Is Your Boss Spying on You? Inside New Workplace Surveillance

Popular Mechanics ^ | September 20, 2007 | Glenn Derene

[Defend the Second]

I am the IT director of a $250 million health care company. If you install your own OS on a company computer, then you should be fired.

In most cases when an installed update causes problems, it is because the user has infected the machines with viruses/spyware, etc. This is particularly true for notebook computers that go home with the employee and spend time off our network.

[LurkingSince'98]

Is there software that monitors this as well?

You betcha - it even mentions it in the article.

Lurking’

[LurkingSince'98]

Is there software that monitors this as well?

You betcha - it even mentions it in the article.

Lurking’

[gjones77]

Hate to say it, but a company has a right to do this, it’s their property you’re using for other than needs of the business.

Now that isn’t to say that everything should be held against you and the networks Nazi’s should come knocking as soon as you open FR, a majority of companies aren’t going to waste their time with minor things, they’re looking for evidence of improper use, such as porn, job hunting, and such

Just remember, don’t do anything on your computer you wouldn’t want put on the front page of the NYT. ;)

[steve86]

I am the IT director of a $250 million health care company.

I wasn't aware that smaller companies still had IT Directors. Seven or eight years ago it appeared to me they were being phased out and HR or finance was taking over the task.

[decimon]

You point to problems that should indeed be addressed. To open the company system to malware is beyond irresponsible.

But, in my experience, few people are responsible when it comes to anything computer. The current system pits employer against employee so, IMO, a whole new approach to telecommunications is needed. Not that I know what that approach should be but I think the need for it is clear.

[decimon]

Trust and respect is a two way deal, if they treat employees like potential criminals, businesses may get back what they dish out.

How about minimizing the potential? Conducting business on the internet is like holding meetings in town square.

[ByDesign]

"Hey FRiends...It’s a WORK computer. Don’t surf FR, popular mechanics, naughty cheerleaders, the stock market, NASCAR or anything else your boss might object to." I agree with this, even though I'm guilty of occasionally browsing the web when brainstorming - I'm in a creative field, and sometimes it helps to just go out and wander among sites looking for inspiration. I dunno. People these days have gotten this wierd attachment to talking to other people 24/7...almost like they're filling up the voids in their life iwth empty chatter. I just don't have that much to say, all day, every day. I don't need IM on my computer at work, i'm working. My work requires attention, lots of it, and IMs are distracting. I listened to months of complaints from freinds that I was'nt on IM...so I installed it, expecting this exciting world of chit chat and everything, what i gat was "What are you doing?" "Work" "Yeah....me too" "Didja see " Heck, i don't call my freinds that much, so when I DO call, we have something to talk about. I know people who are on the phone all day, every day...what the heck do they talk about? Maybe I'm spoiled - I like my job, I do interesting things all day with Photoshop and Illustrator, I just don't need anything that companies are blocking, like YouTube, or MySpace. When you're at work, do your job. If you have to surf and exchange personal e-mail away from prying eyes, get a personal Blackberry or iPhone. I save my free time and my personal computers for the kind of stuff companies are blocking. :)

[rudy45]

What if the connection to the site is SSL-encrypted? I’m thinking the IT department will know I’m connected to the site. However, will they be able to see the unencrypted packets?

[Zuben Elgenubi]

You betcha - it even mentions it in the article.

I've re-read the three page article again and I still don't see the mention. Just the carpenter with the cell phone/GPS.

Hope you haven't shredded my cache! :-)

[Zuben Elgenubi]

They can. Certainly the browser cache and other traces are left even if you think you've cleaned the cache, etc

I use a really great utility called "Window Washer 6.0" from Webroot (the same providers of SpySweeper). It has a cleaning and bleaching function for the cache.

[shorty_harris]

If you install your own OS on a company computer, then you should be fired.

Fortunately, our policy isn't as harsh as this, otherwise I wouldn't have done it. We support several different OS's, Linux being one of them.

In most cases when an installed update causes problems, it is because the user has infected the machines with viruses/spyware, etc.

Possible, I guess, but I was pretty careful about this. The IT department never told me I was infected with anything.

I kept my old Win2k drive fully patched and up-to-date. This was required for windows computers by the government agency I work for. Recently they changed the requirements to include operating as a regular user, not admin, as our windows computers had been set up to do. Win2k doesn't do this very well (at least not my computer). Also, some sort of defrag utility was set up to run at every startup. These two 'updates' alone (there were others), while maybe the right thing to do for security, were enough to kill my productivity. It was simply easier for me to switch to another (supported) OS. And since I spend half my time on deployment, attached to other networks, I'll bet I'm better off using Linux anyway.

[Old Professer]

Everybody, all together, “If you’ve got nothing to hide...!”

[decimon]

Everybody, all together, “If you’ve got nothing to hide...!”

Well...it is different when we're talking private business. They can fire you but not jail you. My problem with this is an utter lack of faith in policy being applied across the board.

[Old Professer]

I worked at Lockheed in Burbank, both plants, back in the early 1960s; they inspected your lunchbox on the way out the door; saw a guy get fired on the spot one morning because he refused a work assignment with a fellow with whom he had a mutual dislike.

Had to have a security clearance to work there; when you got watched, it was by the man on the floor.

Everyone knew the policy.

[MediaMole]

If your company uses a proxy server to access the internet, they can access your SSL session data under certain circumstances.

It is possible to intercept an SSL connection at a corporate proxy server. The company would have to install its own security certificates on the workstation, which would allow it to make a secure connection to the proxy server, which would then make a secure connection to the bank.

Essentially, the connection is decrypted at the firewall, then re-encrypted and sent to your workstation.

Don’t do anything at work that you aren’t 100% comfortable having the IT guys see.

[Titan Magroyne]

The problems you mention with IT control reminds me of a funny one my work tried. But leading up to that tale...

After years of quiet, faithful service, my employer’s Intranet was enhanced with an “urgent news” popup alert, similar to an IM greeting, for messages deemed especially urgent to the company’s business: Major ups/downs in shares, critical court judgments, retirement/hiring announcements for corporate bigwigs, things of that nature. You clicked OK to make the popup go away, but after a set number of minutes it would popup again - and keep doing that until you actually clicked the link on the popup or opened your browser as if to go read the full msg. That practice stopped once the company disallowed users changing the browser homepage.

Eventually the company installed a net nanny, which by the way blocks websites of pro- 2nd Amendment PACs and any URL that includes “gun” or “firearm.” In my experience, it intermittently checks the page you’re viewing for certain words, but nobody is revealing what the words are that may result in forever banning access to that *domain*. (FReepers who spell sh#t correctly make me nervous. I just don’t know...)

Then came the day that the Intranet update popup appeared onscreen. I was at someone else’s work station at the time and thought he’d set me up for a prank. Update popups came on several times throughout the day. Like the previous popups for company-sensitive announcements, it aggravated the user into opening the Intranet homepage. Once I was back at my desk, I realised *uh-oh*. Every single time a manager altered an Intranet entry, well, everyone knew about it. That annoyance lasted less than a week, thank ye gods! I’d already disabled mine and printed out the instructions for others - I can’t help wondering how that bright idea made it past the “hey ya’ll why don’t we try this?” stage.