If you own a company-sponsored laptop or connect to your company’s private network, there is a good chance that your employer is monitoring your Internet usage at work. It is not uncommon for companies to be known for employee monitoring. In fact, there are even guides online teaching employers how to effectively monitor their employees.
Private things on your computer you would probably appreciate keeping it that way; private. Nobody really wants their employers or co-workers snooping about in there. So it is only natural to be interested in knowing as to who is watching you.
How are your employers monitoring their employees? What are they looking at? Why do they do it? And is that even legal?
WHAT CAN MY EMPLOYER SEE?
So just how much is your employer able to see if they were monitoring your Internet access or laptops? Well, just imagine as if your boss was standing behind you and looking over your shoulder while you worked. THAT is what your employers can see.
Given a company-supplied laptop device and Internet over the company’s network, your employer could monitor virtually almost anything and everything that goes in and out of your screen.
Spending a little too much time shopping on Amazon? Your boss knows. Chatting with a friend about how sucky your boss is? He sees it. Sending a job application out through your email and then deleting it? Don’t think your employer cannot retrieve it.
Your web surfing, emails, instant messages, downloads, files stored, display screen, keyboard strokes etc.; all these can and are probably being recorded. And if you were using a company mobile, that could be monitored too.
HOW AM I BEING MONITORED?
Two common ways employers monitor Internet usage are by:
1) Software on your computer.
Software installed on your company-sponsored computer allows your employer to see what is on your screen or stored in your hard disks. There are numerous programs used by employers to track all your activity and sends reports to your boss or the IT department. The logs can show details from your web surfing habits, to time spent in specific software programs or your emails.
2) Monitoring over a corporate network.
This method also allows an employer to track emails, websites and files but is harder to detect because it is done through a company’s private network. Even if you were using your company’s computer anywhere outside the office, a network analyser (aka. packet sniffer) that has been setup by network administrator to perform network troubleshoots can still be used as a ‘spyware’ as long as you are connected to the company’s network.
WHY ARE COMPANIES MONITORING EMPLOYEES?
It is unlikely that a boss would be monitoring their employees 24/7, as they would be ending up spending more time playing Big Brother rather than doing actual managing. It is also improbable of an employer to be actively monitoring each and every employee, and is more likely to do so only if a certain employee has given reason for them to question his/her behaviour.
Employers may choose to monitor employees’ Internet usage for a variety of reasons. The company might be dealing with sensitive information and wish to prevent data misuse or leaks outside the company. Or perhaps a company wishes to hinder employees from performing malicious actions or downloading illegal content which could lead to malware compromising an entire network infrastructure. Employers may even use monitoring to gauge productivity of employees by means of keystroke monitoring (eg. How many keystrokes per hour each employee is performing).
IS MY EMPLOYER ALLOWED TO DO ALL THIS?
Yes and no.
In the U.S., the Electronic Communications Privacy Act of 1986 (ECPA) states that it is against the law to “intercept” electronic communications like telephone, emails or computer. However, due to exceptions in this act, since your employer owns the equipment, they basically are free to access the equipment as they please.
The exception in the law states that given employer-owned systems, they are allowed to access emails, phone message systems and instant messages as the company owns the computer network and terminals.
Another exception is that the employer may monitor employees using their systems for “legitimate business needs”, which ultimately leaves it open to interpretation and misuse.
In Malaysia, there are not many laws (if none) pertaining to workplace right to privacy. The closest we have is said to be the Personal Data Protection Act 2010 (PDPA) which focuses on the processing of personal data in commercial transactions, but probably less in regards to privacy rights.
WHAT CAN YOU DO
- Some companies allow for ‘Bring Your Own Device (BYOD) Policies. This is a good solution to counter monitoring software that may be implanted on a company’s device. If bringing your own computer to the workplace seems a bit drastic, even bringing your own tablet is handy for checking a quick personal email or stealthy surfing.
- Got a smartphone? Or a mobile broadband? Great. These can be alternatives to using your company’s Wifi. Use a wireless tethering device and your cellular data if lack trust of your company’s network.
- Because you can still be tracked outside of the office whenever you connect to the company’s virtual private network, the simple way to offset this would be to disconnect from the company’s VPN any time you do not need to use it.
- Companies can see what you are doing online when the traffic on the corporate network is unencrypted. Using anonymizers like a VPN, such as BolehVPN, or a proxy can encrypt your traffic. Creating your own secure VPN tunnel hides your traffic from the local unencrypted network, which is something you should be using anyway especially if you are surfing over public Wifi.
- Be smart about your online habits when you are at work. If privacy is your concern, it is best to just keep your work and personal life separate if you're concerned about your privacy.