ecomms surveillance and monitoring

Ecomms surveillance and monitoring refer to the process of ensuring that a company’s electronic communication does not introduce unnecessary reputational or legal risk and thus diminish value for shareholders. Practically that translates into : how do we get 100% of the employees to behave appropriately via chats/phones/emails/online 100% of the time?

The honest answer is that you cannot. No one can. Not with humans involved.

Companies absolutely can, however, put in place smart processes and checks to minimise the chance of something happening and detect the breach and learn from it once it has happened.

What follows is a general outline of how folks at bluechip firms are approaching this challenge.


We’ll start at the beginning : training.

If they didn’t already have them, companies are rushing to produce electronic communication policies and make staff familiar with them.

The key here is really to make it absolutely clear to staff what the spirit of the policy is : staff don’t read, let alone remember, 20+ page policies so it is essential to let them know the sort of behaviour you expect from them and the consequences if they fall short.

Simple tests like ‘How would you feel if your boss saw that?’ or ‘How would you feel if you read that as a quote in the WSJ?’ are good rules of thumb.


Your staff is trained. Fantastic. But … they’re human, they forget things from time to time and have emotional peaks and troughs. How do you help them help themselves?

You could consider an intelligent warning system, like SafeScribe. We won’t plug it too much here but imagine if your staff got something like the below just before they were about to hit send:

bub01

I think you can see why it works. A tap on the shoulder is often all that’s needed.

The key things to look for here are that whatever solution you use is intelligent enough to avoid lots of false positives (or it’ll annoy your staff) and is compatible across all the software you use. SafeScribe works across all Windows software natively, including any in-house applications you may have built.


So … you’ve trained them and eliminated 90% of the pain with an early warning system. What if they still type something rash?

Now you need to find these breaches and this stage is where most companies use a variety of techniques simultaneously:

  • The first is randomised spot checks. Say you are checking phone calls, for example, the software for decoding audio into text is still pretty slow and inaccurate – at least for our purpose. So a lot of firms will simply sample 1% of all calls and have a remote team of human monitors listen and flag any concerns to the individuals’ managers. The same can be done with emails and chats. This is obviously a reasonable solution but labour-intensive and covers only a fraction of emails.
  • Another standard check is to skim written communication for keywords … let’s flag all emails that contain the word ‘blue’ and get the human monitors to read around for context, flagging if necessary.
  • An approach growing in popularity is to use cognitive computing. This approach looks for context external to the words themselves similar to how a human investigator might. Here’s a simple example : if person B works in department B and contacts person C in department C late at night multiple times, let’s flag that because folks in department B and department C should rarely be talking according to our model. This is a very expensive route because it requires a lot of computing power and integration into every system (of which there can be 100s) if it is going to work.

Once the breaches have been found there is usually a disciplinary process, whose details are prescribed in the aforementioned ecommunications policy.

There is another opportunity at the post event stage : machine learning. This approach helps refine models by learning from data. It works by examining all the occasions where a breach was decided to have occurred and trying to evaluate via statistical methods what each had in common to categorise inputs and see if future incidences might be reliably predicted by various inputs.

This is also something SafeScribe is working on but it is top secret for now so we cannot go into more detail.


We hope this has been a useful primer into how top firms are approaching the difficult challenges of ecomms surveillance and monitoring.

If you’d like to catch up in person to discuss this and your approach, we at SafeScribe would be delighted to hear from you!