Wednesday, August 29, 2012

Are You Being Monitored At Work?



A 2011 survey found that over half of US employers are monitoring their employees' computer usage. How can you find out if you are one of them? And if you are, what should you do about it?


There are two main ways employers track computer usage - with monitoring software on your desktop, and by watching the traffic on the corporate network. Also, many companies have written guidelines about Internet usage and may indicate if they are monitoring you. HR departments should have these policies available for employee review.

Monitoring Software on Your Computer
Monitoring software tracks all your activity and sends logs to the boss or IT department. Without your knowledge, they may be receiving reports listing the websites you visit, time spent in specific software programs, or even how much you play solitaire. The programs that do this are myriad, but there are often signs that they're running.

On a Windows machine:

  • First, look in the system tray and start up folder. Do you see programs with names like VNC or LogMeIn, GoToMyPC, Shadow, SpyAgent, Web Sleuth and Silent Watch. An IT person can choose to hide these programs from the user so they are not in the Start Menu, but many assume the user won't look for them or know what these programs are.
  • The Windows taskbar often lists all the actively running programs. Check all the icons in the taskbar in the bottom right hand corner of the screen and make sure you know what each program is.
  • The Windows Firewall must give monitoring programs permission to send and receive information. Search 'firewall', open it, click 'exceptions' or 'add program'. Then look to see if any of the above-mentioned programs or any programs that are unknown to you have permission to pass through the ports.
On a Mac:

  • Open Finder and look under applications , click 'utilities' and launch 'activity monitor'. Search for unknown processes or any with VNC in the name.
If you see something in any of these places that you're unfamiliar with, search it online to see if it's a monitoring program.

(Sidenote- many of these monitoring programs can be purchased off the shelf and used to monitor home computers. These are also tools an ID thief could use on a public computer to collect data.)

If You Find Monitoring Software
If you do find any monitoring software on your work computer, do NOT try to remove it. Two reasons: first, doing so may make it look like you have something to hide, raising suspicions; second, your employer has a right to have this software installed on the computer. After all it's their machine.

Monitoring Through The Network
The second way employers can monitor what you do on your computer is a lot harder to detect, because there's no trace on your personal machine; it's all done through the network. Employers can track the files you access on the corporate drives, the email you send through the company system, and the websites you visit via your work machine. And unless you have an "in" with the IT department, there's virtually no way to know if your company is monitoring traffic this way.

So What If You Want A Little Privacy?
Since so many employers have the power to monitor their employees, it's safest to assume that you are being watched. But what if you really need to do something privately?

EMAIL: If you are hunting for a new job or your employer is strict about use of corporate accounts for personal email, use web-based email. Most of the major providers encrypt webmail (Yahoo is in the process of rolling out SSL encryption across its Mail network) so it can't be intercepted on the network.

SMARTPHONE: As long as you are connected over your cellular data connection (and not the company Wi-Fi), you can surf the web and send private email (on your non-corporate account) without detection.

ANONYMIZERS: There are services (usually for a fee - for example, anonymizer.com for $70) that will create a VPN or secure tunnel that hides all your traffic from the corporate network. These are handy tools to have if you need secure access to the Internet in unsecured locations like Wi-Fi cafes or public computers; they create a cloak around all IP addresses and data sent on the network. But an anonymizer may not hide your activity from a desktop monitoring program that grabs screen-shots, and many corporate IT departments forbid them and seek them out for removal from corporate machines.

Related: Is it Safe to Bank on Public Wi-Fi?

No comments:

Post a Comment