In the first part of this series, we showed you how to configure different parts of Teramind to control its monitoring and tracking features at the user, application and system levels.
Today we will talk about the context behind all those activities – the collected data/content and how to handle them. Data like session recordings, logs, meta data, exported reports etc. may contain sensitive private information and even with controlled monitoring and tracking – you may still end up collecting volumes of them. Especially, Session Recordings, if used improperly, could raise all sorts of privacy issues.
If you aren’t familiar with it, the Session Recording (also called Live View & History Playback) feature in Teramind visually records every action that a user makes on their computer. It captures the video of the user’s desktop and optionally the audio, application activities, keyboard/mouse inputs etc. You can use this feature for many purposes: data loss prevention, liability protection, productivity analysis, employee training and as a tool to collect forensic evidence for ongoing investigation etc.
Session Recording is quite a powerful feature and needs to be handled with caution. That’s why Teramind gives you the control to use Session Recordings in a transparent and responsible manner. Here are a few tips you can follow:
Record only during a rule violation incident
Teramind allows you to setup Session Recording limited to a time when a rule violation occurs. By using this method, you can capture any evidence leading up to a malicious activity without collecting unnecessary privacy data. It’s also designed to support some key principles of GDPR Article 7: fairness and transparency, purpose limitation and data minimization.
Most of the rules in Teramind support override the default session recording option. To enable this feature, open the Action tab of a rule and set the ‘MINUTES BEFORE VIOLATION’ and the ‘MINUTES AFTER VIOLATION’ to the required values.
Use scheduled recording and auto delete features
1. Each monitored object in Teramind including the screen, can be configured to use a schedule for recording purposes. This way, you can for example, record employees only during their work hours and not when they are off shift. You can also reduce the cost of bandwidth and storage by capturing only the necessary time period.
2. From the Screen settings, specify the days after which the recording will be automatically deleted. Again, this will save storage and reduce the chance of storing residual records for say an ex-employee. However, before setting the auto delete feature, check with legal. There might be laws about how long you need to store the recording. Especially, if the session recording is considered as Video Surveillance in your jurisdiction.
Disable/limit offline recording
The Offline recording buffer specifies how long the Teramind Agent will continue to record and report on user actions while the user is disconnected from the internet or Teramind servers. By default, the buffer is set to 24 hours, but you can increase or decrease the time as needed or simply disable it presuming, you’d consider that as a user’s private time (especially for remote employees) and forego the default offline tracking and recording capability.
Use scheduled monitoring in the rules
You can schedule a rule to run only during a certain time. For example, you can automatically suspend a Social Media or IM rule during the employee lunch breaks so that they can use these applications without the system interfering with their personal time. You can combine this option with the rule recording option mentioned earlier to further finetune your data capture policy.
Restrict outgoing export data
Teramind allows you to export reports, videos and other data so that you can manage large teams or use the data in other applications for further analysis. But imagine a manager accidentally sending a session recording to an outsider! To make sure your managers don’t export Teramind data outside your company, you can restrict the domain. You can do so from Setting > Security tab under the ‘Outgoing exported data’ section.
Use the revealed agent
If you want to be completely transparent about your employee monitoring policy, the best option is to use Teramind’s Revealed/Visible Agent. It has all the functionalities of the Stealth/Invisible Agent but lets the users decide when they are to be monitored and for which projects/tasks. Users are monitored only when they sign into the Agent and click the Start button. This also has the added advantage of collecting direct consents useful for laws like GDPR.
This concludes the series. By following the tips we discussed, we hope you will be able to utilize Teramind to better detect insider threats, prevent data loss and increase the productivity of your workforce in a privacy-friendly manner. Don’t forget to visit and subscribe to our YouTube channel for how-to tutorials on these features. I would recommend ‘Teramind How To Series: Privacy-friendly Employee Monitoring Deployment’ if you are looking for some step by step instructions.