Is My Boss Monitoring My Internet Usage?

[Batu69]

 

 

If you own a company-sponsored laptop or connect to your company’s private network, there is a good chance that your employer is monitoring your Internet usage at work. It is not uncommon for companies to be known for employee monitoring. In fact, there are even guides online teaching employers how to effectively monitor their employees.

 

Private things on your computer you would probably appreciate keeping it that way; private. Nobody really wants their employers or co-workers snooping about in there. So it is only natural to be interested in knowing as to who is watching you.

 

How are your employers monitoring their employees? What are they looking at? Why do they do it? And is that even legal?

 

WHAT CAN MY EMPLOYER SEE?

So just how much is your employer able to see if they were monitoring your Internet access or laptops? Well, just imagine as if your boss was standing behind you and looking over your shoulder while you worked. THAT is what your employers can see.

 

Given a company-supplied laptop device and Internet over the company’s network, your employer could monitor virtually almost anything and everything that goes in and out of your screen.

 

Spending a little too much time shopping on Amazon? Your boss knows. Chatting with a friend about how sucky your boss is? He sees it. Sending a job application out through your email and then deleting it? Don’t think your employer cannot retrieve it.

 

Your web surfing, emails, instant messages, downloads, files stored, display screen, keyboard strokes etc.; all these can and are probably being recorded. And if you were using a company mobile, that could be monitored too.

 

HOW AM I BEING MONITORED?

Two common ways employers monitor Internet usage are by:

 

1) Software on your computer.

Software installed on your company-sponsored computer allows your employer to see what is on your screen or stored in your hard disks. There are numerous programs used by employers to track all your activity and sends reports to your boss or the IT department. The logs can show details from your web surfing habits, to time spent in specific software programs or your emails.

 

2) Monitoring over a corporate network.

This method also allows an employer to track emails, websites and files but is harder to detect because it is done through a company’s private network. Even if you were using your company’s computer anywhere outside the office, a network analyser (aka. packet sniffer) that has been setup by network administrator to perform network troubleshoots can still be used as a ‘spyware’ as long as you are connected to the company’s network.

 

WHY ARE COMPANIES MONITORING EMPLOYEES?

It is unlikely that a boss would be monitoring their employees 24/7, as they would be ending up spending more time playing Big Brother rather than doing actual managing. It is also improbable of an employer to be actively monitoring each and every employee, and is more likely to do so only if a certain employee has given reason for them to question his/her behaviour.

 

Employers may choose to monitor employees’ Internet usage for a variety of reasons. The company might be dealing with sensitive information and wish to prevent data misuse or leaks outside the company. Or perhaps a company wishes to hinder employees from performing malicious actions or downloading illegal content which could lead to malware compromising an entire network infrastructure. Employers may even use monitoring to gauge productivity of employees by means of keystroke monitoring (eg. How many keystrokes per hour each employee is performing).

 

IS MY EMPLOYER ALLOWED TO DO ALL THIS?

Yes and no.

 

In the U.S., the Electronic Communications Privacy Act of 1986 (ECPA) states that it is against the law to “intercept” electronic communications like telephone, emails or computer. However, due to exceptions in this act, since your employer owns the equipment, they basically are free to access the equipment as they please.

 

The exception in the law states that given employer-owned systems, they are allowed to access emails, phone message systems and instant messages as the company owns the computer network and terminals.

 

Another exception is that the employer may monitor employees using their systems for “legitimate business needs”, which ultimately leaves it open to interpretation and misuse.

 

In Malaysia, there are not many laws (if none) pertaining to workplace right to privacy. The closest we have is said to be the Personal Data Protection Act 2010 (PDPA) which focuses on the processing of personal data in commercial transactions, but probably less in regards to privacy rights.

 

WHAT CAN YOU DO

• Some companies allow for ‘Bring Your Own Device (BYOD) Policies. This is a good solution to counter monitoring software that may be implanted on a company’s device. If bringing your own computer to the workplace seems a bit drastic, even bringing your own tablet is handy for checking a quick personal email or stealthy surfing.
• Got a smartphone? Or a mobile broadband? Great. These can be alternatives to using your company’s Wifi. Use a wireless tethering device and your cellular data if lack trust of your company’s network.
• Because you can still be tracked outside of the office whenever you connect to the company’s virtual private network, the simple way to offset this would be to disconnect from the company’s VPN any time you do not need to use it.
• Companies can see what you are doing online when the traffic on the corporate network is unencrypted. Using anonymizers like a VPN, such as BolehVPN, or a proxy can encrypt your traffic. Creating your own secure VPN tunnel hides your traffic from the local unencrypted network, which is something you should be using anyway especially if you are surfing over public Wifi.
• Be smart about your online habits when you are at work. If privacy is your concern, it is best to just keep your work and personal life separate if you're concerned about your privacy.

Article source

[jtmulc]

If you are on company-owned devices, assume everywhere you go, everything you is being logged.  Is someone actively monitoring?  Probably not, but buried in every employee Code of Conduct is a "Misuse of company systems" clause.  Mostly, it's ignored unless someone at the company wants dirt on you.  Is there anyone who has never witnessed or experienced a manager who would write-up one of their workers for petty violations of company policy just so they wouldn't be eligible for a transfer or promotion?

 

As for networks, assume *someone* is watching, even if you're the one paying for it.  If Amazon can figure out you're expecting a child based on your browsing history, odds are your employer can, too.  It's illegal in the U.S. to fire someone for being pregnant, but perfectly legal to fire them for misusing company systems before the big announcement.

[straycat19]

20 hours ago, jtmulc said:

If you are on company-owned devices, assume everywhere you go, everything you is being logged.  Is someone actively monitoring?  Probably not, but buried in every employee Code of Conduct is a "Misuse of company systems" clause.  Mostly, it's ignored unless someone at the company wants dirt on you.  Is there anyone who has never witnessed or experienced a manager who would write-up one of their workers for petty violations of company policy just so they wouldn't be eligible for a transfer or promotion?

 

As for networks, assume *someone* is watching, even if you're the one paying for it.  If Amazon can figure out you're expecting a child based on your browsing history, odds are your employer can, too.  It's illegal in the U.S. to fire someone for being pregnant, but perfectly legal to fire them for misusing company systems before the big announcement.

 

What you say may have been true 20 years ago but not now.  Most large organizations use Microsoft System Center.  We do.  And with that I know everything you have installed on your computer (not just by program name but EVERY individual file is listed)  and how much time you spend in every program on your system.  I know how much you download and what you download.  I can tell that you used Word for 97 minutes today but played Solitaire for 184 minutes, etc.  I know what time you logged in, what browsers you ran, and which websites you visited.  I know when your computer was locked and unlocked, and when you logged off and shut down.  In other words it is just like I was standing behind every user all day and watched exactly what they did.  And the system makes it very easy for me to bring up this data on every one of the 12,000 computers in our system.  It also logs any device that is attached to the guest WiFi and what it does while it is attached.  And I can read all your emails, regardless of what email service you are using because you have to do it through a browser (you can't install any program unless I specifically give you permission to do so) and all that information is recorded.  Your company emails are naturally available for me to peruse any time I want.  Like I said, it is just as if I was standing behind you all day watching your every move.  Additionally, there are certain things, that I won't mention, that will trigger an alert so that one of the system center admins can pull up your system and verify what you are doing that we might not like.  Just call me your Big Brother Security Officer and I am watching you.

 

[friends]

i hope he not

[jtmulc]

6 hours ago, straycat19 said:

 

What you say may have been true 20 years ago but not now.  Most large organizations use Microsoft System Center.  We do.  And with that I know everything you have installed on your computer (not just by program name but EVERY individual file is listed)  and how much time you spend in every program on your system.  I know how much you download and what you download.  I can tell that you used Word for 97 minutes today but played Solitaire for 184 minutes, etc.  I know what time you logged in, what browsers you ran, and which websites you visited.  I know when your computer was locked and unlocked, and when you logged off and shut down.  In other words it is just like I was standing behind every user all day and watched exactly what they did.  And the system makes it very easy for me to bring up this data on every one of the 12,000 computers in our system.  It also logs any device that is attached to the guest WiFi and what it does while it is attached.  And I can read all your emails, regardless of what email service you are using because you have to do it through a browser (you can't install any program unless I specifically give you permission to do so) and all that information is recorded.  Your company emails are naturally available for me to peruse any time I want.  Like I said, it is just as if I was standing behind you all day watching your every move.  Additionally, there are certain things, that I won't mention, that will trigger an alert so that one of the system center admins can pull up your system and verify what you are doing that we might not like.  Just call me your Big Brother Security Officer and I am watching you.

 

 

All the more reason to always keep work and private separate. 

[mclaren85]

16 hours ago, straycat19 said:

And with that I know everything you have installed on your computer (not just by program name but EVERY individual file is listed)  and how much time you spend in every program on your system.  I know how much you download and what you download.  I can tell that you used Word for 97 minutes today but played Solitaire for 184 minutes

Please tell me it's not true. I unregistered my machine from "domain network". Can they still see me?

[SandStone]

.

[nsan3]

Simple solution is to just perform all the work-related activities once on Office WiFi or VPN and disconnect from it as soon as your off work. Also while working, if you do feel the need to just unwind and browse some social media or just play a casual game of cards, unlock your smartphone and do all what you want on it.

 

Offices are increasingly getting paranoid as we speak and are doing what ever is possible under the sun to track and tap the employees. Some might argue its for the security of the firm while others might say its like looking while you wanna pee alone. Encroachment of privacy in any form is a direct blow to the freedom of speech and its subsets. Argumentative or not, always do what you want on your personal network, after all office WiFi is for work related stuff and not for viewing the Simpsons

 

[DKT27]

On 10/2/2017 at 9:53 AM, jtmulc said:

 

All the more reason to always keep work and private separate. 

 

Exactly. Never understood why people combine them.

[pc71520]

On 10/2/2017 at 6:23 AM, jtmulc said:

it is just as if I was standing behind you

all day watching your every move.

Scary but TRUE.