When your every keystroke, mouse click, and website visit is monitored by your boss…

Not the kind of company I would want to work for.

Graham Cluley
@gcluley

BBC News reports:

Shibu Philip admits he knows what it’s like to “maybe waste a bit of time at work”.

Shibu is the founder of Transcend – a small London-based firm that buys beauty products wholesale and re-sells them online.

For the last year and a half he has used Hubstaff software to track his workers’ hours, keystrokes, mouse movements and websites visited.

With seven employees based in India, he says the software ensures “there is some level of accountability” and helps plug the time difference.

“I know myself. [You can] take an extra 10-minute break here or there. It’s good to have an automatic way of monitoring what [my employees] are up to,” says Shibu.

“By looking at screenshots and how much time everyone is taking on certain tasks, I know if they’re following procedures.

“And, if they’re doing better than I expected, I also study the photos and ask them to share that knowledge with the rest of the team so we can all improve,” he says.

Shibu Philip has done a great service. Now everyone knows to steer well clear of working for him or his company Transcend.

I just feel sorry for the people who already work for him, and may not have the opportunity to move to employers who trust them to act professionally and respect their privacy.

Sign up to our newsletter
Security news, advice, and tips.

Surely it’s better to judge people by whether the job gets done to a good standard rather than minute-by-minute recording of everything they do on their PC. Not to mention the risk that sensitive screenshots and surveillance data may not be transmitted and stored securely.

Of course, Shibu’s Transcend firm isn’t the only one which deploys spyware to snoop upon its employees, as we discussed in a past episode of the “Smashing Security” podcast with special guest Mikko Hyppönen.

Smashing Security #172: 'UncleF***Face'

Your browser does not support this audio element. https://aphid.fireside.fm/d/1437767933/dd3252a8-95c3-41f8-a8a0-9d5d2f9e0bc6/b17dcf7c-9c08-46d3-91fe-b9a425a6104a.mp3

Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
More episodes...

Chances are that this is a technology that is being increasingly used by different companies to keep tabs on employees as more and more people are working at home due to the Coronavirus pandemic.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

7 comments on “When your every keystroke, mouse click, and website visit is monitored by your boss…”

  1. That kind of monitoring is extreme! Great point of what and where items are being stored. I would assume different counties have different laws. But also wonder, if the employees contact states they are being monitored? And like most EULAs, people don’t read the fine print! I like the part about sharing what works well but not by spying on someone. I can’t imagine what extra stress that creates.

  2. Just crazy! And likely illegal surely. How does this square with article 8 of the ECHR? I assume that still applies to the UK for now. There’s loads of case law around this and the right to personal privacy in the workplace.

  3. Security folks in an organization are often asked to produce evidence as to whether a particular employee is "working" all day, every work day. Without spyware, trying to produce meaningful data based on logins, web activity, etc. is a quixotic quest. But the dystopian approach of using spyware is not the solution either, unless the goal is to produce drones whose goal is simply to meet minimum standards in order to not get fired. (The Office Space interview with "the Bobs" was brilliant satire of this kind of work environment.)

    A wise security group will respond to those requests with advice that employee productivity is a potential management issue, then point the requester to HR. A good manager provides clear guidance for job responsibilities and clear measurement of how those responsibilities are fulfilled, while granting leeway for creativity and flexibility so long as it doesn't impact overall goals. A great manager can even make dull, repetitive tasks a little bit fun through creative approaches. Organizations that resort to "solutions" like spyware are the worst of the worst and fully deserve the management and employees that will at best limit their success and at worst drive them to ruin.

  4. This boils down to a very simple question. "What is more important? Achieving the role or doing the hours."

    It seems to me that the most efficient workers are to be penalised for not being inefficient.

  5. Not trying to defend this type of behavior AT ALL, but an argument for the keystroke recording could also be that if a data breach does occur, it would be relatively easy to narrow down where it happened.

  6. I've worked in a team where it was blatantly obvious that half the staff simply turned up each day and did sweet stuff all, it drove the other half near screaming mad but nothing ever came of it. If monitoring staff helps show that they don't actually do the work they're paid to do then bring it on

  7. This is probably quite common. At least in the US, any company that wants to do this, can. Anything you do at work (email, work laptop, key card swipe) is logged. In IT, when users need their laptop repaired or replaced, we find that they are storing their own personal data on it. While this is not prohibited, the laptop is company property, and as such, the data stored on it becomes company property. Not all users have this in their minds when they are at work.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.