Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Careful, The Boss Is Watching

Vendors tout employee monitoring tools to reduce insider threat, improve productivity

Recently, software vendor Ascentive LLC installed its new BeAware employee monitoring application on all the PCs at one of its new corporate clients. The corporation notified its employees that their Web surfing habits -- as well as their email, instant messaging, and application usage -- were now being monitored and recorded.

"Internet usage at the corporation dropped by 90 percent almost overnight," recalls Adam Schran, CEO of Ascentive. "As soon as employees knew they were being monitored, they changed their behavior."

Ascentive -- a maker of parental control software that launched its enterprise employee monitoring application yesterday -- is the latest entrant in a burgeoning arena of vendors that offer tools for tracking end-users' computer activity. Along with mostly small competitors such as StaffCop, e-Spy, and Workexaminer, Ascentive is defining a new category of tools designed to reduce insider threats and improve productivity by recording everything employees do with their computers.

"We call it 'workforce activity management,'" says Schran. "Our latest edition provides all the insight necessary to eliminate time-wasting, increase productivity, and protect private company data."

While tools for tracking employee network usage have been available for years, emerging products such as BeAware take monitoring to a whole new level. The new BeAware 6.7 lets managers track workers' activity not only on the network or in the browser, but also in email, chatrooms, applications, and shared files. And at any unannounced moment, a manager can capture an employee's screen, read it, and even record it for posterity.

Such exhaustive monitoring may seem a bit draconian to the uninitiated, but analysts and vendors all say the use of such "Big Brother" software can make a drastic impact on productivity and security. In a recent study by AOL and Salary.com, 44.7 percent of workers cited personal Internet use as their top distraction at work. A Gallup poll conducted in 2005 indicated that the average employee spends more than 75 minutes a day using office computers for non-business purposes.

Once employees know their activities are being monitored, however, their personal computer use is quickly curtailed, Schran observes. "Even if your company only increases productivity by 20 percent, that's still more of an increase than you might get with a lot of other applications."

Perhaps even more importantly, employee monitoring tools can deter workers from insider activities such as data theft or unauthorized file access, Schran adds. "If your employees are downloading files to a USB device, our software will record that action," he says. "Our data has already been used in evidentiary proceedings in court."

The threat of insider data theft -- as well as the pressures of security regulations and policies such as Sarbanes-Oxley and Gramm-Leach-Bliley -- is pushing many companies to do more surveillance of employee activities. According to a study by the American Management Association, more than three quarters of companies already monitor employees' Web activity, and more than half of companies store and review email. The majority of companies employ video surveillance at their sites, and almost 20 percent not only monitor phone calls, but record them as well.

Comprehensive surveillance of online behavior may seem distasteful to some business managers, but there are ways to do it without driving employees away, Schran reports.

"We have clients that allow their people to turn off the monitoring for 30 minutes or an hour every day, so that they can send messages to the kids or do personal stuff for a reasonable amount of time," he says. "We also have clients that don't use the real-time monitoring feature at all -- they're just recording the activity in the background, in case there's a security issue or legal issue down the road."

Interestingly, some "employee monitoring" tools are legitimized versions of notorious hacker tools, such as spyware and keyloggers, that let an observer track an end-user's activity. "I don't recommend those sorts of tools -- especially the keyloggers, which enable a manager to see an employee's passwords," Schran advised.

BeAware 6.7 is a client application that is distributed to each end station, "much like you would deploy an antivirus application," Schran says. The data from the client is reported to a central server, and managers can access that data through a secure administrative application, he says. The software is available for $89.95 per seat, with volume discounts starting at five seats.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-1070
PUBLISHED: 2021-01-26
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an un...
CVE-2021-1071
PUBLISHED: 2021-01-26
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to...
CVE-2020-23774
PUBLISHED: 2021-01-26
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.
CVE-2020-23776
PUBLISHED: 2021-01-26
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.
CVE-2021-3309
PUBLISHED: 2021-01-26
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,