Having powerful software doesn’t necessarily mean you will get the most benefits from it. It needs to serve your organizational use cases and goals. It’s about flexibility and fit for purpose. In the case of employee monitoring, a sensitive subject for most organizations in the world, especially as we approach 2019 where data privacy is the topic of conversation in every boardroom, one size definitely does not fit all. Not every workplace culture is ready for a full-blown employee monitoring system, and recording any and all computer interaction for all of your employees. Some want employee monitoring to capture privileged user activity, others want to capture and retain activity logs for third party vendors accessing company systems, others want to leverage employee monitoring in specific departments such as call centers for training and process optimization. Understand the primary use case(s) and pick a solution that can be configured based on the need of your organization, and your employee and user activity monitoring initiative can be a very powerful tool for your organization to ensure compliance, reduce risk, identify malicious intent, improve user and team productivity, and optimize processes.
Employee Monitoring Use Cases
According to recent studies, 64% of employees use non-work related worksites every day and 85% of employees use their email for personal reasons. With the appropriate implementation of employee monitoring software, it’s possible to reduce these non-productive cycles. For example:
- Use the workforce productivity tools to track active vs inactive time, late shifts, long breaks etc. and better yet, let employees see their work history to educate and motivate.
- Use intelligent content-based rules to automatically identify clues to customer dissatisfaction (angry sentiments in emails/questions left unanswered etc.) in your customer care/marketing/sales channels like email, social, IM and implement processes to provide better service.
- Classify productive vs nonproductive apps/sites and discover if your employees are ‘app overloaded’ from metrics like use/idle time, app switching.
- Design etiquette rules to limit unproductive behavior. For example, set a time limit on social media usage.
- Track the time, performance and cost for each project with contractors and remote employees reducing the need for manual invoicing and oversight.
Check out the resources below to learn how Teramind can help you with workforce productivity
- Workforce productivity optimization (solution page)
- Case study – Call Center Increases Performance and Customer Satisfaction with User Activity Monitoring
Insider Threat Detection
Insider threats is another important use case for implementing an employee monitoring solution. According to recent stats, 52% of businesses agree employees are their weakest link in IT security. Malicious or accidental insider threats; risk of IP, trade secrets and sensitive data loss; abuse of computer systems by privileged users; virus, malware and ransomware infection by scam victims; third party vendors stealing your trade secrets – all are real, legitimate concerns businesses have.
Here are ways to configure your employee monitoring solution to address your insider threat detection needs:
- First, determine what behaviors are high risk i.e. copying files to external drives, using cloud storage to share corporate files, downloading/opening files and attachments from unknown sources. Then define activity and content-based rules to block or restrict such actions.
- On a more extreme case, create a white list of apps/sites and block the rest, say, on a bank teller’s workstation.
- To prevent data loss, use predefined classified data for financial information, health, personally identifiable data etc. or define your own sensitive data and monitor their access, transfer or changes with technology like OCR, fingerprinting, tagging.
- Utilize layered authentication and segregated monitoring profiles to restrict access to sensitive data on a need to know basis.
- Implement more scrutiny for privileged users and vendors for things like backdoor accounts creation, attempts to gain additional system privileges, unauthorized remote access, changing configuring files or accessing registry editor.
- Use session recording features for evidence and forensic investigation in case of a security incident.
- Insider Threat Detection (solution page)
- Blog: Ten Tips for Protecting Your Company’s Data Against Insider Threats in 2019
- Blog: Employee Monitoring Is Back, But It’s Not About Spying on Employees
Compliance with data privacy and employee rights may sound like they are counter intuitive to employee monitoring. In reality, these standards and regulations require that organizations have data protection, logging, auditing and breach reporting systems in place. This means, you actually need monitoring and tracking capabilities to comply with these regulations!
Take GDPR. It doesn’t only guarantee consumer data privacy but also includes employees under its protection umbrella. So, does this mean you can’t use employee monitoring for EU citizens? Not at all. As long as an employer has legitimate interests they can use a monitoring system. Examples of legitimate interests can be: data loss prevention, loss of intellectual or physical property, employee productivity and performance etc. If you are subject to GDPR, the recommended approach for your organization is to conduct a Proportionate Test and a Privacy Impact Assessment (PIA) to make sure the purpose for processing employee personal information is provided for in the GDPR.
It’s much easier to comply with these regulations if your employee monitoring system is designed with this compliance use case in mind. Typically, this means there are out-of-the-box policies and rules to support the most common compliance requirements.
With a ‘designed for compliance’ employee monitoring system like Teramind, it’s easy to meet and maintain compliance:
- Automatic discovery and classification of personal data like PII, PHI and PFI and then create rules to minimize their exposure to employees reducing the risk of non-conformance for them and the organization.
- Enable auto masking, redaction and dynamic blackout when employees are accessing their private data like visiting their personal bank’s website, using personal emails or private chat conversations.
- Ongoing compliance enforcement with built-in content-based behavior engine that can take immediate action on detection of any anomaly or violation of compliance policies.
- Generate automated audit trails of user activities, incident and breach reports, session logs and session recording to meet compliance reporting requirements.
- Risk analysis and identification of vulnerable employees, policies and system components that may put your compliance at risk.
Check out the resources below to learn how Teramind can help with your compliance needs:
- Teramind for GDPR, HIPAA, PCI DSS, IS9 27001, SOX, FFIEC, NERC and FISMA (solution page)
- Case study: Financial Services Firm Maintains PCI-DSS Compliance with Teramind
In addition to helping with the productivity goals, HR departments can use employee monitoring for their direct functional needs too. For example:
- Automated time tracking and payroll to reduce paperwork and errors.
- Providing a safe environment by monitoring internal communication channels for harassment, abuse, resentment. For example, creating a content-based rule to detect keywords that shows angry sentiment and takes proactive measures before it escalates into a conflict.
- Creating etiquette rules to govern acceptable social media use policy, time-based quota for personal work, setting monitoring preference executives, teams, department, etc.
- Developing training materials and on-demand feedback system regarding company policy by utilizing the session recording and custom alert messaging features. Same can be used for onboarding new staff or as a guide for an exit interview.
How Much Employee Monitoring Is Legal?
There are legal issues to consider too. For example, while employee monitoring is allowed in most countries, there might be certain restrictions on how it’s implemented. For example, in 2017, a federal court in Germany ruled that companies can’t use keyloggers for employee monitoring. Yet, just the previous year, European Court of Human Rights issued a landmark ruling that it’s not unreasonable for employers to monitor their employees’ computer activity and such monitoring does not violate their human rights. So, how do you go about deciding what to do or not do when it comes to employee monitoring? Especially, if you are a global company or a small business with remote workers, how do you comply with different jurisdictions? As it seems, it’s not one size fits all.
That’s where the need for a flexible employee monitoring solution comes in. In essence, it needs to be a Swiss Army knife.
Check out the how-to video below to learn how Teramind can be configured for various privacy related use cases: