Employee monitoring software

Last updated

Employee monitoring software, also known as bossware or tattleware, is a means of employee monitoring, and allows company administrators to monitor and supervise all their employee computers from a central location. [1] It is normally deployed over a business network and allows for easy centralized log viewing via one central networked PC. Sometimes, companies opt to monitor their employees using remote desktop software instead. [2]

Contents

Purpose

Insiders are the leading cause of data breaches around the globe. IBM found that 60% of all cyberattacks were caused by insiders. [3] In its annual Data Breach Investigations Report, Verizon found an even higher impact, with 82% of all data breaches caused by unsecure or unintentional behaviors of employees. [4] IT organizations have turned to employee monitoring software to help detect and prevent insider threats.

Employee monitoring software is used to supervise employees' performance, prevent illegal activities, avoid confidential info leakage, and catch insider threats. Nowadays employee monitoring software is widely used in technology companies. [5]

Features

An employee monitoring system can monitor almost everything on a computer, such as keystrokes, mouse movements and passwords entered, websites visited, chats in Facebook Messenger, Skype and other social media. A piece of monitoring software can also capture screenshots of mobile activities. E-mail monitoring includes employers having access to records of employee’s e-mails that are sent through the company’s servers. [6] Companies may use keyword searches to natural language processing to analyze e-mails. [6] The administrator can view the logs through a cloud panel, or receive the logs by email.

Other kinds of monitoring include webcam and/or microphone activation, and "invisible" monitoring. [7] [8] [9] [10] [11] Employee monitoring software has been called a form of spyware. [8] [11] During the COVID-19 pandemic, the use of these systems by companies to monitor their employees increased. [10] [12]

Criticism

The Electronic Frontier Foundation (EFF), which originated the term "bossware", has denounced employee monitoring software as a violation of privacy. [9] [13] The Center for Democracy and Technology (CDT) denounced bossware as a threat to the safety and health of employees. [14]

During the COVID-19 pandemic, members of the r/antiwork subreddit shared various mouse jiggler strategies to combat monitoring software intended to monitor the productivity of remote workers. [8]

A study by Reports and Data predicts that the global market for employee remote monitoring software will hit $1.3 billion by 2027. [15]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security, or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Spyware is any software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.

<span class="mw-page-title-main">CA Anti-Spyware</span> Spyware detection program

CA Anti-Spyware is a spyware detection program distributed by CA, Inc. Until 2007, it was known as PestPatrol.

In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely from one system, while being displayed on a separate client device. Remote desktop applications have varying features. Some allow attaching to an existing user's session and "remote controlling", either displaying the remote control session or blanking the screen. Taking over a desktop remotely is a form of remote administration.

A data breach, also known as data leakage, is "the unauthorized exposure, disclosure, or loss of personal information".

Workplace privacy is related with various ways of accessing, controlling, and monitoring employees' information in a working environment. Employees typically must relinquish some of their privacy while in the workplace, but how much they must do can be a contentious issue. The debate rages on as to whether it is moral, ethical and legal for employers to monitor the actions of their employees. Employers believe that monitoring is necessary both to discourage illicit activity and to limit liability. With this problem of monitoring employees, many are experiencing a negative effect on emotional and physical stress including fatigue, lowered employee morale and lack of motivation within the workplace. Employers might choose to monitor employee activities using surveillance cameras, or may wish to record employees activities while using company-owned computers or telephones. Courts are finding that disputes between workplace privacy and freedom are being complicated with the advancement of technology as traditional rules that govern areas of privacy law are debatable and becoming less important.

Employee monitoring is the surveillance of workers' activity. Organizations engage in employee monitoring for different reasons such as to track performance, to avoid legal liability, to protect trade secrets, and to address other security concerns. This practice may impact employee satisfaction due to its impact on the employee's privacy. Among organizations, the extent and methods of employee monitoring differ.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). SIEM is the core component of any typical Security Operations Center (SOC), which is the centralized response team addressing security issues within an organization.

Computer surveillance in the workplace is the use of computers to monitor activity in a workplace. Computer monitoring is a method of collecting performance data which employers obtain through digitalised employee monitoring. Computer surveillance may nowadays be used alongside traditional security applications, such as closed-circuit television.

<span class="mw-page-title-main">FinFisher</span> Surveillance software

FinFisher, also known as FinSpy, is surveillance software marketed by Lench IT Solutions plc, which markets the spyware through law enforcement channels.

Bring your own device —also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own personal computer (BYOPC)—refers to being allowed to use one's personally owned device, rather than being required to use an officially provided device.

An insider threat is a perceived threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.

Retina-X Studios is a software manufacturer company that develops computer and cell phone monitoring applications, focused on computers, smartphones, tablets and networks. The company is founded in 1997 and it is based in Jacksonville, Florida, United States.

HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.

In the field of information security, user activity monitoring (UAM) or user activity analysis (UAA) is the monitoring and recording of user actions. UAM captures user actions, including the use of applications, windows opened, system commands executed, checkboxes clicked, text entered/edited, URLs visited and nearly every other on-screen event to protect data by ensuring that employees and contractors are staying within their assigned tasks, and posing no risk to the organization.

Corporate surveillance describes the practice of businesses monitoring and extracting information from their users, clients, or staff. This information may consist of online browsing history, email correspondence, phone calls, location data, and other private details. Acts of corporate surveillance frequently look to boost results, detect potential security problems, or adjust advertising strategies. These practices have been criticized for violating ethical standards and invading personal privacy. Critics and privacy activists have called for businesses to incorporate rules and transparency surrounding their monitoring methods to ensure they are not misusing their position of authority or breaching regulatory standards.

Stalkerware is monitoring software or spyware that is used for cyberstalking. The term was coined when people started to widely use commercial spyware to spy on their spouses or intimate partners. Stalkerware has been criticized because of its use by abusers, stalkers, and employers.

References

  1. "What Is Employee Monitoring Software? (with pictures)". wiseGEEK. Archived from the original on 2018-01-02. Retrieved 2018-01-02.
  2. "What is employee monitoring?". WhatIs.com. Archived from the original on 16 February 2018. Retrieved 16 February 2018.
  3. Zadelhoff, Marc van (2016-09-19). "The Biggest Cybersecurity Threats Are Inside Your Company". Harvard Business Review. ISSN   0017-8012 . Retrieved 2024-05-29.
  4. "Data Breach Investigations Report - 2022" (PDF) Verizon, 2022. Retrieved 5/29/2024.
  5. Ciocchetti, Corey A. (2011). "The Eavesdropping Employer: A Twenty-First Century Framework for Employee Monitoring". American Business Law Journal. 48 (2): 285–369. doi:10.1111/j.1744-1714.2011.01116.x. ISSN   1744-1714.
  6. 1 2 Spitzmüller, Christiane; Stanton, Jeffrey M. (June 2006). "Examining employee compliance with organizational surveillance and monitoring". Journal of Occupational and Organizational Psychology. 79 (2): 245–272. doi:10.1348/096317905x52607. ISSN   0963-1798.
  7. Gilliland, Donald (2021-07-24). "Warning: Your boss is probably spying on you — and it could be bad for your health". The Hill . Retrieved 2021-12-22.
  8. 1 2 3 Cole, Samantha (2021-12-08). "Workers Are Using 'Mouse Movers' So They Can Use the Bathroom in Peace". Vice . Retrieved 2021-12-22.
  9. 1 2 Cyphers, Bennett; Gullo, Karen (2020-06-30). "Inside the Invasive, Secretive "Bossware" Tracking Workers". Electronic Frontier Foundation . Retrieved 2021-12-22.
  10. 1 2 Klosowski, Thorin (2021-02-10). "How Your Boss Can Use Your Remote-Work Tools to Spy on You". The New York Times . Retrieved 2021-12-22.
  11. 1 2 Crispin, Jessa (2021-09-16). "Employers are spying on us at home with 'tattleware'. It's time to track them instead". The Guardian . Retrieved 2021-12-22.
  12. ‘Bossware is coming for almost every worker’: the software you might not realize is watching you The Guardian. 2022.
  13. "Warning: Bossware May Be Hazardous To Your Health" (PDF). Center for Democracy & Technology. 2021. Retrieved 2024-05-15.
  14. Scherer, Matt (2021-09-16). "Strategies to Tackle Bossware's Threats to the Health & Safety of Workers". Center for Democracy and Technology . Retrieved 2021-12-22.
  15. "Workplace monitoring platform Aware takes in $60M". VentureBeat. 2021-10-13. Retrieved 2022-08-09.