A Chief Information Officer’s Tips on #NSFW

The unwelcome arrival COVID-19 has led to huge changes to our lives, including how we work.

 

Numerous companies have shifted to remote working, allowing employees to practice social distancing without falling behind and still collecting a paycheck.

 

However, this merging of home and work leads to some new challenges for both businesses and employees. In the office, 64% of employees visit non-work related websites daily. The question is, how does working remotely full-time impact this figure? And what can employers do about it if it’s getting out of hand?

 

We interviewed Aleksandr Maklakov, our Chief Information Officer (CIO), to learn more about how businesses can track their employees’ performance, and why it’s not okay to do personal things at work.

Why should employees avoid using their corporate devices for doing personal things at work?

 

The device where the information originated doesn’t define the owner.

 

So it’s much more important to know the identity of the information’s author and how it was created. If it was created as part of your working process, then it belongs to the company. However, if you write an email using your personal mail service from a corporate device, this account and message do not belong to the company. Unless you’re discussing corporate secrets, of course.

 

However, employees need to understand that when they work from a company-owned device, the company also owns the information stored on there. Here’s how it may actually work in practice:

  • Example 1: All website sessions are filtered and recorded by corporate firewalls. In most cases, these are automated solutions filtering suspicious websites and activities. Since this information is stored, it can be - and will be - used in an investigation.
  • Example 2: If something happens to a computer, let’s say it breaks down or gets infected with a virus, the employer will take the device to analyze pretty much everything: from files (yes, including personal ones) to browsing history, system events, and more. All this will suffice for an investigation.

Your company owns this information and is entitled to use and manage it however it wants.

 

Do you remember any cases when investigations like this happened?

 

I’ve never experienced this first hand but I know from my colleagues and wider community that this is common practice and many of these investigations are secretly held.

 

So, companies don’t have to inform employees they’re under investigation?

 

The answer is usually hidden in corporate policies, which state that corporate devices are owned by the companies.

The situation with the BYOD (Bring Your Own Device) policy is trickier. If a company allows employees to use their own devices for corporate work, all information employees deal with is regarded as corporate. And this is the most significant concern for user privacy and the company’s rights.

 

There are solutions called MDM (Mobile Device Management) to allow the use of corporate resources on personal devices. But these services have a tradeoff. They often control security requirements, like having to put a PIN code on mobile devices. Also, devices with MDM usually have a GPS tracker and can track the location of employees.

 

But the biggest concern users have with MDM is the device cleanup. Many corporate policies regulate cases when an MDM device is stolen, or an employee leaves the company, and their device is cleaned automatically. Some MDMs only clean the folder that contains corporate information, while others delete EVERYTHING.

Let’s talk about the situation millions of companies and their teams around the world are currently facing: remote work using corporate devices. As employees, how do we know when we’re being tracked?

 

Indeed, there are services to monitor activity remotely. Some of them record user activity and the amount of time users spend using different apps. Others make screenshots or record videos. These monitoring services aren’t used often, but with the shift to remote work, their popularity increases.

 

And what about tracking personal messages in, say, an online workspace such as Slack?

 

Let’s put it this way: if you really want to, you can track personal messages, but it will entail some kind of hacking. Message services like Viber or Telegram encrypt their messages, and it won’t be easy to see their content. In Slack, you can export the messaging history, but it works only for public channels, not direct messages or private communications.

 

Google Hangouts’ compliance policy allows accessing the stored mail and hangouts data for a certain period. However, the function is turned off by default.

NSFW (Not Safe for Work) raises a lot of internet privacy issues. On the one hand, a company wants to monitor employee activity for security reasons. On the other hand, people deserve some privacy.

 

Yes, it’s complicated, but this is usually regulated by corporate policies or specific paragraphs in contracts and agreements.

 

And lastly, tell us what should people never do at work under any circumstances?

 

Whatever you do, don't mix your personal and corporate lives. The accounts, data, files, and messages you own should be stored in a place no one else can access for your own security. Remember to keep personal things private, and never use corporate accounts for purposes unrelated to work.

Read more:

Columns

We’d like to stay in touch.

We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. ReCaptcha verification failed

More Related Articles

arrow

Run Application

Double-Click on MacKeeper.pkg

Click Continue