UncategorizedNick Barton
Back in the days of working from the office, employers and managers could monitor your activity fairly easily. They could see what you’ve been up to using tools around the premises, such as CCTV cameras, employee computers, internet connection, your company’s network, or even dropping by your desk once in a while to see how you’re doing.
However, with the coronavirus pandemic forcing more employees to work from home, we have seen a significant rise in companies turning to a remote or hybrid work model permanently. With both remote work and bring your own device (BYOD) policies on the rise, employers had to turn to advanced monitoring devices for computer use that, although installed for a reasonable purpose, could set off alarms in your head.
After all, both remote work and BYOD policies mean you’re starting to mix your personal life and professional life.
While you have the professional responsibility of protecting the company and moving in the company’s best interest, this responsibility shouldn’t make you feel like you lost your right to privacy.
Although there are privacy laws to protect your rights, the Electronic Communications Privacy Act (ECPA) of 1998 actually makes it legal for businesses to monitor their employees’ devices to protect the company’s business interests.
Employee privacy is protected, but employers with a legitimate business reason can still monitor employee devices as long as there is consent and local safe storage for the data gathered.
There are many reasons a company would want to monitor your activities.
- To make sure you’re being productive, even when you’re working from home. There are many distractions working from home.
- To prevent insider threat or anyone sending confidential data through an unsecured network.
- To prevent harassment and bullying, internally and externally, as well as to monitor interactions with customers for customer-facing roles.
Next, to make it legal to monitor your activity, companies need a consent form that once signed, shows that you’re willingly allowing your employer to look into the data on your computer that relates to the company. You might find more information about this in your employee handbook or among some of the onboarding forms you signed. Privacy is one of your basic human rights, so don’t be afraid to ask a Human Resources representative about your company’s monitoring policy.
Last, the files produced from monitoring should be kept confidential, ideally stored within the device or network used to monitor employees.
Companies are required by law to let you know that you’re being monitored. However, these clauses are sometimes hidden beneath many pages of paperwork you receive during the onboarding process. Here’s what’s possible with corporate monitoring so you don’t get caught off guard.
If You’re Connected to a Work Network
Your employer can track your internet usage if you’re using a work network. They monitor this to make sure that you’re being productive at work. After all, they’re not paying you to scroll social media during work hours (unless it’s part of your responsibilities).
Besides firewalls that control both incoming and outgoing traffic, companies often also have a web filter that can block access to specific websites. Not just for work computers, these tools allow employers to monitor all devices connected to the work network, including your personal cell phone if it’s connected to your office’s wifi.
If You’ve Downloaded a Remote Spy Software
There aren’t many qualms over whether employers can monitor company computers. Have no expectation of privacy when using these work devices, as they are provided by your company for work purposes. It’s best to assume that your employers have already installed employee monitoring apps on work devices.
However, this isn’t the case with personal devices.
Can your employer ask you to download remote spy software on your personal devices?
Legally, no, unless there is written consent, which most companies have prepared if you use your personal devices for work. Here are a few examples of what your employers can do with remote spy software:
- Take periodic screenshots of your screen. Companies usually do this to protect against insider threats and make sure that you’re being productive during work hours.
- Open your webcam or microphone. This is another security measure to make sure that the person using the device is authorized to access the data.
- Log your keystrokes. Keylogging is used to monitor productivity and monitor business interactions happening through written text.
- Track your location. This could be useful if you misplaced your devices or got it stolen, but not so cool when you’re out on personal errands.
Additionally, employers are often privy to messages you send through email accounts hosted by the company. This is done to make sure that the conversations and interactions within messaging accounts stay appropriate and protect you from electronic harassment.
The increasing use of personal devices in work settings brought about by work from home and BYOD policies made it necessary for employers to install tracking software on your device. What it actually tracks depends on your company policy and the software they use, but you can usually find out from the consent form or your company policy.
Even if you’re not doing anything wrong, constant monitoring, especially on personal devices, would put anyone on edge. If you’re worried about employee monitoring, here are a few ways to hide your tracks from your employers.
If You Have a VPN
A VPN masks your traffic and encrypts your data from prying eyes. It redirects your traffic through another host to change your IP address, and keeps anyone from knowing your browsing history. The only thing your ISP or company network would be able to see is that you’re connecting to a VPN because they can see that your traffic is directed towards the host provided by your VPN.
While it’s a great option to hide your internet activity, most employers won’t like this. In most cases, using a VPN on work devices will get you a warning. Companies need to make sure that you’re being productive during work hours, after all. They will likely suspect that you’re doing something that you don’t want them to know about if you’re disguising your traffic using a VPN.
Through WiFi
When you’re on the company network, your employer would be able to see your browsing history. However, there’s not much else they can see.
Things like passwords and content of messages you send are usually encrypted even if you’re using a private device on the company network. That said, it’s a different matter entirely if you’re using a work device or if you’ve downloaded spyware on personal devices.
While employee monitoring is especially necessary for remote teams, any employee would be alarmed to know that they’re being monitored. Most employers don’t care much about what you do when you’re off the clock. But sometimes, you’ll find one or two supervisors who are just creeping away at your data.
If you feel like your privacy has been violated, it probably is. Consider asking your employer about their monitoring policy if you’d like to know more about how they’re monitoring your activities. In addition, consider contacting an employment lawyer to see if your rights have been violated and receive guidance on what you should do next.
For employees, the best solution to protect your privacy is to keep your work device and personal device completely separate. If you have to work from home, consider setting up a guest network, where all your work devices can connect and have all your home devices on a different network.
For employers, remember that transparency is key when it comes to monitoring. Hiding what you track is not a positive business practice and an invasion of privacy that may result in a lawsuit at worst.
Although monitoring is necessary to protect your business interests, your employees’ right to privacy should not be ignored in any way. In addition, monitoring without explanation causes unnecessary stress, which might affect your employees’ performance and satisfaction in the long run.
Make sure that you communicate with your employees and that they understand what you’re monitoring as well as why. Emphasize that you’re not there to invade their privacy, and educate them on the threats they face when they work from home.
Inspired eLearning has multiple courses on security when working from home that could help you to do this. In addition, our Working Remotely module has various training sessions tailored to help employees work remotely without sacrificing security. In the meantime, check out how you can protect your home network in this free resource.
Previous PostThreat Vectors in Cybersecurity – What You Need to Know in 2022Next PostLGBTQ+ In The Workplace – Ensuring Workplace Inclusion in 2022
Related Posts
Cyber Security for Kids – Staying Safe in the Cyber World
Cybersecurity Insurance is Not Guaranteed Protection against Data Breaches
FAQs
Can my boss see what I do on my personal computer? ›
To monitor your home computer or a personal laptop, your employer has to obtain access. Access is required to install some kind of computer monitoring software. Remote desktop sessions do not grant any access without permission. Also your employer is not allowed to monitor your home computer without your consent.
Does my employer have to tell me they are monitoring my computer? ›The Electronic Communications Privacy Act of 1986 says that employers may monitor employees' oral and written communications as long as they can show there is a legitimate business purpose for doing so. EPCA also says that employers don't need to inform employees of monitoring or gain their consent.
What employers Cannot legally do to monitor their employees? ›The Electronic Communications Privacy Act of 1986 (ECPA) and the common law protections against invasion of privacy have put some restrictions on workplace monitoring. The ECPA prohibits an employer from intentionally intercepting the oral, wire and electronic communication of employees.
Which personal information from employees are employers allowed to monitor? ›Federal workplace privacy and employee monitoring laws
The ECPA allows business owners to monitor all employee verbal and written communication as long as the company can present a legitimate business reason for doing so. It also allows for additional monitoring if the employee gives consent.
- Teramind. Teramind has a live screen view and history playback, which can record employees' screens only when violations occur. ...
- ActivTrak. ...
- Veriato. ...
- InterGuard. ...
- BambooHR Employee Monitoring Software. ...
- Hubstaff. ...
- SentryPC. ...
- Controlio.
If you sign in to any website in Incognito mode, that site will know that you're the one browsing and can keep track of your activities from that moment on. Prevent your activity or location from being visible to the websites you visit, your school, employer, or your Internet Service provider.
Which of the following is a violation of an employee's expectation of privacy? ›These are: An unreasonable intrusion on the employee's seclusion. Unreasonable publicity of the employee's private life. Appropriation of an employee's name or likeness.
Can employers monitor personal devices? ›Yes. While it appears that federal law may prohibit employers from monitoring personal devices (laptops, tablets, phones). As long as there are set policies such as (BYOD) Bring your own device policies in favor of monitoring the use of employee personal devices for work-related reasons, the law permits the monitoring.
What are employers not allowed to do? ›It is illegal for an employer to make decisions about job assignments and promotions based on an employee's race, color, religion, sex (including gender identity, sexual orientation, and pregnancy), national origin, age (40 or older), disability or genetic information.
Is employee monitoring invasion of privacy? ›Invasion of privacy.
A legal claim for intrusion upon seclusion could exist if monitoring software accesses an employee's webcam or internal microphone or records an employee in their home while working remotely and does so in a manner that would be highly offensive to a reasonable person.
Which of the following personal information is not protected from employees? ›
A policy should clearly stipulate situations in which an employee should not assume their data and communications are private. Phone calls, texts, emails and social media communications that are transmitted on corporate-owned equipment, for example, are not legally protected.
What personal information is confidential in the workplace? ›This can include salaries, employee perks, client lists, trade secrets, sales numbers, customer information, news about pending terminations, reasons for a firing, phone codes or computer passwords. You may not divulge this information while you are working for an employer or after you leave.
Can my employer read my text messages on my personal phone? ›Employers need your permission before they can monitor texts on a personal device. The Fourth Amendment of the U.S. Constitution prohibits unreasonable search and seizure and may offer additional protection to public sector employees.
How to trick work monitoring software? ›- Automating Mouse Movement. ...
- Using a Window as a Red Herring. ...
- A Second Monitor. ...
- Disabling the Software. ...
- Predicting Time for Screenshots. ...
- Remote Access. ...
- Using a Virtual Machine.
As a general rule, if you're using your employer's equipment while on your employer's network, your employer has the right to monitor everything you do, whether you're working remotely or in the workplace. Because your employer is providing the communications technology, they have the right to track your activities.
Can my employer see my internet activity at home? ›Legally, no, unless there is written consent, which most companies have prepared if you use your personal devices for work. Here are a few examples of what your employers can do with remote spy software: Take periodic screenshots of your screen.
Can my employer see my internet activity on my personal phone using their WiFi? ›Can my employer see my internet activity on my personal phone using their WiFi? They can look through the cache whenever they want. If you are using the company VPN, on your own WiFi, then they can see everything you do, even if you are in incognito mode.
How can I use the internet at work without getting caught? ›- Get a second browser. ...
- Learn to flip between the two browsers, fast (Alt + Tab on a PC, Command + Tab on a Mac) ...
- Get a browser plug-in that camoflauges your browsing so every page looks boring (yes, these exist)
Here are some examples: A criminal suspect is not allowed access to the personal data held about him by law enforcement agencies as it may impede investigation.
What is considered an invasion of privacy in the workplace? ›Employees have the right to keep private facts about themselves confidential and the right to some degree of personal space. An employer that discloses private facts or lies about an employee may be held accountable in a civil action for invasion of privacy or defamation.
What is not a reasonable expectation of privacy? ›
There are, however, exceptions to the Reasonable Expectation of Privacy Test. For example, federal Fourth Amendment protections do not extend to governmental intrusion and information collection conducted upon open fields; expectation of privacy in an open field is not considered reasonable.
Can companies watch you through computer? ›On work-issued computers, employers can gather data from your keyboard, like how often you're typing, and even your webcam, if it's in your employment agreement. On corporate Internet connections, your employer probably can see which sites you visit, and it can access the emails you send from company accounts.
How much privacy is reasonable for an employee to expect in the workplace? ›Employees generally should have no expectation of privacy with regard to actions taken related to work, or using work equipment.
What are the 3 basic employment rights for a worker? ›- The right to written terms which outline the workers job rights and responsibilities.
- The right to national minimum wage, paid holidays and payslips.
- Protection against unlawful discrimination.
Here are just a few examples of unfair treatment at work:
Creating offensive comments, emails or social media posts about an employee. Demoting, transferring, or dismissing an employee without a fair, disciplinary process. Paying women lower wages for doing the same job, because of their sex.
Is it legal to monitor employees in the United States? Yes, most employee monitoring methods are legal in the United States (US). The federal law against privacy invasion, the Electronic Communications Privacy Act (ECPA), allows electronic monitoring of employee communication for legitimate business purposes.
Is your boss allowed to watch you on camera? ›Employer monitoring of employees and surveillance is legal. In many cases there is a legal duty to monitor employees. However, there are boundaries employers should operate within.
What is employee monitoring policy? ›Employee monitoring is the use of various methods of workplace surveillance to gather information about the activities and locations of staff members. Businesses monitor employees to improve productivity and protect corporate resources.
What personal information is considered protected? ›Protected Personally Identifiable Information (Protected PII) means an individual's first name or first initial and last name in combination with any one or more of types of information, including, but not limited to, social security number, passport number, credit card numbers, clearances, bank numbers, biometrics, ...
What personal information must be protected? ›Pay particular attention to how you keep personally identifying information: Social Security numbers, credit card or financial information, and other sensitive data. That's what thieves use most often to commit fraud or identity theft.
What is considered employee personal data? ›
Personal information collected by the company includes, but is not limited to, employee names, addresses, telephone numbers, e-mail addresses, emergency contact information, equal employment opportunity (EEO) demographic data, medical information, social security numbers, date of birth, employment eligibility data, ...
What is considered highly confidential personal information? ›Examples include Social Security numbers, credit card numbers and medical records.
What is considered confidential personal data? ›Confidential data is information that allows public identification, which might cause harm to a respondent or establishment if released.
Can employers see what you do on your personal phone? ›Can my employer spy on my personal phone? A: NO, your employer cannot spy on your personal phone. Your employer must obtain access to your personal phone to be able to monitor it. Also, your employer is not allowed to monitor your personal phone without your consent.
Can my boss see what Im looking at on my phone? ›On corporate-owned devices, your organization can see all apps installed on the device. On corporate-owned devices with a work profile, which is limited to Android devices, your organization can only see the apps installed in your work profile.
Can your employer spy on you at home? ›Is it legal to monitor remote employees in California? In California, employers can face criminal penalties for eavesdropping or recording their employees' private communications via telephone or email unless all parties to the communication consent to the monitoring (California Penal Code § 631).
Should an employer notify employees that their usage of computers is being monitored? ›Legal requirements
Although there is no federal law that requires employers to disclose to their employees that they are being monitored, some state and local laws may mandate that employers inform employees about data monitoring.
Software (spyware) surreptitiously installed onto another person's computer or cell phone is illegal. Spyware can make stalking surprisingly easy by simply viewing emails, calendars, etc.
How can I tell if my employer is monitoring my Mac? ›If you can, go to Apple menu… System Preferences… Sharing… and see if Remote Management is checked or Screen Sharing is checked.
Can my employer see me through the camera on my laptop? ›On work-issued computers, employers can gather data from your keyboard, like how often you're typing, and even your webcam, if it's in your employment agreement. On corporate Internet connections, your employer probably can see which sites you visit, and it can access the emails you send from company accounts.
What counts as computer misuse? ›
unauthorised access to computer material. unauthorised access with intent to commit or facilitate commission of further offences. unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etcetera.
How do companies spy on remote employees? ›How Your Boss Can Monitor Your Browser. Your employer can also track which websites you visit while at work. This includes not just social media sites, but any website you visit - even if it's for personal reasons. Your employer could see that you're shopping on Amazon or reading the news when you should be working.
Can your employer listen to you through your laptop microphone? ›Your employer does not have the right to “bug" your home, eavesdrop, or spy on you through a work computer or work phone. You have federal rights to privacy through the Electronic Communications Privacy Act (ECPA), and your work must legally ask for your consent to monitor your work calls or computer use while working.
What are examples of electronic monitoring in the workplace? ›Electronic Monitoring is the monitoring of employees using electronic means during work hours. This could mean having your employees sign in online, putting a location tracker on a work vehicle to monitor location and gas consumption, or even having cameras in the workplace.
What is the right to privacy of employees? ›Employees have the right to keep private facts about themselves confidential and the right to some degree of personal space. An employer that discloses private facts or lies about an employee may be held accountable in a civil action for invasion of privacy or defamation.