Using Natural Language Assessments in Cybersecurity Efforts

While training can help prevent accidental breaches, natural language assessments can help prevent intentional breaches - but only if the foundational systems are in place. This article will describe what your organization’s people strategy needs in order to succeed in using natural language assessment, and provide steps to implement it at your organization.


Introduction

Cybercriminals often exploit human behavior to achieve their goals: Whether it’s
malware that requires a click to infect a system, a “phishing” email that requests
sensitive information or a straight-up bribe for access, people are on the front lines of
your organization’s cyberdefenses. That human element often makes cybersecurity
a talent-management issue as much as it is an IT or risk-management concern.

And when it comes to risk, no industry is safe. IBM’s X-Force Threat Intelligence Index says
financial services and health care companies are vulnerable to malicious insider threats, while
IT, manufacturing and retail are more likely to face threats from outside the organization.

Your employees are a significant part of your defense against these risks. As such, your people
strategy can play a big role in your approach to cybersecurity. Throughout any hiring, development
and engagement efforts, organizations that understand their employees and accommodate
human nature in addition to implementing cybersecurity tools will make themselves more resilient
to cyberattacks. Natural language assessment is a tool that can help with all of these issues.

Natural language assessment analyzes written communication such as employee emails and chats,
and flags changes that may indicate a decline in positive sentiment toward the organization. Even an
employee who as a candidate went through an assessment and was identified as a good fit can have
negative feelings after a while; natural language assessment can indicate whether that employee
is feeling disconnected from the company and may be at risk for releasing data or be vulnerable
to blackmail. Training can help prevent accidental breaches, while natural language assessments
can help prevent intentional breaches — but only if you have other foundational systems in place.

This article will describe what your organization’s people strategy needs in order to succeed in
using natural language assessment, and provide steps to implement it at your organization.

Throughout any hiring, development and engagement efforts, organizations that understand their employees and accommodate human nature in addition to implementing cybersecurity tools will make themselves more resilient to cyberattacks.

Start By Building a Caring Culture

Natural language assessment tools work best in an environment in which people care about each
other — an environment where people understand what their colleagues consider important and
what they worry about, both inside and outside of work. A caring work environment will make it
easy to discuss what could be sensitive personnel decisions when you’re working to improve
your cybersecurity.

While caring and support will vary in how they are conducted from organization to organization,
some of the hallmarks of a caring culture include:

Your organization may already monitor employee communication to ensure compliance or for
other risk-management reasons. You also may already assess their suitability for future roles during
the development process. In either instance, natural language assessment can go a step further
by assessing employees’ sentiment as well as the work they are performing. If your company
has talent-management initiatives such as employee-engagement and selection assessments
in place, they can provide a good framework for using natural language assessment as well.

Employee engagement and selection assessments often go hand-in-hand with a caring culture
that supports employees. Because natural language assessment is designed to indicate a potential
negative sentiment before any adverse actions are actually taken, an organization that is attuned
to its employees’ feelings about their work and their managers will be well-suited to respond
to red flags.

Embrace a Data-Based Approach

Not only do pre-hire assessments, engagement surveys and other monitoring tools help support
a caring environment, they generate and analyze data in a way that prepares your organization
to assess and respond to data from natural language assessment tools. In a highly mature talent-management program, natural language assessment can coordinate with other cybersecurity
tools and talent-management processes to provide a clear picture of the sentiment of your
employees over time.

Natural language assessment can analyze dozens of behavioral indicators and how they change.
Something as small as “my department” changing to “the department” can indicate a separation
or disconnect from the company and possibly a change in overall sentiment. Other data points
include words that can indicate negative sentiment and the use of rhetorical questions. For
example, a system administrator who has deep access to a network and is starting to feel alienated
or disgruntled may show negativity and psychological distance in her communications. These
may seem like subtleties but they provide actual data and evidence that can be analyzed by
qualified experts.

To get the most out of natural language assessment, assess the positions that have the greatest
impact on your organization’s cybersecurity and identify the career paths that may lead to
those positions. The risk a disgruntled employee poses to an organization will depend on their
position, access to systems and information, and intent. Keep in mind that the risk shouldn’t
depend on who they are as a person, but the position they occupy; their intent can then be
measured and indicated by natural language assessment. The greater access a position has to
sensitive data or protective systems, or the more likely it is that the role could serve as a stepping
stone to an even more sensitive role, the higher the priority for their communications.

While natural language assessment can be implemented after a breach or incident has occurred,
its predictive ability lies in advance use so that regrettable situations might be avoided.
The sooner you implement it, the better the data will be for analysis as it learns how people
communicate and how that communication might change in important ways over time.

To get the most out of natural language assessment, assess the positions that have the greatest impact on your organization’s cybersecurity...

Establish a Response Process

Natural language assessment is designed to serve as a warning system, and every warning system
needs appropriate responsive action. When using natural language assessment tools, establish a
process to react effectively to any insights that may be uncovered. Here are some tips.

Look Before You Leap

People generally don't get angry and take action instantaneously; resentment tends to fester over time, especially when it's work-related. Assess with care the indicators you get before you accelerate the response. 

Resist the Impulse to Assign Motivations to Sentiments

People struggle for all sorts of reasons. An employee who is feeling disconnected from work may be having troubles at home or feeling disengaged from the work they do. Use the indicator from natural language assessment as a prompt to dig for more information and provide extra support for the employee. 

Tailor Your Approach

A caring culture will have managers who connect with their employees and understand their concerns and motivations. Don't just intervene thoughtlessly because that can make a situation worse. An employee's manager can provide information on the best way to work with an employee who may be struggling, such as whether a formal one-on-one meeting is necessary or a brief check-in is more likely to get answers. 

Establish a Multidisciplinary Team

If an employee does seem to be at risk, it's time to bring in your HR experts, general counsel, appropriate senior leaders and IT experts. This team should follow any risk protocol and policy your organization has established. 

Natural language assessment is a powerful tool in the fight against cyberthreats, but like
any tool it needs the support of strong processes and understanding of human behavior.
The processes you have in place to manage risk will be what you rely on to respond to any
threats you uncover and to determine what path to take in the event of any anomalies.

Conclusion

Your employees, your greatest asset, can in some cases also be your greatest risk. As more
organizations review their cybersecurity efforts, it will become clear that a strong and holistic
people strategy that assesses candidates and current employees will be one of the most powerful
tools in protecting valuable data and sensitive information. Using natural language assessment
as part of that people strategy will help reduce the likelihood of cyberattacks from internal
sources while helping you strengthen your culture and monitor employee engagement.

Key Takeaways

1. Start By Building a Caring Culture

Engage employees at all levels and set up an environment for them to thrive. Natural language assessment and talent-management initiatives help to provide the care and support needed to ensure this. 

2. Embrace a Data-Based Approach

Natural language assessment and other data driven methodologies can work with cyber security initiatives to provide advanced warnings to possible issues. 

3. Establish a Response Process

Be ready with a proper pipeline of support that understands human behavior and is able to react effectively to warnings from your natural language assessment. 

Previous Flipbook
Q&A: Why Diversity & Inclusion is Important to the Bottom Line
Q&A: Why Diversity & Inclusion is Important to the Bottom Line

We asked LaShana Jackson, Aon’s Global Head of Talent Management & Inclusion, why diversity & inclusion is ...

NEXT FEATURE
Case Study: Creating a Level Playing Field to Find the Best Call Center Candidates
Case Study: Creating a Level Playing Field to Find the Best Call Center Candidates

This case study outlines Aon's partnership to leverage engaging, highly predictive mobile-accessible hiring...