Offices

Do you know what your employees are doing on the Web? At a minimum, they’re probably goofing off watching YouTube videos. At worst, they could be steering your company toward financial ruin. In this quick guide, I’ll show you how to keep an eye on employee Internet use and monitor just about everything else they do with their PCs.

I can already hear the groans of disgruntled readers as I type these words (and if you’re worried about privacy at work, you have ways to stop your boss from spying on you). But gone are the days when PC monitoring was an optional, draconian security measure practiced only by especially vigilant organizations. Today, more than three-quarters of U.S. companies monitor employee Internet use. If your business is in the remaining quarter that doesn’t do so, you’re probably overdue for a policy change.

Why You Should Monitor
Everything your team does on company time–and on company resources–matters. Time spent on frivolous Websites can seriously hamper productivity, and visiting objectionable sites on company PCs can subject your business to serious legal risks, including costly harassment suits from staffers who may be exposed to offensive content.

That doesn’t look like work to me. iMonitor can give you a real-time look at employees’ screens.
Other consequences may be far worse than mere productivity loss or a little legal hot water. Either unintentionally or maliciously, employees can reveal proprietary information, jeopardizing business strategy, customer confidentiality, data integrity, and more.
And, of course, unchecked Web activity can expose your network and systems to dangers from malware and other intrusions. Even something as simple as a worker’s failure to keep up with Windows patches can be a threat to your business, so don’t think of monitoring as merely snooping.

Office-Worker

Employee Monitoring Software
Employee monitoring is just one facet of a larger discipline known as endpoint security, which includes everything from malware protection to policy enforcement and asset tracking. Large enterprise computing environments demand comprehensive endpoint-security systems, consisting of server software coupled with client software on each user’s machine, that can handle many of these functions at once. These systems tend to be complex enough to require the expertise of a trained IT pro. But in this guide, I’ll be looking primarily at simpler tools designed for smaller organizations.

For a small business, you have several good ways to achieve endpoint security. You can install a Web-hosted system that combines software on the PC with remote monitoring services to protect your computers and enforce compliance with company policies. You can combine a few complementary tools, such as a desktop security suite and professional tracking software. Or, if your company is very small and your budget is tight, you can adopt free tools à la carte.

Symantec’s cloud-based endpoint-protection service can monitor all of your company’s PCs with minimal setup time.
The most secure way to monitor PC use is to deploy a system that consists of a host, server, or appliance together with client-installed software. Unless you have a dedicated IT staff or the budget to bring someone in on a regular basis to check on things, a cloud-based service–such as Symantec.cloud or Trend Micro Worry-Free Business Security–is probably the best choice. These services are relatively inexpensive and easy to set up compared with server offerings, and they give you the flexibility to set and monitor compliance with acceptable-use policies from a single management interface. They also deploy system security updates automatically, block malware, and protect sensitive files to prevent data from leaking out of your company. Better still, these hosted systems effectively protect laptops that frequently leave the office.
The cost for a hosted endpoint-security service is generally very low: A five-client license for Trend Micro Worry-Free will set you back less than $300 for two years.

If you’re not up for a total security overhaul and you just want to track user activity on a few systems, you have several affordable ways to go about it. Packages such as Interguard Sonar can monitor all e-mail and IM sessions, track and filter Web usage, log users’ keystrokes and program use, and capture screenshots on command for as little as $87 per user.

If you’re really on a shoestring budget, plenty of free and open-source tools can log PC and Web use. A freebie called iMonitor, for instance, can keep tabs on which applications your staffers are using and which sites they’re visiting, complete with simple reports that give you a pretty clear idea as to how employees are spending their time on their PCs. A word of caution on stand-alone tools, though: Some antimalware utilities can quickly identify and disable stand-alone monitoring tools, so you may need to create an exception in your malware protection settings to ensure that iMonitor can work properly on your systems.

Best Practices
It should go without saying that employee monitoring ought to be just one small component in a comprehensive strategy to protect your business and maintain productivity. Once you’ve made the choice to monitor, you should follow these general guidelines to ensure your success.

Be forthright: Nobody likes being spied on unwittingly. Unless you think someone on your team poses a serious threat that requires covert monitoring, it’s best to be up front with staffers about what you track and why. Many companies accomplish this with a simple statement in the employee handbook telling workers plainly that everything they do on company computers, including individual keystrokes, can and will be tracked. Letting employees know that their behavior is being monitored can serve as a powerful deterrent against unwanted online activity.

Filter proactively: Most good endpoint-security tools include Web and e-mail content filters that can block inappropriate sites and prevent users from sending or receiving files that can jeopardize your business. Use them. By limiting the ways your staffers can get into trouble, you can prevent problems up front.

Check reports regularly: There’s little point in generating usage reports if you’re not going to look at them. Take the time to at least spot-check the reports that your monitoring software generates so that you can identify potential problems early and take remedial action. Whatever you discover–whether it’s a time-wasting Website that everyone is watching this week or a single person who is addicted to solitaire–you can often fix problems with a simple e-mail that tells your team you know what’s up: “Just a reminder, people: Chatroulette is not an appropriate use of company time.”