Misuse of the Internet in the workplace can be a real problem. Besides the obvious loss of productivity that occurs when an employee is logged into Facebook or sending personal emails while on the clock, there are potential legal and security-related reasons why an employer might need or want to know exactly what an employee is doing on the Web while at work.
Unfortunately, being monitored is one of those things most employees hate, and monitoring employees is one of those things that most employers hate to do.
By analyzing data intelligently using behavioral modeling techniques, companies hope to improve their ability to detect problem employees, while minimizing monitoring of innocent employees.
Legally speaking, employers have the right to monitor employee computer activities without their knowledge. It’s a good idea for companies to specify in the employee handbook that they may do this -- even if they actually don’t. It’s also a good idea for employees to behave as if all of their communications on company equipment are being monitored -- even if they probably aren’t. Many companies do monitor and/or filter employee Internet activities. Other companies only monitor employees’ activities when they suspect a problem.
One of the simplest ways to monitor Internet usage is simply by looking at firewall or router log files. Products like Firewall Analyzer from ManageEngine can monitor all of a company’s Internet traffic and report anomalies.
Still other products, such as WebWatcher or Track4Win, let employers actually see everything that’s done on a remote computer.
The problem with most employee Internet usage monitoring systems, however, is that someone has to review the data. If no one has the time to do this, it does nothing but slow down your network and your employees' computers.
Some solutions add intelligence. Cataphora Inc.
monitors patterns of behavior and creates models based on that information. Then it looks for variances from normal usage or certain telltale signs in order to detect fraud or other trouble.
Cataphora says its monitoring and analysis can be as sophisticated as detecting the tone of emails employees send, or as simple as noting from the log files that Joe in accounting downloads several gigabytes worth of .avi files every day.
There are other tools, too: Secure Exchange from NEMX Software Corp. has a feature called Intelligent Content Analysis (ICA) that identifies and filters inappropriate content in emails sent through Microsoft Exchange Server. Mimosa Systems’s NearPoint Content Monitoring alerts supervisors to possible email policy violations by looking for inappropriate content (such as obscene jokes, pornography, and gambling).
Employee monitoring software is usually founded on the idea that people are creatures of habit. Under normal circumstances, we don’t really stray from normal patterns of behavior all that often. An employee who checks his Gmail occasionally while at work probably isn’t a threat to the company. If this same employee suddenly starts IMing frequently with people in the company he doesn’t normally work with, it could indicate something benign -- he’s been assigned to a new project, for example -- or it could point to a problem.
When these new patterns of communication are looked at within the broader context of the company org chart and crossed with keyword and phrase databases, a behavioral modeling system could detect whether the new behavior could potentially represent a threat.
Beyond simply detecting when trouble is afoot, sophisticated monitoring tools can be helpful in analyzing the vast amounts of data generated by any company when electronic records are subpoenaed or when leaks of confidential information occur.
There is another argument to be made for sophisticated analysis tools: Employees should expect some privacy in the workplace, and it’s my experience that most employers tolerate a certain amount of personal use of office resources such as computers and phones. At some point, however, personal use of the office Internet connection and computers crosses a line and becomes theft or fraud that can do serious damage to a company.
Figuring out just where that line is drawn, and not monitoring communications that fall within the “acceptable” zone, is tricky. By looking at patterns of usage and intelligently analyzing data based on behavioral modeling instead of peering at everything on the network, it may be possible for employers and employees to finally see eye to eye on Internet usage monitoring.
I wish people were as trustworthy as you imply. But my extensive experience in the military, in information security, and in life in general, prove contrary. There's always one bad apple that slips in and you must watch everyone to make sure there's only one.
If you wait for one of your employees to sue you because one of your other employees is sending offensive joke mail or pictures, then the ship is already on the sand-bar.
kurtkeys, I didn't see the thing that way. But you are right not all employees are trustworthy. I agree that there should be a diligence protection of employees, but we should also be able to convey to our employees the sense of responsibility and professionalism in the way they interact with each other whether they are online or offline. At least that is what I believe in. Could this only happen in Utopia? I don't think so.
This is a very thought provoking and informative article. Congratulations.
Having said that I woulde like to add that most, if not all of the tools you mention are reactionary. Search for anomalies and then adress the guilty party after the damage has been done. A more proactive solution would be ideal. Prevention, rather than detection. Block the violation, then address the violator. Rather than detect the violation after the damage has been done. I have experience with both types of solutions. And prevention gives a better night sleep than detection.
The IT epartment should not be trusted to do the monitoring, for the very "Friendship" reason you mentioned. The IT department should have a "Security" division that only answers the the CEO.
This group must be a select group of highly skilled experts, of proven reliability. They will be monitored by their peers in the two man rule.
In the long run it is easier, and more in keeping with American jurisprudence, to build and use an unacceptable use policy. In a free society everything that is not expressly forbidden by law is all good.
Case law has already establishedc that if an employee keeps their g-mail account info on a corp computer that info belongs to the corp.
In a utopia your idea would be reasonable. However, in the real world the axiom "TRUST. BUT VERIFY" is reaonable. If you wait for one of your employees to sue you because one of your other employees is sending offensive joke mail or pictures, then the ship is already on the sand-bar. Or if you don't enable due diligence to protect your employees from "outside" interlopers or vice versa. The lesson you learn in court will shock you into your senses.
I completely agree with your logic. If employees are straying from work-related computer use to the point where they need constant monitoring, then something is not right on a deeper level. That said, it amazes me that some people still don't get that companies can (and do!) monitor.
If the IT dept is using sophisticated tools to monitor everyone else’s usage, then who’s monitoring the IT?? ..Better make friends with the IT people.
Telling employees that they’re being monitored is one thing; making sure they’re aware of what constitutes acceptable use is another. With a lot of things being filtered, some employees might even assume that if their machines still allow them access to Gmail, for example, then it must be ok (or won't be entirely their fault) to use Gmail, or else the company would have blocked it. I think employers should make it clear of their own scope of responsibilities as well as their employees’ for ensuring productive and reasonable use of IT resources.
Social Networking sites can also add great value to a job. Of course, this depends on the nature of the job, but with many online fields access to these sites can increase productivity.
"Unfortunately, being monitored is one of those things most employees hate, and monitoring employees is one of those things that most employers hate to do."
I agree that sometimes employers have to "apply" some monitoring rules to make their employees commited to their work while on the clock-be it a network activity monitoring or another. But I think that the most important think is to create a trusted relationship between employers and their employees and make the latter understand that the succes of the company depends on their full engagement during all the work period.
A good employer doesn't need to be monitoring his or her employees all the clock around for them to ba productive.
I do worry about how far is too far. I understand about an employer being afraid of an employee releasing sensitive information, but then again, if someone really wants to do something, they will find a way.
There is nothing to stop an individual from causing havoc using their own computer, a library computer, or even purchasing a cheap, used computer, doing their criminal deed, and disposing of the machine. I think that employers have a false sense of security when they don't allow their employees to do certain things on the office computer. So what would be next? Not allow computers at the employees home? I don't think a company would go that far, at least I would hope not.
Also, if employers are afraid of work not getting done and people spending too much time on other things on the internet, instead of cracking down on everyone, handle it on a case by case basis whenever possible. Nothing can upset an employee more, especially one who is trying to be honest, work hard and give their all to their job, than to be presumed to be a slacker if they have full internet acccess, before they are even given a chance to prove themselves.
Although I do think employers do need to be very cautious and protect their business on one hand, they also need to not insult their employees on the other by assuming everyone is a would be criminal.
Computer use at work is a fine line at times. While an employee should not be doing personal work or surfing on business time, I don't think a business needs to come down on the employee that sometimes checks the news or weather while online or reads some emails at lunch.
Employee and employer both need to use common sense.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
To many of us who got our start working on the Web in the 1990s, the 2000s may have seemed like a letdown. We had dreams of a Semantic Web, the Dow at 8 million, artificial intelligence, virtual reality, groceries delivered to our doors at the click of a mouse, and retiring at 30.
Recent developments have thrown a wrench into a plan that would allow Apple iPhone users access to Google (Nasdaq: GOOG) voice services -- while calling attention to an issue of corporate governance for both companies.
A couple of weeks ago, in the first case to target the practice of a company posting fake positive reviews to the Internet -- or “astroturfing” -- Lifestyle Lift, a cosmetic surgery company, agreed to stop engaging in the practice and to pay $300,000 in penalties to the state of New York.
Getting to Work on Smart Work: How IT Is Transforming the Implementation of the 'Internet of Things' Organizations in all industry sectors are becoming more instrumented, interconnected, and intelligent -- and that's changing the way they approach virtually every facet of their operations. It's up to IT to help organizations adopt a "Three I's" approach that leverages the emerging Internet of Things and enables them to work smarter. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
When Reiter gets incensed over incompetent Verizon FiOS order-taking and support, he broadcasts it via Twitter. Did it do any good? How should your company offer Twitter support? Watch this for all the answers.
Evidence shows that you can tweet too much. Sites and services like Twitter and Facebook are a good place to reach your audience, but think quality over quantity.
As enterprises leap into the Web 2.0 world of blogging, commenting, and social networking, just 'being there' won't deliver ROI. You may want a 'Web Evangelist' to systematically harvest the feedback in order to polish your product or service.
More companies are trolling social networks to find and vet potential job candidates. Beware the pitfalls of blurring the line between personal and professional lives.
High on the list of desired improvements from the mobile industry are: shared digital storage for the Internet; phone capability across borders; reduced electro-magnetic radiation; and rewards-based service plans.
Because 25% to 45% of broadband cost is due to sales and marketing, we could reduce our broadband prices by eliminating advertising and promotional spending by providers.
The next edition of one of the greatest English language reference books, the "Oxford English Dictionary," might not be published in paper. Bibliophiles might mourn, but should they?
RIM is giving in to demands by India to snoop on encrypted BlackBerry data. It's time to develop cheap or free encryption software for BlackBerrys and other cellular phones.
Nielsen’s recent numbers on the increasing use of texting bode well for enterprise networks. Shunning the phone in favor of text messaging could mean reducing bandwidth.
Two studios have filed suit against an ad broker for placing ads to help monetize P2P sites suspected of copyright infringement. That's taking a dangerous step toward what might be a worthy goal.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
