How Much Does Your IT Department Know About You?

Credit: nd3000/ShutterstockCredit: nd3000/Shutterstock

It almost goes without saying in 2018 that you don't have any privacy at work, especially on your company computer. In order to keep you off Twitter or even record your every keystroke, many IT departments install monitoring software to keep tabs on workplace activity.

Depending on what they’re looking for and which monitoring software they use, IT techs could be capturing a lot of information about your activities. So, how much could your IT department potentially know about you?

Are Companies Really Looking?

In order to look at the possibility of workplace device monitoring, let’s first look at the reality. Though large enterprises may have a vested interest in keeping tabs on their many worker bees, most workplaces are not large companies.

Jon Apter, a Technical Operations Manager at IT provider Ntiva, says that the small-to-medium businesses he works with don’t really use device monitoring much. He says that, “while a lot of companies have some form of device monitoring implemented either via email logging or mobile device management etc., a lot of them don’t really use it. So, when it comes to, say, ‘Is my employee working? How can I check on what work they’ve done?’, that’s really infrequent.” Apter went on to say that monitoring is usually carried out in companies that have compliance requirements to meet, such as medical organizations and law firms.

If monitoring is utilized within a typical business, it is usually for the purpose of counteracting information leaks. Alerts can be set up to find keywords in outgoing email, or to notify IT when certain files have been opened; companies that worry about corporate espionage are interested in this type of monitoring.

But let’s say that you are working at one of those large companies that worries about its employees leaking information or wasting company time (ie. one that does use any of the many monitoring products available). To what extent can your company’s IT department learn your personal information?

Common Items to Track

The intent of computer monitoring software falls into roughly three categories: activity monitoring, content restriction and time management. To manage what you do on your company device, IT can use activity monitoring software to both actively see what’s happening on your screen and take periodic screenshots for review. Through this type of observation, techs can create a log of your entire workday and reference your saved screens in case of a mistake or management issue. They could know that you’re reading this article at this very second.

Employers can also observe which sites you visit and restrict the content you can access. IT can then learn your personal preferences through search engine queries and favorite websites, while also keeping a record of how many times you attempted to use a blocked website or browsed off task. A few common software offerings also track idling time to keep a record of how long your work appears to have paused (so, yes, they know how long your lunch really was).

Email correspondence is arguably the most valuable thing to be monitored. Both outgoing and incoming email are subject to prying eyes. Reasons for this are to make sure confidential information is not leaked and really just to see what you’re talking about at work. Also, according to the American Bar Association, “proponents of monitoring argue that employers must take a proactive approach to ensure the work environment is free from hostile and harassing activity.” Especially at this point in history, IT and legal are both interested in internal email sleaze.

Something that may be surprising is that your personal email can be observed as well. Although its use is rare, with keylogging software your IT department can see what you’re writing to both professional and personal contacts. Through this method, IT techs can glean information about your personal life that you’d rather keep private--if you access it from a company device. More worryingly though, active keylogging means that your employer could also know your passwords. But if they're smart, they will think twice about doing anything with your password information.

Legality and Ethics  

Thinking about your employer watching your every move you make on company computers can be anxiety-producing. However, most employer spying is perfectly legal. The line confining your IT department to legality lies in what your company does with your information.

The aforementioned keylogging practices have sparked lawsuits by employees whose information was monitored, logged and used by an employer to commit a crime. For example, in a 2011 case an employee filed against her employer, the company installed a keylogging program on an on-site company computer that she used for professional and personal needs. The software “periodically emailed the information to company managers, who used the information to determine the plaintiff’s password to her personal email account and personal checking account and to access them."

Through these keyloggers, your company’s IT could easily log such sensitive passwords. Keep in mind that Ntiva's Apter says that “in supporting IT in six years, I’ve only had two requests to install a keylogger on an employee's workstation.” So it happens, but rarely. The potential for your banking, email, etc. to be wrongly accessed firmly lies in the ethics of your company.

Your personal email information is not necessarily personal on a work computer, but there are some legal protections to keep at least some of your correspondence private. The Stored Communications Act (SCA) allows employers to monitor internal email services because they are the “provider” of that service. This protection does not hold up when it comes to web-based email (most likely a personal email), so you can hold your employer accountable if they take issue with something you wrote on your Gmail. There are a few other state-level protections for employees as well.

While monitoring is completely legal as long as you keep it kosher, how does an IT department that uses monitoring software reconcile legality with ethics and trust within an organization? Should they tell employees that their work computers are monitored and risk a level of distrust and feelings of malcontent? Or should they use a discrete install feature available through some monitoring software, so workers never know they’re being watched? Employees are likely accepting of a certain level of observation, and every program has its own intention and degree of intrusion.

Credit: LeoWolfert/ShutterstockCredit: LeoWolfert/Shutterstock

How Companies Monitor Corporate Computers

These approaches to corporate device monitoring by IT and higher-ups may have you wondering: which software does my employer use to monitor me? The answer depends on what your employer is worried about. Different monitoring products are marketed for accessing various types of information a company would want. 

Here are five products your employer could be using, based on a a list of recommendations for popular monitoring software by Business.com.

  • Activity Monitor by SoftActivity: This product is directly marketed towards employer anxiety and a desire to “take back control!” It is installed quietly and only functions in discrete mode, with no notification to the employee. This program allows employers to compile reports to use as a sort of ‘gotcha’ file to scare workers into compliance. If your employer is using this, you won’t know it until they show you the info they’ve sourced--and I wouldn’t want to be in that meeting.
  • ContentWatch: This one is standard Internet blocker fare. Email monitoring, website restriction, site logs. If your employer uses this, they want to know where you’re surfing and whether or not you’re being productive.
  • Veriato: This program is geared towards companies that are worried about keeping proprietary info in-house. It monitors file transfers, document tracking and logins and can generate alerts if sensitive information is accessed or discussed in email. Your employer may use this product if they really care about keeping trade secrets.
  • Sentry PC: An all-around workhorse, this product hits all three monitoring categories (activity monitoring, content restriction and time management). Your employer can customize Sentry PC to monitor some or all criteria, and one of these includes keylogging. This is also a stealth program, so you may not know if your employer is using it on your computer.
  • Teramind: This software is different because it uses machine learning to establish an office baseline and then detect anomalies. Your employer can also create computer “rules” and set up alerts for when you break them. If your company likes to be hands-off and is less of a micromanager, then they may be using this offering.

So, depending on your workplace and culture, you may know that your employer is monitoring your work computer (if they are at all) or you may not. The program they choose somewhat reflects their attitude toward your information and how they could potentially use it.   

Bottom Line

Depending on which monitoring program your employer uses, the IT department could learn a good deal about you through your work computer, including your personal interests, password information, break time and email contents. Consider the types of information you access on your company computer and whether you are comfortable with your employer knowing about it. Your company may not care and may not be watching you at all, but we wouldn't bank on that.

Create a new thread in the UK Article comments forum about this subject
No comments yet
Comment from the forums
    Your comment