Keyboard strokes

Marymoore

read an article that employees got fired as they were pretending to be at their desks and their employer had hidden software to monitor them. How common is this? Are employers in Ireland legally allowed secretly monitor websites employees visit and see what they type etc?

The Continental Op

https://www.boards.ie/discussion/2058355921/keyboard-strokes

There is software that keeps the mouse moving on the screen when the user is absent. Perhaps that is what the employer spotted?

Perfectly legal to monitor any activity on the companies website, email, servers, and PC's. Why shouldn't it be?

Users own PC at home is a different matter but if the user is connecting to a work server then any activity through the company's internet connection may be monitored.

I used to work for a company that made the monitoring software.

Jim2007

https://www.boards.ie/discussion/2058355921/keyboard-strokes

Well you don't actually need to monitor what people are doing to detect this, you just need to review the inventory of software installed on the machine. People installed a very specific piece of software to keep the mouse moving while they were away and as that is the sole purpose of the software it is kind of hard to deny what you were doing with this software.

The other thing is that you don't know the actual reason the people were dismissed. Most companies have policies and security systems in place to prevent employees from installing random software on business computers. So if they not only broke company policies and deliberately hacked the company's security system that alone is enough to get them fired.

As for monitor employee activity on company devices, yes it is legal and indirectly required by law! For example pretty much every business processes and stores GDPR data, that means they are responsible of security that data. Obviously, if they give you a device that can access such data and then failed to monitor your use of the data that could be a serious GDPR issues since you could have done anything with the data or even bigger issue in taking the device outside the EEA. Similar situations exist for medical data, money laundering activities and so on. So unless you are doing some very basic task for your employer, you can expect that you are being monitored in some way most likely data access and device location.

Flinty997

https://www.boards.ie/discussion/2058355921/keyboard-strokes

You need to check your terms and conditions. Its probably in the computer usage policy if they monitor how the computer is used. If they've told you, then they can do it.

Flinty997

You have to wonder how a company survives if it needs software to notice someone does nothing.

Also its not like humans work 100% of the time. You might need to discuss something, or be away from a desk for a while.

Del2005

https://www.boards.ie/discussion/comment/122260607#Comment_122260607

The software is designed to make it look like you are using the keyboard, so it looks like they are working when they aren't. My company has software installed that prevents us from using their computers too much. Every competent company that supplies employees with computers or phones will have some type of tracking and/or monitoring software installed.

The company didn't fire the people for stepping away from the computer for a few minutes.

tohaltuwi

OP mentioned keystroke loggers there at the last bit. Yes these certainly exist. But I doubt most companies actively use these, only in very specific type scenarios and users would have to be informed of their use where GDPR applies. Hackers use them to gain usernames, passwords etc. I think companies outside the GDPR governance area might use them more.

Flinty997

https://www.boards.ie/discussion/comment/122260642#Comment_122260642

Looking as if you are working doesn't produce anything. You'd think they'd notice that before anything thing else.

The Continental Op

This is the type of thing some people have been using, check Amazon they have loads of different ones. Before Covid I'm not sure they even existed.

https://www.amazon.co.uk/VAYDEER-Jiggler-Prevent-Function-wiggler/dp/B08V4L6H7S/

The early ones just moved your mouse on pixel up and down or left an right at intervals which fooled monitoring software into reporting that the user was using their computer. I've no idea if this was the reason for the sacking the OP refers to but is one possibility. Just as the "jigglers" have got more sophisticated I suspect so has the monitoring software.

mada999

https://www.boards.ie/discussion/2058355921/keyboard-strokes

All websites you visit while using the companies internet connection are more than likely being logged. Now whether they are actively being checked is another thing. However, I've once seen a managers ask for a log of a user's web history for performance reasons. Not sure where that particular ticket went though.

Companies now have "insider threat" systems that record user sessions on their networks along with other Cybersecurity toys. With the prevalence of WFH I would expect companies to install these types of systems. TBF - most IT staff are not bothered what you are at normally imo but if you are using dodgy websites or installing software on company equipment then they could be flagged then.

Personally I wouldn't be doing normal internet surfing in work and would use my work computer for only work stuff.

Source : I work in IT

Del2005

https://www.boards.ie/discussion/comment/122260721#Comment_122260721

They most likely did. They fired them because they weren't doing anything but their computers where showing as being in use all the time. Doing nothing is a disciplinary issue which needs to be resolved with the manager monitoring the employee for a prolonged period, faking working is gross miss conduct and embezzlement which can be resolved by firing.

Jim2007

https://www.boards.ie/discussion/comment/122261740#Comment_122261740

Most managers have a good idea of what their subordinates should be able to accomplish in a day's work, especially if you have a few people doing the same job. You don't really need a computer program to tell you they are not doing the job. Finding a fake activity program on their office device is just confirmation.

I used to manage remote teams in the Ukraine before the war and you could always tell who was swinging the lead. We just turned off their access to a key system for their job and when they continued to report progress on their work objectives it was curtain time.

dennyk

Most managers have a good idea of what their subordinates should be able to accomplish in a day's work

That's an optimistic take, I'd say; certainly most managers should know how to gauge their direct reports' productivity without resorting to ridiculous nonsense like activity monitors or keystroke loggers or whatnot, but that assumes that said managers are competent, and there are a lot of utterly useless 'Peter principle' managers out there.

Tork

They're upfront about the IT and internet monitoring policy where I work. I don't mind because the information is right out there for everybody to see, and there shouldn't be any nasty surprises. I don't believe anybody has ever been pulled up for using the internet too much, for example. It's the sort of thing that could be used if they have reason to look more closely at somebody's work. Just about everything on a computer is logged locally or on the network anyway. You'd have to be pretty naive to think your employer doesn't have the capability to go digging if they want to.

Those mouse jigglers have the potential to introduce viruses and other nasties into an I.T. system. You have no control over what software is pre-loaded on these dongles and you can never rule out malware. Any company that doesn't have decent security in place is asking for trouble. I have a feeling these dongles may not even work on our work computers. Even if they did work, evidence of them would be picked up by the auditing software that's routinely run on the system.

Clareman

Most companies would take a dim view of people installing unauthoutised hardware or software on their network, I would say that this would be a bigger problem than people dossing. If you are worried about your Teams status changing just open notepad and put a weight on a key, keeps you alive, or so I've heard 😉

Markus Antonius

I've worked in jobs where I had to use my own personal credit card/banking details and then expense costs back to the company. I think it would be pretty scandalous if an employer was using key-loggers on their computer and would be fairly sure this would not be legal.

AndrewJRenko

https://www.boards.ie/discussion/comment/122266885#Comment_122266885

It would be very unusual these days that end users would have admin rights to install software, or that USB slots would be open for hardware like this.

https://www.boards.ie/discussion/comment/122273529#Comment_122273529

It would not be legal, unless;

• they had very good reasons for doing so, and
• they told you in advance that they were doing it, why they were doing it, how they would use the information, how long they would retain it.

magicbastarder

can you imagine the security headache of ringfencing the backend systems which stored all the keystrokes of your users? or protecting the traffic between the client and backend?

Clo-Clo

https://www.boards.ie/discussion/2058355921/keyboard-strokes

With security concerns all companies will monitor endpoints, that is the best point of access for hackers etc. They won't bother monitoring every website a person visits as that is far too much data. They will have a bad list which would be the normals which will set off a trigger if you visit or depending on the technology will just block the user

THey will also monitor what software you install on the system, again to make sure nothing dodgy and also from a license point of view they need to make sure the company is not using software which they are not entitled to use

These people would of had to install the software on the system, fairly easy to run a command and see what every user has installed on every device. You could do it across an entire company in a few mins and then just limit the software to non approved, in a few hours or less you could identify every user in the company and the ones who have installed non standard products

Also by the way the claims of people working abroad while supposed to be working in Ireland, all of that can be found very easily with modern security software, in fact most packages will inform the company that someone has logged into your PC from a different location to the one they normally log in and raise it as a security alert for the SOC to review

Any MNC will have this as basic these days, most Irish companies as well, the only ones who didn't seem to be the HSE

dennyk

https://www.boards.ie/discussion/comment/122273576#Comment_122273576

Nah, it's grand; we have a policy that no one is allowed to access those systems or look at that traffic without authorisation, so job done!

Flinty997

https://www.boards.ie/discussion/comment/122276887#Comment_122276887

Its game over if it gets hacked.

Squatman

https://www.boards.ie/discussion/comment/122260174#Comment_122260174

hard to deny the intention of downloading the software (how an organisations IT allow this is another story), but proving that it was used may be more difficult

Titanium11

We are monitored on absolutely everything in my workplace.

If we make or receive any call, calls are recorded.

The company also monitor and record all of our screen time on company computers.

I wasn't informed of the second part until months after I started the job. I think they really should have told me at the start of the job.

Companies are monitoring so much now.

dennyk

Companies are monitoring so much now.

Middle managers have to justify their existence via Excel spreadsheets and pretty pie charts, so if you actually have no clue what it is your direct reports are supposed to be doing, your only option is to proudly brag to upper management how you've increased your team's QoQ productivity by X% based on how many keystrokes per minute they are typing, and hope said upper management also has no fecking idea what your reports are supposed to be doing either and will just go along with it.