Employee Monitoring, a controversial topic

Employee monitoring is a complex and controversial topic that can often become the source of discontent between employers and their staff.

It is not a secret that most employees have a negative opinion about modern monitoring practices, such as PC monitoring. It is often viewed as an invasion of privacy and employer overstepping their authority.

From an employer perspective, employee monitoring is a very useful tool, allowing them to solve a number of issues and challenges, and raise the general health and effectiveness of an organization. It is something that employers used for a very long time. A couple of decades ago they tapped corporate phones, checked mail and conducted video surveillance. Nowadays they monitor employee PCs, social networks, and e-mails. Most of the time such monitoring is not conducted out of maliciousness toward employees, but rather to serve a specific business-related purpose.

The question then is – can the compromise on employee monitoring be found? How to monitor employee internet usage while getting him or her on your side and ensuring cooperation? Practice shows that it is possible, and in this article we will try to give you some tips on how to monitor employee PC use ethically and without overstepping your boundaries.

Employee monitoring is necessary and here is why

First, it is important to understand the reason why it can be very useful and often even necessary to monitor what employees are doing. Such reasons often differs from one organization to the other. However, they all can be generalized into three main categories:

• Many norms and regulations regarding data security and handling of personal data require some form of access management and activity monitoring to make sure that said data is not misused by company employees. Employee monitoring for compliance purposes is used, for example, in financial and healthcare institutions.
• Security. Insider threats are a very real security issue that can result in very damaging and costly attack, if neglected. Employee monitoring is the best way to prevent and detect such threats.
• Performance evaluation and improvement. Monitoring can be used to gauge employee performance and see if they spend their time productively. It is especially useful for subcontractors and employees paid by the hour.

Employee monitoring can solve these crucial issues to the benefit of an organization. However, your employees most likely will not be happy with your decision to monitor their PCs.

Why employees may seem unhappy

Most employees viewing monitoring negatively and usually meet it with hostility. It is rarely considered to be a useful business or security tool, but rather an oppressive practice by the overly zealous boss.

This negative opinion is usually based on a number of legitimate concerns that can be summarized as follows:

• Privacy concerns. Private matters inevitably come up during job hours. It does not necessarily mean that your employees are slacking off. Yet, they can often see intrusive monitoring as an invasion of their privacy, especially when employer monitors their emails or social network activity.
• Concerns regarding trust. Monitoring can cause employees to think that an employer do not trusts them. This perception can undermine the relationship between employee and employer.
• Increased stress. Constant monitoring, especially for performance evaluation purposes, creates a strong pressure to perform on the peak of employee productivity at all times, leading to high levels of stress. This can negatively affect morale and motivation of an employee.

Invasive monitoring often leads to lower general work satisfaction. As a result, such monitoring will produce an opposite effect to the one intended: instead of improving employee productivity, it will reduce it. However, there are certain ways and best practices to change the situation and conduct employee monitoring that satisfies all involved parties.

Ethical monitoring – key to remedy the problem

One of the best tips to employee computer monitoring, is to approach the issue ethically and fairly, with respect for the privacy of your employees in mind. First, you need to make sure that employee monitoring is prompted by a very serious business need that can be clearly formulated and easily communicated to your employees. You should not monitor your employees beyond your direct business needs, and should not collect data, that is not necessary for business purposes.

It is important to create a clear formal monitoring policy based on your needs and stick to it. Make sure that your employees are familiar with it and understand it. You need to clearly communicate what employee actions are being monitored and in what way, and how this information will be used to help your organization.

One of the best practices on how to monitor employees computer usage is to notify them when they are being monitored. While it is not required by federal law, it will show your concern for the privacy of your employees and will help to facilitate the relationship of trust between you.

Use appropriate software

Another important point that can help you make employee monitoring more effective is the right software selection. It is very important to use the right tools for the right job. You need to clearly define what type of information you want to collect and why, and choose the tool that will allow you to do just that.

There are a lot of different simple solutions for recording certain types of user activity, such as keystrokes recording, network monitoring, and employee tracking software, etc. These solutions are easily available and not expensive, often even free. They can be used to control employee productivity, monitor their internet and social network usage, and as a basic security precautions.

However, if your goal is to organize centralized monitoring at a number of endpoints, monitor compliance, or you want a way to actually reliably detect and prevent insider threats, then you need to employ a more sophisticated professional software. Such solution needs to be heavily protected, configurable, and capable of collecting a large amount of important data regarding network and application usage.

Agent-based user monitoring software, are able to create video recording of everything employee sees on their screen coupled with large amounts of relevant metadata. Such solutions allow you to comply with regulations, thoroughly protect your organization from insider threats and provide you with all the necessary data for employee performance evaluation. They can be configured to record either the whole user session, or only specific data, allowing you to collect only information that is needed.

The downside is that most of these business solutions are very expensive and can be cost-prohibitive for small companies, although there are some offers with flexible licensing. Therefore, it is important to carefully evaluate your needs and consider all available options when deciding what employee monitoring software to use.

About the Author

Dennis Turpitka is the CEO of  Ekransystem, an expert within Digital Security solution business design and development, Virtualization and Cloud Computing R&D projects, establishment and management of Software Research direction. Successful entrepreneur, who organized several security start-ups.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – employee monitoring, privacy)