If you own a company-sponsored laptop or connect to your company’s private network, there is a good chance that your employer is monitoring your Internet usage at work. It is not uncommon for companies to be known for employee monitoring. In fact, there are even guides online teaching employers how to effectively monitor their employees.
Private things on your computer you would probably appreciate keeping it that way; private. Nobody really wants their employers or co-workers snooping about in there. So it is only natural to be interested in knowing as to who is watching you.
How are your employers monitoring their employees? What are they looking at? Why do they do it? And is that even legal?
So just how much is your employer able to see if they were monitoring your Internet access or laptops? Well, just imagine as if your boss was standing behind you and looking over your shoulder while you worked. THAT is what your employers can see.
Given a company-supplied laptop device and Internet over the company’s network, your employer could monitor virtually almost anything and everything that goes in and out of your screen.
Spending a little too much time shopping on Amazon? Your boss knows. Chatting with a friend about how sucky your boss is? He sees it. Sending a job application out through your email and then deleting it? Don’t think your employer cannot retrieve it.
Your web surfing, emails, instant messages, downloads, files stored, display screen, keyboard strokes etc.; all these can and are probably being recorded. And if you were using a company mobile, that could be monitored too.
Two common ways employers monitor Internet usage are by:
1) Software on your computer.
Software installed on your company-sponsored computer allows your employer to see what is on your screen or stored in your hard disks. There are numerous programs used by employers to track all your activity and sends reports to your boss or the IT department. The logs can show details from your web surfing habits, to time spent in specific software programs or your emails.
2) Monitoring over a corporate network.
This method also allows an employer to track emails, websites and files but is harder to detect because it is done through a company’s private network. Even if you were using your company’s computer anywhere outside the office, a network analyser (aka. packet sniffer) that has been setup by network administrator to perform network troubleshoots can still be used as a ‘spyware’ as long as you are connected to the company’s network.
It is unlikely that a boss would be monitoring their employees 24/7, as they would be ending up spending more time playing Big Brother rather than doing actual managing. It is also improbable of an employer to be actively monitoring each and every employee, and is more likely to do so only if a certain employee has given reason for them to question his/her behaviour.
Employers may choose to monitor employees’ Internet usage for a variety of reasons. The company might be dealing with sensitive information and wish to prevent data misuse or leaks outside the company. Or perhaps a company wishes to hinder employees from performing malicious actions or downloading illegal content which could lead to malware compromising an entire network infrastructure. Employers may even use monitoring to gauge productivity of employees by means of keystroke monitoring (eg. How many keystrokes per hour each employee is performing).
Yes and no.
In the U.S., the Electronic Communications Privacy Act of 1986 (ECPA) states that it is against the law to “intercept” electronic communications like telephone, emails or computer. However, due to exceptions in this act, since your employer owns the equipment, they basically are free to access the equipment as they please.
The exception in the law states that given employer-owned systems, they are allowed to access emails, phone message systems and instant messages as the company owns the computer network and terminals.
Another exception is that the employer may monitor employees using their systems for “legitimate business needs”, which ultimately leaves it open to interpretation and misuse.
In Malaysia, there are not many laws (if none) pertaining to workplace right to privacy. The closest we have is said to be the Personal Data Protection Act 2010 (PDPA) which focuses on the processing of personal data in commercial transactions, but probably less in regards to privacy rights.