Employee Monitoring

CWmike writes "Michael Workman, an associate professor at the Florida Institute of Technology's Nathan M. Bisk College of Business, estimates that monitoring responsibilities take up at least 20% of the average IT manager's time. Yet most IT professionals never expected they'd be asked to police their colleagues and co-workers in quite this way. How do they feel about this growing responsibility? Workman says he sees a split among tech workers. Those who specialize in security issues feel that it's a valid part of IT's job. But those who have more of a generalist's role, such as network administrators, often don't like it. Computerworld contributor Tam Harbert found a wide variety of viewpoints from IT managers, ranging from discomfort at having to 'babysit' employees to righteous beliefs about 'protecting the integrity of the system.'"

As an IT Manager for a small company

[ircmaxell]

I personally don't care what other people do in general. I am not their boss, and it's not my job to police what they do during work hours. I do keep logs, so if a person's manager wants to see what they've been doing I can give them a report. The only thing that I personally care about is employee behavior that may compromise my network. I do watch TCP traffic for abnormalities, and do have a black list of sites that will alert me if someone tries to visit something dangerous. Other then that, I really could care less if someone spends half their day on Facebook. It's not my job to make sure that other people are working...

There's some paranoia at play, too.

[Delusion_]

I worked IT at a mortgage company run by someone without much in the way of morals. He wanted a print-tracking solution to monitor who was printing and what they were printing. As it happens, I later worked for a company which provided this exact solution, but ultimately it didn't matter because what he wanted was something he didn't want to spend any actual money on, and at the time any solutions were resource-intensive for a file and print server running on a then-midline Pentium 166 MHz, so it would have required spending money on hardware upgrades, too.

He wanted this solution to protect his leads, which he was convinced were walking out the door from employees taking them and selling them to his competitors; ultimately, it was one of those cases of suspecting other people were doing exactly what he would have done in their situation. I suspect there's a fair amount of this attitude, and it's probably more common in smaller businesses than Fortune 500 companies, who are generally more interested in liability.

Re:Know when

[morgan_greywolf]

You make sound as if Internet monitoring is the only sort of monitoring being done these days. Many big corporations now keep logs of files that have been executed, and some even install keyloggers and computer forensics software.

So it isn't even just a matter of porn or file downloads or webmail. They're tracking everything done on the computer. I wonder just how useful that tracking can be, considering the huge volume of data on any network of significant size.

Re:Know when

[CastrTroy]

To add to that, who actually browses porn at work. I mean, every few months, I hear a story about some politician or city employee being caught browsing porn on work hours, and I just think wow. Is your job that boring? Is your life that boring? Of all the things there are on the internet that won't get you in quite so much trouble, they choose to look at porn. Not that there's anything wrong with doing it on their own time, but they have to just know it's going to end up badly. When I'm bored at work, I visit lots of non-work related websites, but I just really don't understand the porn-at-work thing.

Re:Know when

As a security professional in a VERY large company, you'd be amazed how many people go to porn sites on work computers. For some people, it seems like porn is like an addiction. They crave that "stimulation" so badly that they can't wait until they're somewhere else, or perhaps they don't have a computer at home, or perhaps the only computer at home is in a public area where other people can see what they're doing. There are many reasons why someone would chose to do something like that at work.

They also don't seem to believe the warning on the computer when they log in every morning telling them that we ARE monitoring their activities.

The problem is that new sites pop up all of the time, so trying to block them is like the old "whack a mole" game at the carnival.

I found one company-issued laptop with 16GB of porn videos, including kiddie porn. That was immediately turned over to the proper authorities and, if my information is correct, the former employee is now in prison.

Re:Employee monitoring is not really new

[iamhigh]

If the manager is not technically competent to monitor computer use, then there is a question of why that person is managing people who use computers for their work -- the manager should be competent with the equipment.

That's a bit much. The accounting manager should be able to keep up with the latest ways to hide computer usage? Does that mean the most able computer user should be the head of each department regardless of ability to manage that department? Also, aren't the guys trying to hide stuff more likely to become the most compentent user therefore allowing them to be the "boss". Of course that means as you go up the the chain of the company it just keeps being more and more technically superior people, regardless of ability to do the job.

No, I'll stick with the idea that the department manager should know his specific job better than anyone. That includes the IT Manager, and he should be ultimately responsible for all computer usage.

management- be careful what you ask for...

[xmundt]

Greetings and Salutations....
          A few years ago, one my my clients asked me to generate lists of the websites their employees had been on, and, how long they had spent on the sites. Since I run an in-house DNS server, not that hard to get. Well, I ran the reports for a few months, then, the project was quietly dropped. Why? It turned out that the only folks that spent significant amounts of time on porn sites and other non-business sites were the President of the company (who had ordered the reports) and his wife, the CFO of the company.
And THEY were burning a LOT of time on non-business related entertainment and shopping!
            What was really amusing to me about this was that these two folks had the attitude that they were the only ones doing anything positive for the company, and, the employees were the enemy - and were spending all their time trying to steal time and resources away from the company, cutting down on profit margin!
            Regards
            Dave Mundt

Re:Total BS

[DaMattster]

Another true story. At my company, I sit close to the guys who monitor the content filters. They have connections to their computers outside the proxies, directly on the Internet. I see them all the time accessing their personal Gmail accounts, which is blatantly against the company's security policy. It's a bit like the police officers I see all the time driving 70 MPH on the 55 MPH-speed limit Interstate, or driving through red lights. Who watches the watchers? Oh yeah, that would be nobody. Oh, don't worry though, I'm sure they're browsing "responsibly" and don't need watching.

This happens daily at our company. In fact, I had a manager approach me and ask if she could have the same tool that I use for remote access to assist users and fix things. I flat out told her "no." She sniffed and walked away. The hubris of corporate America is astounding. Management mentality is still very much caught in "industrial revolution" mode of thinking where employees need constant micromanaging. Has it occured to anyone, that human beings hate micromanagement? Micromanagement is a moral destroyer and encourages rank and file employees to be mindless automatons. I often wonder why someone wants to become a manager. I think it is to gain more freedom to make decisions so they are less of an automaton. Many managers also forget from whence they came.