In its most basic level, there are four key components that every employee monitoring software deals with:
- System Objects: the source of monitoring, i.e. network, websites, applications
- Action: i.e. a file copy operation, sending an email
- Context: the actual data like the session records/video, user/app data, metadata etc.
To be able to ensure privacy, you need to have control over each of these components. For example, if you can’t create user profiles, you won’t be able to assign access levels. Or, if you are monitoring websites, you need a way to suspend monitoring or enact some sort of dynamic redaction/blackout feature while a user is accessing their personal banking site.
This is why to be GDPR/HIPAA/PCI compliant, you need a flexible employee monitoring software that will let you control all these aspects of monitoring and recording so that you can track as much or as little as you want based on your organization’s needs and alleviate any data privacy concerns.
We will discuss the first three items here today and show you how Teramind implements them. In the next article, we will address the last item.
Determine who should be monitored for specific system objects
For this you need to be able to create monitoring profiles based on user location, role, access needs, etc. and attach or detach systems objects to be monitored. On Teramind, this can be done in two ways:
You can create individual, group or departmental profiles to build a personalized monitoring strategy. For example, enable Social Media monitoring for your Marketing department but disable it for other departments.
Importing Profiles from Active Directory:
If you are using Active Directory, you can use its LDAP feature to import your existing users, endpoints and group policies to create user/group and departmental profiles easily.
Control what activities are monitored and how
In addition to controlling who’s being monitored for what, you should be able to configure which activities are monitored and how. Teramind lets you do that in several ways:
At the system level
Turn individual monitored object on/off. For example, if you aren’t sure about keystrokes logging regulations in your jurisdiction, you can turn it completely off.
On request, Teramind can also supply you with a custom version of the Monitoring Agent with certain monitoring functionalities disabled at the system level so even an admin cannot enable them.
At the application and web level:
Monitor activity only within business applications such as Quickbooks or SAP and not the Messenger.
For the web or Cloud services, you can suspend monitoring and keylogging when a user engages in a private activity like reading personal emails, logging into their online banking, or browsing the web in private/incognito mode.
At the user level:
Using the powerful behavioral Policy and Rules Engine, you can create rules to limit exposure of PII (Personally Identifiable Information) and PHI (Protected Health Information) or PFI (Personal Financial Information) like social security numbers, NHS numbers, driver’s license, credit card numbers etc. on a need-to-know basis.
For example, this rule blocks sharing of driver’s license number (or) vehicle registration number over email and IM.
That’s it for now. In our next article we will discuss about Context and how it’s used to limit the recording of session data and video to comply with privacy. In the meantime, you can visit our YouTube channel which has practical demonstrations and examples of many of the features mentioned in this article.