BBC News reports:
Shibu Philip admits he knows what it’s like to “maybe waste a bit of time at work”.
Shibu is the founder of Transcend – a small London-based firm that buys beauty products wholesale and re-sells them online.
For the last year and a half he has used Hubstaff software to track his workers’ hours, keystrokes, mouse movements and websites visited.
With seven employees based in India, he says the software ensures “there is some level of accountability” and helps plug the time difference.
“I know myself. [You can] take an extra 10-minute break here or there. It’s good to have an automatic way of monitoring what [my employees] are up to,” says Shibu.
“By looking at screenshots and how much time everyone is taking on certain tasks, I know if they’re following procedures.
“And, if they’re doing better than I expected, I also study the photos and ask them to share that knowledge with the rest of the team so we can all improve,” he says.
Shibu Philip has done a great service. Now everyone knows to steer well clear of working for him or his company Transcend.
I just feel sorry for the people who already work for him, and may not have the opportunity to move to employers who trust them to act professionally and respect their privacy.
Surely it’s better to judge people by whether the job gets done to a good standard rather than minute-by-minute recording of everything they do on their PC. Not to mention the risk that sensitive screenshots and surveillance data may not be transmitted and stored securely.
Of course, Shibu’s Transcend firm isn’t the only one which deploys spyware to snoop upon its employees, as we discussed in a past episode of the “Smashing Security” podcast with special guest Mikko Hyppönen.
Smashing Security #172: 'UncleF***Face'
Listen on Apple Podcasts | Spotify | Google Podcasts | Pocket Casts | Other... | RSS
Chances are that this is a technology that is being increasingly used by different companies to keep tabs on employees as more and more people are working at home due to the Coronavirus pandemic.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
7 comments on “When your every keystroke, mouse click, and website visit is monitored by your boss…”
That kind of monitoring is extreme! Great point of what and where items are being stored. I would assume different counties have different laws. But also wonder, if the employees contact states they are being monitored? And like most EULAs, people don’t read the fine print! I like the part about sharing what works well but not by spying on someone. I can’t imagine what extra stress that creates.
Just crazy! And likely illegal surely. How does this square with article 8 of the ECHR? I assume that still applies to the UK for now. There’s loads of case law around this and the right to personal privacy in the workplace.
Security folks in an organization are often asked to produce evidence as to whether a particular employee is "working" all day, every work day. Without spyware, trying to produce meaningful data based on logins, web activity, etc. is a quixotic quest. But the dystopian approach of using spyware is not the solution either, unless the goal is to produce drones whose goal is simply to meet minimum standards in order to not get fired. (The Office Space interview with "the Bobs" was brilliant satire of this kind of work environment.)
A wise security group will respond to those requests with advice that employee productivity is a potential management issue, then point the requester to HR. A good manager provides clear guidance for job responsibilities and clear measurement of how those responsibilities are fulfilled, while granting leeway for creativity and flexibility so long as it doesn't impact overall goals. A great manager can even make dull, repetitive tasks a little bit fun through creative approaches. Organizations that resort to "solutions" like spyware are the worst of the worst and fully deserve the management and employees that will at best limit their success and at worst drive them to ruin.
This boils down to a very simple question. "What is more important? Achieving the role or doing the hours."
It seems to me that the most efficient workers are to be penalised for not being inefficient.
Not trying to defend this type of behavior AT ALL, but an argument for the keystroke recording could also be that if a data breach does occur, it would be relatively easy to narrow down where it happened.
I've worked in a team where it was blatantly obvious that half the staff simply turned up each day and did sweet stuff all, it drove the other half near screaming mad but nothing ever came of it. If monitoring staff helps show that they don't actually do the work they're paid to do then bring it on
This is probably quite common. At least in the US, any company that wants to do this, can. Anything you do at work (email, work laptop, key card swipe) is logged. In IT, when users need their laptop repaired or replaced, we find that they are storing their own personal data on it. While this is not prohibited, the laptop is company property, and as such, the data stored on it becomes company property. Not all users have this in their minds when they are at work.