Email/Net usage privacy in the workplace..?

Gracie_05

I work in a medium-sized(international) company, and this whole thing has been plagueing me for quite a while now.
It's about the "big-brother-is-watching-you-ness" of email/internet usage at work.

On my first contract with the company, I naively imported my yahoo mail into my Outlook mail client.
When my second contract began, before Xmas, I'd read up a bit more on the subject, and have been keeping my personal web-mail and surfing separate from the workplace.
What I do now and again, if I've nothing to do is logoff the domain and login as administrator on the local machine, but even felt a bit paranoid about doing that...?

What I'm wondering is, is it possible for the IS dept/bosses to monitor things like keyboard strokes, username/passwords etc. even over secure connections? And also, say if I type an email in notepad, then paste it into the webmail page, could/would it be recorded..?.

And I'm not into browsing any dodgy sites or using expicit words etc. I'm just thinking of stuff like yahoo, gmail, message boards(like boards.ie) etc.

Thanks for any information,

Gracie

Chalk

your on their machine , on their network

without permission, you should not log in as admin, if you found the password out you should inform them its been compromised, not to do so and be caught is sackable afaik.

they can monitor everything and anything if they wanted to.
it all depends on whats set up, and what they actually do.
most places wont monitor your emails as theres no need to, but if they suspected you of stealing / taking drugs at work or somehting similar, and you admitted it in an email from a work pc , you could well be being monitored

secret_squirrel

Most companies have IT codes of conduct that include not using their equipment for your personal use - admittedly they are seldom enforced. Technically anything you do on your work PC is subject to review by your company.

Im surprised you have local admin access to your pc - that exceeds the access levels in most corporates I have worked for.

As for your other questions - all of what you say is technically possible - it just depends how seriously the company takes the monitoring of its IT resources. At a bare minimum I would assume a record of the all websites you have visited is kept.

You have very little right to privacy when it comes to using a PC at work.

Gracie_05

Sorry, should maybe have mentioned that I work in software qa, so we setup and ghost our OS's ourselves. We have to have admin rights to qa the install of the software etc.
So if you still think that this is unusual, then I suppose it's fair to assume that they're not tight about security/monitoring etc.
It's actually quite a "laid-back" company in several respects. And there's a very small IS staff.

wideband

Hi,
some time ago we were asked to sign a electronic usage policy, basically we can surf the web in our own time and not let it effect our work production, no downloading of any sort without prior agreement and snooping is not allowed by any parties including admins unless there is reason to suggest inappropriate behaviour. its all very vauge, but companies have to be careful what there employees are up too.

seamus

Yeah, any kind of monitoring is certainly something they can do. Larger companies tend to do it.

I know in our company (The biggest of the big four ), data security is paramount, but there's no ongoing reporting of who's doing what. Logs are taken, permissions are locked down tighter than a squirrel's toenail, and a policy of "Everything on your computer belongs to us" is very much felt, but at the same time logs of events would only be reviewed in the event of a security breach. Someone's email logs or internet logs would only be audited when required (e.g. if a complaint is received), not as a matter of policy. That said, I'm still a bit paranoid looking at posted jobs out of curiosity, or when a big "Acces Denied" comes up after clicking a dodgy link on boards.

On the flip side I've heard of smaller companies with stupidly restrictive IT policies, either due to bored IT guys or penny-pinching managers. One place I know has about 12 employees and one IT guy. Every webmail site is blocked, same for things like boards here. Every personal phone call lasting longer than a certain amount of time is reported to the boss, and even a bigger number of emails than normal (like more than 50 a day - I send that in a morning) will raise an eyebrow.

matt-dublin

Im the IT manager of a small/medium software company(international)
I have come up with our IT usage policy from scratch,

basically i am quite laid back towards it as an IT manager, unless i have a reason to "investage" but basically written into every employee's contract is our "corporate intranet policy" which states anything and everything in electrical format on company pc's becomes company property and the IT dept reserve the right to view/audit any information that a user may have on their pc/email/network folders and any website they have visited over the last 2 years. Also their is an email audit policy. Each employee has to sign this and it must have a witness signature (ie hr manager or myself)

Now again I say i an ver relaxed on this unless i have directly recieved a complaint about a certain individual or i have reason to believe or a suspicion that something is going on that i would not approve of.

Again it all depends on your corporate policy but long story short the IT dept pretty much has the right to look at everything on your computer or otherwise without your prior consent.

matt-dublin

Gracie_05 wrote:

And also, say if I type an email in notepad, then paste it into the webmail page, could/would it be recorded..?.
Gracie

depending on their software and equipment yes information from a webmail message can be retrieved quite easily and i have had to do so for legal reasons.

snappieT

Where I work, you own 100MB on a server that can be accessed by everyone in IT. Your PC is not yours. We can change your PC overnight, and if you have any files stored on it tough (thus everything saved is on the network, and can thus be snooped).

I had the power to remotely watch (without their knowledge) what anything anybody was doing. A list of all sites visited is also sent to the Info Security dept at the end of every week. Keyloggers were not used, but we did install one onto one employee's PC, and it turned out he spent 6 of his 8 hour day on Boards. Canned.

Capt'n Midnight

every watch The Mark Thomas Project ?
Channel 4 late night comedy
anyway he sent a letter into MI6/MOD asking for emails about him under freedom of information act. And he got them. Including some that were not work related.

seamus

snapscan1212p wrote:

I had the power to remotely watch (without their knowledge) what anything anybody was doing.

That's a kind of weird one. I know some people find it weird when IT VNC into their machine at all, never mind somebody remotely watching it. Because of the nature of our business, VNC on all our machines is set to ask the user to accept or reject the connection. This is just the "Do you want IT to see what you're working on?" cop out.
Even if there wasn't potentially sensitive data on an employees screen, I think letting someone know that another person is accessing their machine is only fair. There's being a prudent IT dept, and past that is being overbearing, IMO.

Gavin

As far as I'm aware, or what I have been told at least, is that it is unacceptable to access a persons data without prior consent.

So for example an AUP must be signed by the staff when they join the company. Or a message on the login screen informing the staff that their access is monitored. It's a while since I researched the subject, but it is quite interesting.



Gav

iano

If anyone is interested, the following two references contain useful information about rights and duties of a company:
Employees and eSecurity: monitoring internet and email usage (Enterprise Ireland)
The Legal Guide to Employee Monitoring (Prepared for SurfControl by Landwell Solicitors)

WizZard

Great links iano! Thanks.