation and then the phone can be returned to the user, if necessary, during the investigation.

Going Even Further

Each of the aforementioned technologies can help prevent individuals from having access to certain distractions or ensure that the organization has enough information to adequately address an allegation.  But what if you want to go even further?

A powerful proactive strategy is to work with professionals to regularly monitor all communications data throughout the company’s IT infrastructure. Parsing protocols can be written to pick up “red flag” words or phrases amid thousands or even millions of communications. When words or phrases of concern are detected they can be sent to HR or whichever department is responsible for monitoring compliance. Flagged Employees can then be interviewed to determine if rules may have been broken or boundaries crossed.  Using advanced analytical techniques, inappropriate relationships can be detected, use of words, phrases and undertones that are concerning can be identified and proactively addressed — long before they become an issue.

Some Planning, Some Know How and Some Peace of Mind

As we have stressed in many blog posts, the key to prevention and successful investigation of misconduct in office is always up front planning. Consider what your requirements are and then work with an expert to determine whether or not your policies and procedures support the culture you’re trying to build.  Put controls in-place that are both preventative as well as detective and look to some advanced use of the technology.  It’s a small investment given the potential issues–and at the end of the day ensures a better organizational culture and a safe environment.

For more information CONTACT VESTIGE.