Employee Monitoring In Your Company
CopiaTECH Summary on Employee Monitoring
1. Start Slow - block obvious non business related sites like mySpace.com, Facebook.com, adult traffic, gaming, etc. before you worry about monitoring keystrokes and filtering email!
2. Be Open - let everyone know that you are going to implement a filtering policy, and give people thirty days to adjust. During that time, just inform people when they are on sites that are not business related. If the behavior continues after the 30 day period, take action.
3. Go with the best - we recommend WebSense products, because we have tested them in the field and they work. Find out for yourself, with a free trial of Websesne content filtering and monitoring solution.
Is employee monitoring necessary to a security strategy?
Why would you want to monitor your employees? Have you had a theft or data breach? Do you think you have a malicious trusted insider? There are numerous reasons you might consider monitoring employees, including some based on regulatory requirements. Take a look at a recent survey on online gaming at work by white collar workers:
Employee monitoring is very much a security issue, when you consider intellectual property losses. It’s absolutely required if you want to get a true perspective on what’s entering and leaving the corporate network. On the other hand, employee monitoring should not be ‘owned’ by the IT or security department; it is a management, legal and human resources issue. Employee monitoring could also be tied into risk management as well, which, in many cases, does tie back into security.
IT/security should help enable and manage the technology related to employee monitoring, but not have to draw up and enforce the policies associated with it. So, yes, employee monitoring should be part of the overall security strategy, with concessions that other departments will be involved. There are three drivers: increasing productivity, preserving corporate bandwidth and helping companies to avoid lawsuits. If employees have unfettered access to the Internet, they may access a Web site that will offend a colleague. Increasingly, companies feel they need to be protected against that. Employees have sued companies for exposing them to pornography or racist information. If companies can block certain URLs, they can allow legitimate business use of the Internet without fear of lawsuits.
What’s are other companies doing with Employee Monitoring?
The American Management Association (AMA) performed a survey on employer monitoring of employees and found that 75% of those surveyed already monitor employee Web site surfing. A majority of this group is also using content proxy systems to block inappropriate surfing. In the survey, more than 50% review and retain emails, while approximately 30% track keystrokes. And more than 80% of these employers surveyed disclose their monitoring policies and practices to their employees.
How can I monitor my employees’ computer and internet usage?
There are various tools available that you can purchase to monitor employee computer and Internet use. You can track everything an employee does on a computer resource that your corporation provides. Content filters are an evolving area of security technology. Essentially, they monitor all traffic on a network and compare it to a set of rules that define unacceptable activity. Content monitors alert administrators to the unwanted activity, while content filters block the objectionable traffic from entering the network.
The technology behind content filtering is fairly simple. If the device is set up to be a monitor, technicians can attach it to the network by using a network tap, span port or similar replication technology, ensuring that the network has a copy of all traffic. If it is designed to serve as a filter, it can be placed at a choke point in the network. The important criteria to evaluate when deciding if a content filter meets your business requirements is how the filter decides which traffic is allowed and which is denied.
Most of the current generation of content filters use whitelist/blacklist technology to build lists of acceptable and unacceptable content. Depending upon the organization’s security requirements, either a default “allow” or “deny” rule is applied. This approach is often seen in Web content filtering, where users are blocked from accessing inappropriate Web sites. While maintaining these lists can be quite a chore, filter manufacturers often provide a subscription service that offers access to a centrally maintained site categorization scheme. Some companies are experimenting with newer content-filtering technologies. Using document signatures, traffic profiles and other techniques, these approaches seek to identify leaks of confidential information and other inappropriate content
What is fair to both parties?
As an employer, the best thing your corporation can do is to create an Acceptable Usage Policy and an employee monitoring policy. In the first policy, you define what is appropriate and what is inappropriate for your employees to do when using your corporate resources, including but not limited to all telecommunications and computer and networking systems. In this document, you will clearly spell out to the employees what they can do using company equipment and resources.
By providing an employee monitoring policy to your staff members, you’ll let them know exactly where and when you block inappropriate Internet access and when you monitor telephone, computer and Internet usage. No one will ever be surprised that you are doing it, and you won’t be doing it in a way that could put you at risk of a workplace privacy rights law breach. Keep an eye on Workplace Fairness and the American Civil Liberties Union so you’ll be aware of recent case law and what these organizations are recommending as rights for employees in regards to workplace privacy. Then you can build and tune your policies around what’s the least risky to your organization in regards to a workplace privacy lawsuit.
Employee Monitoring : Breaking News
Employee Monitoring : What Others Say
[…] Employee Monitoring in Your Company […]