You know your IT person at work? Next time you see them, say hi. Maybe ask how their day is going... By Jake Swearingen
You know your IT person at work? Next time you see them, say hi. Maybe ask how their day is going. Because that person, should they so choose, could easily read every pretty much everything you’ve ever looked at or your typed into your computer at work. From every catty Slack DM (“lol, please steven tell us again about yr trip to france”) to emails sent from your own personal email account, if you’re doing it on your company’s network, it’s an open book.
“Anything done on company equipment can be seen,” emails Paul, a systems administrator from the Minnesota area. “There is effectively no exception to this. Things that are encrypted can be decrypted and/or intercepted in transit, and there are also keyloggers and screen-capture software.”
That doesn’t just mean your work email account can be sifted through. It means your Google Hangouts, your Slack or HipChat DMs, even your emails sent from your phone (if you’re logged into your company’s Wi-Fi) are all fair game. If you’re on a work machine, keyloggers can be installed and automated screenshot software can be set up to track everything you’re looking at. The main thing protecting you? Network admins and your company probably don’t care what you’re up to.
“While the capability is there and every company threatens their employees with it, there is really very little ‘active’ monitoring,” emails Don, a network administrator in New York State. “They simply do not want to know about it unless they are forced to, because it just costs time and effort to deal with it.”
So, for the most part, you can continue to chat a co-worker about how awful that PowerPoint presentation yesterday really was. But there are several key things that can bring you under the microscope — and once you’re under, there’s not much you can hide.
You can get so lazy that your bosses start to wonder just what the hell you do all day. “I had to set up logging on a developer who was being watched because his productivity and output were very low,” says Paul. “Through captured third-party IM and email traffic, as well as application activity on the person’s computer, it was discovered that he was spending 80 percent of his time doing another job for another company while at his desk in the office of our company. He lost at least one of his jobs that day.”
You can fuck up a system admin’s network. “If a file server I administer suddenly starts filling up, I will find out why,” says Paul. “Often it’s a person saving personal videos or music to the system. Usually this is a video of Junior’s soccer match, but it’s not always that bland. In these cases I’m not trying to call anyone out or get them in any trouble, but my systems have to perform to a standard, and when I find out why they are not a person’s activity might come to light.”
You can be really bad at looking at pornography. “Someone was caught with porn on their computer,” says Don. “They went to IT for another problem, and the IT person was not snooping but the porn was really obvious, like right on the desktop. The co-worker was obligated to report it, and the person was warned. They asked IT again for something, and it was seen again, and the person was fired.”
Or you can be committing actual crimes. “In one case fraud was suspected and employees of a call center were found to be working together to lift one-time-use codes that could be used to get cash from customers’ accounts at locations that accepted our payment method,” says Paul. “They were fairly sneaky about it and the real proof came only through screenshots of both computers while coded messages were sent back and forth and each performed a different task in the scheme. Investigations started after several clients noticed small amounts of money missing and the transactions all happened near our office at about lunchtime.”
Still, the real giveaway is often just your behavior on the job — and not necessarily what you’re doing online. “The main reason I get involved is when there is already a suspicion that something is happening,” says Paul. “This most often comes from non-technical sources such as attitude or personality.”
And sometimes even the watchers end up getting watched. “I was once monitored myself and was brought into my boss’s office because I was the No. 1 user of IM for a few months in a row,” says Paul. “This was ten years ago, when IM wasn’t as widely used. I had to sit with the boss while he read nearly every IM conversation and answer questions about why they were sent. Ninety percent of them were work-related and the other 10 percent were things like my wife asking me to pick up milk on the way home. It was really only an annoyance, but it’s an illustration of how to get noticed.”
But say you really, really need to vent to a co-worker about how your boss is the fucking worst. How can you make sure that information is never seen? “If you are truly concerned about being monitored,” says Don, “the solution is to use your personal equipment. Use your personal phone (not on the corporate Wi-Fi) to message the person you want to tell on their personal phone (again, not on the corporate Wi-Fi).”
Paul agrees. “If using your own device off the company network there isn’t an easy, legal way to track your usage without subpoenas.” So if you’re the paranoid sort and feel the need to really let loose without the eyes of your corporate overlords watching over you, keep your phone nearby, load up on a hefty data plan, and stay away from the company Wi-Fi. (Also? Maybe start looking for a new job, because the one you have sounds like it kinda bites.)
Still, there are some odd ducks out there, right? What if the IT person just wants to get their jollies by seeing what you’re up to at work? “I have never done this for fun,” says Paul. “I know people who have and some of those people were themselves monitored because of the activity, which became a bit of a comedic circle of surveillance.”
In the end, if you work at any company large enough to hire a systems administrator, everything you do can be spied on. The best protection you have? You’re pretty dull. “I don’t [monitor random people] because it’s against policy and immoral, but mainly because it’s just not interesting to me,” says Paul. “People tend to be pretty boring most of the time.”