what do employers look for when they monitor your Internet usage at work?

A reader writes:

I just started a new job (that I got because of your great job-hunting advice). A fellow worker warned me that checking my personal email at work could lead to problems — she said they monitor that sort of thing.

I don’t want to spend all day reading Ask a Manager and checking my email, but I find it hard to believe that any company would be bothered by someone taking ten to fifteen minutes a day to take a brain break. However, I did have a conversation with one manager who expressed her exasperation at people who wanted to work from home. How is she supposed to know they’re really working and not goofing off, she asked. I wanted to reply, “How do you know they’re working now?” So perhaps the culture is such that results are not what matters, but the appearance of getting them.

My question — and this is really for all the cool IT people who comment here all the time (one of my first acts in my new job was to make cookies for the IT guy who got me a new monitor and keyboard in ONE DAY) — is this: How does IT evaluate internet usage? There are sites that are blocked on my work computer (I know, because I’ve had to ask that they be unblocked because they are customer sites and I need to see them). Others are not. Does anyone really watch for five minutes on Facebook and Hotmail?

No normal workplace watches for five minutes on Facebook or checking your email. Workplaces that monitor are typically watching for the following:

  • patterns of significant amounts of time being spent on non-work sites
  • too much bandwidth being eaten by streaming music or video for non-work purposes
  • porn

Now, it’s certainly possible that there’s a workplace out there where five minutes on Gmail would bring wrath down up on you — but that’s pretty uncommon and would say something about their management approach in general.

In your case, where you’ve been specifically warned by a coworker that they don’t like people checking their personal email during the day, I’d follow that advice for at least your first few weeks. Your coworker might be overstating the policy, or she might be referring to someone who got in trouble because they were on their personal email for half the day, or she might be right, but err on the side of caution and get the lay of the land yourself. Plus, as a new employee, you have more to prove; you’re still an unknown quantity, and if your manager walks by and sees you browsing Gmail, she’s more likely to wonder if you have a work ethic problem than if you’ve already spent six months demonstrating that you don’t.

And frankly, at some point you can just ask. In a couple of months, after you have more of a track record, say to your boss: “Hey, someone told me when I first started that we should never check our personal email from work. I’ve never worked anywhere with that policy and wondered if that was right.” You might get more nuanced insight than what your coworker conveyed.

Personally, though, I’d encourage everyone to stay off Facebook during the day (unless you actually need it for your job). Check your email, sure, take a look at the news. But Facebook is purely social and harder to defend as a reasonable workday distraction. (And I’m talking about defending it to yourself, not even to a manager.)

{ 171 comments… read them below }

  1. Katy O

    When I first started my new job, they had our internet locked down pretty tight. A couple months ago, we noticed that we had free reign. I’ve been checking my emails and facebook when I’m on break or lunch but our last employee handbook actually says that it’s ok for us to use social media at work. So strange since I was actually “talked to” about some things that I’d posted from home during training. :0)

    You just never know. Better to be safe than sorry and they could be using software to “watch” what you are doing on your PC at any time. Do you really want them to see exactly what your posting? It’s one thing for them to know how long I’ve been on a certain page, it’s another for them to be able to see my words “real time”.

    1. Anonymous

      Speaking of keylogger software to see what you’re typing, I have a question very related to this and privacy. I know that there’s no expectation of privacy while on company owned equipment and network. But what about employers who keylog your passwords to your private email, facebook, etc, and then take time to log into your accounts and read your personal emails and facebook posts/messages, etc? That seems to take it a huge step too far. It’s one thing to “see” that Jane typed “Love my new Ducati!” on some social network site; it’s another thing to use their password to log into their account the boss wants to read your materials. There have been posts somewhere (I don’t remember where–not here, I don’t think), where bosses blatantly admit this, excusing it with things such as “I want to know what my employee is doing during their spare time so I know if they’re really sick when they call in or if they’re talking about their workplace in a negative way to their friends.” Is this just me or is this really crossing the line?

      1. Jamie

        I’ve never seen that, nor do I know any IT that has done that.

        Most IT people find your personal postings, email, etc far less interesting than I can express in words.

        1. Anonymous

          Hi–

          Thanks Jamie. This was something I actually read somewhere (don’t know if it was from comments to a blog, a news article, reddit, etc), so it does happen. And it sounded like the boss(es) was(were) doing the logging in and checking, not the IT person (although they presumably would have gotten the password info from the IT department). Have you heard of IT people giving the password info to the bosses? I wonder how pervasive this is? Is there any other reason (besides acquiring passwords) to use keylogger when IT can pull up usage logs while the employee is on the network?

          1. Jamie

            I will tell you this, if ordered to install a key logger I would quit on the spot. I can think of. I business reason for that. Fire someone if you think they are goofing off online when they should be working, but no employer has a right to personal access.

            If I left my keys on my desk at work it wouldn’t give anyone the right to access my car or house…and I see this as the same thing.

            I am not a lawyer, but I wouldn’t touch a scenario like that with a 10′ pole – and I can safely speak for every IT I know personally. The market may be crappy right now, but there are other jobs out there where we don’t have to worry about being held personally or criminally liable for anything like this.

            1. Ask a Manager Post author

              Hypothetically, for the sake of interesting discussion: What if the company had a problem with someone leaking trade secrets to a competitor or leaking confidential stuff to the media? (Not in a whistleblower sense, but in, say, a political campaign where you don’t talk unless authorized.) Keystroke logging software would be one way to catch the leaker.

              (I don’t actually know where I stand on this, just throwing the question out.)

              1. Ariancita

                Related question: could keylogging be seen as similar to wire tapping or phone recording (where you need a court order in the former and you need to tell the other person your conversing with in the latter)? I know it’s not so in legislation, but for conversation purposes, I wonder what the true differences are?

                1. Ask a Manager Post author

                  See my response just below — key logging is legal on workplace computers; courts have ruled users have no reasonable expectation of privacy in that regard. What wouldn’t be legal is taking info gained from key logging and using it to then log into someone’s personal accounts.

                2. Ariancita

                  Although now I wish I could remember where I read about the boss doing that. I would love to respond with, “That’s entirely illegal. AAM said so!”

              2. Jamie

                Interesting question. I’m not in an industry where this has come up, but if it did? I wouldn’t make a move without a very long and detailed discussion with the labor attorney – and I’d need the legality of it in writing.

                Ethically, I’d like to see every other avenue exhausted first before even thinking of resorting to this. Mostly for the privacy issues, but also because of the hours of boredom it would entail reading all kinds of innocuous crap to find the culprit.

              3. GeekChic

                I’ve worked in military and military-related industries (though not in the U.S.) where this level of monitoring was required. I administered the IT side of it and was responsible for doing the first pass through the collected logs (I basically monitored and tweaked the scripts that looked for certain words or phrases as well as certain pictures). Suspicious logs were passed up the chain for detailed analysis and I was sometimes involved in that.

                I had no ethical problem with it because all employees were well aware of what level of monitoring was going on and the severe consequences of being caught.

                I also did (and still do) “porn patrol” in less high security industries. Again, no ethical problem for me because the level of monitoring is stated up front during employee training.

              4. anonymouse

                I know for a fact that this has occurred at a very senior level in one of the largest companies in Australia, during a massive purge due to a change of leadership some years back.

                They were less interested (I believe) in a person’s personal email and such, more interested in what was being sent from work computers to where else, and if that included tracking use of ‘free’ and ‘offsite’ email programs then so be it but only for what was sent from the company servers – I’m not sure if they actually logged into offsite email servers, or just recorded what was sent there – which would have been enough probably.

                Only information relating to company matters was recorded, and it resulted in a significant number of senior execs leaving the company. It was pretty much a witch hunt rather than a ‘corporate secrets’ thing, but was presented as the corporate security. End result was that the new management team were loathed universally by everyone, and basically most of their objectives were failures – partly due to the lack of trust and cooperation.

                Flip side is that a friend in the company’s elite IT department managed to score enough overtime trolling through the data to fund an overseas holiday.

            2. Ariancita

              So good to know! That was me (anonymous up there–I forgot to add my name). I was really taken aback when I read that and by the agreement, it seemed to be something that might not be rare.

              AAM–I was also wondering about illegality, but I didn’t want to be one of those “is this legal?” askers! :D

            3. Blinx

              Depending on the company and how locked down or not the computers are, key logging software could be installed, not by IT/management, but by devious coworkers. Yeah, they may not be interested in your email or Facebook account, but bank account passwords and credit card numbers are a whole other matter.

              Just another reason to keep it safe and save all that web activity for your home computer.

              1. M-C

                For sure you should make very sure that you never leave your computer unattended at work. Not even for 3mn while you go to the bathroom, you never know who you’re going to run into on the way. You can lock your screen with one keystroke, do it. If nothing else, because cleaning people for instance have been in the past a great source of info, including passwords-on-postits. And because you don’t really know who may be going through the office.

                One thing we do when we see someone being careless is sending bad-joke email from their account to the department. Not bad enough to get them fired, bad enough to embarrass them into compliance. If someone does it to you, just laugh and be grateful it’s not worse. If you’re a manager, be on notice that you have a potential problem.

                1. Anonymous

                  Or you can change their keyboard layout to Dvorak. That guarantees they’ll never forget to lock their computer again!

        2. Alex

          Except of course for the really funny emails and texts, those go on a message board somewhere where all the IT workers come together at the end of the week and vote on the funniest.

      2. Ask a Manager Post author

        Anonymous, that’s both illegal (courts have ruled people don’t have a reasonable expectation of privacy on workplace computers, particularly if they’ve been warned of monitoring, but that’s different than logging into someone’s private non-work account) and violates terms of services on those sites as well.

      3. bob

        Taking the step to actually log into someones accounts would be a violation of assorted Federal “hacking” laws and whatever computer crimes laws your state may or may not have (they vary pretty wildly).

      1. EM

        I’m facebook friends with a couple of coworkers, and occasionally we’ll comment on what we see on each other’s pages, so maybe this in a similar context. Knowing that I have coworkers and other colleagues as facebook friends, and just because it’s in poor taste, I never complain about work on facebook. Even when I had a horrible boss that did things so awful that you have to laugh, I never posted about it on facebook.

  2. Anonymous

    I worked someplace that had all personal email sites blocked. You had to go to hr and ask permission to use it and explain why. And there was not an actual industry reason to do so (i.e. financial services, government, etc.). And yes, there are places that will monitor even for 5 minutes and can fire you. So heed Allison’s advice, especially since your coworker warned you, refrain from checking anything personal until you get the lay of the land.
    For a funny realted story – I once had to work on something that dealt with sexually explicit material. Which meant researching websites that were definitely not pg-13 work related. First thing I did was warn i.t. ahead of time. But even then, it did set off the i.t. alarms. That was always a fun conversation to explain.

    1. The Other Dawn

      Same here. I often click on the website links in the monthly report I get because I don’t know what the site is, so the next month I’m the one that looks like she’s surfing porn. LOL

    1. Blinx

      +1 A wise investment.

      If you need/want to surf on your computer during lunch/boring conference calls, do your self a favor. Make a ton of work/career related bookmarks for interesting sites (like this one), or news sites, and just surf those. Pretty safe.

  3. Jamie

    What Alison outlined is a sane and rational approach practiced by reasonable management.

    The one caveat I have is checking of personal email in some circumstances. If a business has 100+ users, the vast majority are very basic users, and one overworked IT who has warned people until she’s blue in the face that checking personal email is a privilege and not a right and to NOT click on links or download because it affects the network and they refuse to listen …lockdowns can be very justified. Just saying.

    Truth is every company is different and the amount of scrutiny depends on issues they are having, or in some cases, overly draconian measures.

    I temped at a place once where people were written up for minor web surfing…but this was also a place that wouldnt allow employees to give their direct dials to their kids schools in case of emergency. Over reaction based on abuse of a few bad apples.

    Speaking for myself, before anyone is given their log ins I have my users sign an acceptable usage agreement and we have a chat. Basically the rule of thumb is not to go anywhere online that you’d be embarassed to have pulled up in front of me. I am also extremely clear that while I have better things to do than sit and monitor where people go all day, I will run the logs if I have cause for concern or am asked by a manager checking productivity.

    I run regular bandwidth usage checks among others, and if someone is online for hours each day and they don’t have a desk job – its a concern why you aren’t on the floor.

    If you have a desk job and have 6+ hours of use between Facebook and amazon reviews and you worked less than 8 hours…we’re going to have a talk. If you bring viruses into the network by behavior specifically prohibited in the usage agreement you signed…well, don’t blame me when you find yourself on a 127.0.0.1.

    I am a reasonable person and lord knows I understand the wisdom of allowing people freedom to take little mini breaks , especially if you work long hours and as salaried there is no OT involved.

    If you’re hourly and have 2 hours OT but 3 hours of surfing I want to know why we should pay the extra money. And if I see a proxy anonymizer where you’re trying to circumvent my monitoring and security measures yes, I will become VERY interested in your web usage.

    So while ideally if you are responsible it shouldn’t be an issue – some companies will have far more stringent policies. If you don’t agree with an IT policy asking about the reasons or making a case for change is fine – ill talk about this stuff all day (apparently) but do not take it upon yourself to disregard a policy you take issue with.

    1. Anonymous

      Right, but I don’t think the OP is asking about outrageous usage. These are fairly extreme examples (even if they are unfortunately common for you–which sounds like they are given the frustration that can be read in the post). I think she wants to generally know about checking personal email and such and how pervasive and granular the monitoring generally is (e.g., does IT generally pull logs daily as a matter of course, or is it when red flags appear; what does IT see, besides site addresses, etc).

      1. Jamie

        Actually, it’s not frustration because over time I’ve crafted policies and gained users so it’s not an issue ..but it once was frustrating so I was just trying to expand on what goes into those policies.

        The point is every business is different. Some pull logs daily, some weekly, some less often. This is really a culture thing which varies so much between workplaces that it’s crucial to know the policies your employer has.

        Also, what IT can see is what they choose to see. There is sophisticated software that can see every site by URL and take screen shots, there are some where it shows sites by IP addy so they have to work harder to investigate. Trust me when I say that places where they are dedicated to serious monitoring have the software to make those reports very easy to run and analyze.

          1. Ariancita

            I was confused by the “gained users” aspect! lol! So many possibilities came to mind, like a Jamie led IT cult!

            1. Jamie

              Ha! I would make a lousy cult leader because the thought of controlling other people just sounds so exhausting to me!

    2. M-C

      There was an interesting situation at my sister’s company. Guy kept downloading porn, and crashing the server with viruses. Nice IT person talked to him privately, told him how much it was impacting the system, asked him to stop. Was ignored. Then IT guy gets hauled in and they start firing him because he’s so incompetent, the servers are crashing all the time. So of course he had to tell them why, and porn guy was fired instead.

      Just saying that IT people rarely waste their time checking up on you specifically, most are too busy. But there are automated reports of what’s going on now, and managers do pay attention to those. So setup your illegal downloads from home, and use your smartphone to read your personal email. Which isn’t to say you shouldn’t bookmark this site and similar ones for work break :-).

      1. Ask a Manager Post author

        If I managed that IT guy, he and I would have had a serious conversation about his responsibility to be more assertive when he discovers things like that occurring on his network!

      1. Jamie

        It’s something people use to try to mask the websites they are visiting – to circumvent security or policy at work.

        1. Anon

          Like “InPrivate Browsing” in Yahoo? I don’t do alot of facbooking, don’t do any shopping etc., but I do check my personal email at several points throughout the day. I look, reply if needed, and get out and back to work. I had never used “InPrivate Browsing” before but saw my co-worker (my bosses brother) trying to read my screen on numerous occasions while standing beside/behind me. I do close out my browser but became concerned that they (boss and brother) are snooping. While they profess technical ineptitude, I don’t believe either of them. If I use “InPrivateBrowsing” when I check my private email account can they still see/access my email when closed out? Can they see anything at all?

          Thanks so much for your help.

          (p.s. There have been many, many red flags from day one in this 3 person office -from how they talk about a former employee, things in my contract not fulfilled , to the way they handle clients and parent company, to the interfamily dysfuntional dynamics that I now have to deal with daily.. OMG so much wrong. Yes, I’m looking for another job and will get out, like the previous employee – ASAP)

          1. Jamie

            Fair warning – my knowledge of this is limited to my own experience and what I do.

            In private browsing does not make you anonymous. It helps protect your privacy for other users of the computer itself. By far the vast majority of web monitoring is done at the firewall level.

            What they can access is totally dependent on the sophistication of their software. If they have the capabilities for screenshots and key logging, then they could see it after the fact. That’s a pretty asinine waste of money – especially for a three person office. For three people I’d think you could have a decent enough relationship to make your own determination of trust, but for what you say they aren’t reasonable people.

            So I guess the basic answer, from my understanding, they theoretically could see it, but it would be very deliberate and take a considerable amount of effort to set up that level of monitoring.

            God luck with finding something else, I hope you can get out of there soon.

          2. anonymouse

            There’s all sorts of ways you can stop snooping, from filters on your monitor that make it possible to only view the screen from a particular angle (stopping people standing in your blind spot) – banks etc often use these so that you can’t see what’s on screens as you walk to the next teller. Obviously this won’t stop someone actually looking at your address history and seeing what you’ve been up to, it’s a mechanical aide though and useful in private information settings like doctors offices etc.

            There’s programs that shuffle your internet traffic around the web via other addresses, so it looks like you are looking at something benign, when in reality you could be looking at anything. These are of mixed security – some are obvious to IT staff and are likely to get you a reprimand (because why hide what you are doing?) and others are less obvious, but carry risks still. You may have to load a small amount of software to make it work, which means you could be downloading all sorts of key loggers, trojans etc onto the PC, and you are already in a ‘shady’ part of the internet world. Something very not favoured in the workplace, but might work against a small office of fairly inept IT people like yours. Problem is that it’s really unethical, and if you do download something that’s not safe how are you going to explain it? It also doesn’t necessarily counteract them seeing what’s on your screen, or screen caps/pics and so on.

            There’s also private browsing, which as Jamie says is mostly about just hiding your internet usage history on the PC you are using – if you are sending the request through a company server it will keep a separate record of the internet use. Private browsing is probably lovely if you are hiding your Christmas shopping from your husband, but less so for any work situation with a competent IT person.

            There’s a variety of other tools, but these are the main ones that the average person might access. None of them address the ethical and professional issues of the fact that at work you are being paid to work, and none of them I’d recommend because they tend to either leave the company network open to external abuse, or they are likely to get you questions about why you need them.

            I do however believe the companies should allow employees to do bill paying, internet banking, lunchtime ‘safe’ surfing and so on. Facebook/social networking shouldn’t be happening on company time any more than having text/sms conversations with your mates should be.

  4. Anon

    I work for the federal government as a contractor and they take screenshots at random points throughout the day. The person I replaced was fired and promptly escorted out for looking at porn (our manager said she had “seen” what he’d been looking at) so I’m very careful what I do. I never check personal email, definitely do not social network at all, and I’m hyper aware that they are always watching.

    If you desperately need to do personal things at work, use your personal smart phone. It’s just not worth the risk of losing your job.

    1. Ariancita

      Wow, that was really dumb. Considering the vetting process for working for the federal government is practically one step shy of a full body cavity search (in most agencies/departments), I’m surprised that they didn’t realize they would get caught.

    2. JT

      “If you desperately need to do personal things at work, use your personal smart phone. ”

      Or work somewhere where small amounts of personal web activity are acceptable.

      Where I work we’re not “on call” off-hours, but sometimes we work late, sometimes we have to do something very early in the morning due to time differences with other parts of the world, etc. So just as work can infringe a little on our personal life, my organization recognizes that personal life can infringe a little on time in the office. If were were using large amounts of time on personal issues, or wasting bandwidth, or looking at porn, there would be trouble. Checking home email a few times a day, or looking up a restaurant for dinner. No.

      And more to the core of the matter – there are three issues with internet monitoring at work. The first two are using work resources and privacy. The third is “wasting” time while on the job. Using a smartphone doesn’t help with the latter.

      1. Ariancita

        I agree with the little bit of encroachment goes both ways. My workplace is results oriented and doesn’t care what I do as long as I get the (very demanding) projects done well and on time. But I still feel incredibly guilty when I do it, even though in my situation, I definitely am mostly on call after hours (did I mention very demanding projects?). Although I never feel guilty about spending time on this blog because my coming here is only benefiting my employer (truly!).

        1. Jamie

          I agree with both you and JT. If every time I hit AAM at work was monitored my impulse would be to keep equal track of every phone call/email I respond to off hours. Weekends, middle of the night, remoting in before getting in the shower at 5:00 am.

          If I ever felt the time even approached equal, I’d curtail surfing in the office…but if you did the tally I’m giving a lot more personal time than I’m taking and that’s true for many of us.

    3. anonymouse

      And that person could well have been ‘caught’ by robot. Some places will just do a ‘pink screen’ check of the images that are captured – a computer program will review all the images that were taken and if there’s an ‘unacceptable’ amount of skin colour/tone then the pics will be pushed to a human review list. Saves an individual looking at thousands of pointless images when they are only looking for the porn ones.

      Rather rare to have this though.

      1. Ariancita

        How do they determine skin tone color? Considering the vast range of skins across the human population, I would think these robots were capturing a tremendous amount of useless information.

        1. Henning Makholm

          That vast range of skin tones isn’t represented proportionally in porn. 90 to 95 percent of porn on the internet is pink (which I assume roughly reflects the color distribution of those in the audience who’re willing to give up a credit card number for more of the same). And the filter vendors only have to care about percentage of hits in their marketing — not whether there happens to be entire subcategories of all porn they don’t catch as long as those subcategories are appropriately rare in the wild.

          1. anonymouse

            Pretty much….

            It’s a simple and very blunt tool. And very effective, but completely pointless in certain industries. I can see it being used in government servers for sure, it’s a cheap and quick way to catch people who look at porn, but probably not worth the effort for small companies (or the expense of setting it up/having a person review etc).

            Of course you could have fun with it by surfing madly for bikinis all summer but do you really want to red flag your usage? *grin*

  5. mirror

    Man, so many of these letters match what I went through at one place! I was the stellar employee (my boss said so), went above and beyond in my duties, clients loved me, and I organized and implemented many successful programs from the ground up. But my boss was married to a woman who did not work there, but tried to act as a manager whenever she showed up.

    For some reason, she really did not trust me and was always trying to nail me on petty things. Near the end of my time there, she checked my internet history. I only used two personal websites: my email and Google rss reader. We were given no breaks at this job, but since I was doing so much for them I really needed to have a minute there, a minute here to calm my brain (it was a very fast paced workplace). I even timed myself to make sure I wasn’t going overboard. She was so proud of herself when she “caught” me. Even though I was completing all three projects with flying colors, she was convinced I was was wasting time and could do more work (I was already doing 4 people’s jobs). Luckily, my boss still loved me, but I hated her smug self righteous attitude after that.

    1. Ariancita

      Wow. Did your boss ever have a word with his wife about this? I would be livid if I lost an amazing employee because my spouse was a weird meddler.

        1. Kimberlee, Esq.

          I like that phrasing. That could be a good US News column or something… things that aren’t illegal but are still “talk to your boss immediately” type situations! Sometimes, it’s hard to tell from the inside what those are, even when it is super easy to tell from the outside (I guess the whole “frog in a pot” thing).

            1. mirror

              Oh yeah, I talked to my boss multiple times about her. In the beginning he would laugh and shrug and try to make a dumb excuse for her behavior. But as she tried to insert herself as a “manager” more and more, things really started to go south in terms of efficiency and completing work. She’d take hour-long personal calls in front of clients, try to reorganize how we did things even though she only “worked” 2 hours a week, insisted on attending all staff meetings and being very dismissive of ideas and argumentative about “how the place should be”, etc…my boss was getting so many complaints about her from other employees that near the end of my time there, he finally snapped.

              After one particularly heated discussion about a major new project in which she was against (which if she actually worked at the place she’d know was a great project), he told her to “put up or shut up” at a staff meeting. She finally had to actually work (and finish the work properly!) to be able to have any input at staff meetings or the business in general.

              There were many other toxic things about the workplace, but my boss just could not control them well. He was too much of a nice guy. I still wonder how he’s doing, years later. He even cried when I left work on my last day. :/

      1. mirror

        I dont think my post below was too clear, but yes, he talked to her multiple times, or so he says. But she definitely wore the pants in the family. I think he told her what was wrong, but she’d fight back with some excuse or other, he’d realize he could never get her to listen, so he’d agree with her to keep the peace, and then nothing would get resolved at the workplace.

  6. The Other Dawn

    I work at a bank and part of my job includes IT. Most people eat at their desk at our place so there will always be some internet surfing. Just like AAM says, I am really looking for those people that are spending a large amount of time on sites such as Facebook, personal email, streaming music and video, and shopping. I also search for porn hits, of course. I don’t care about people using the internet for personal stuff, but if online shopping is in an employee’s top three usage categories a couple months in a row (I get monthly reports) I will mention to him that I am aware of the usage and to remember he is being monitored. If I don’t see any change then I will mention it to his manager.

    We don’t block any websites since we are a very small company and I monitor usage regularly. I don’t see the need for blocking any websites other than those that are clearly porn-related. I think most people can be trusted, especially when they know they’re being monitored. I found it amusing that at my friend’s last place of work, a small credit union, they blocked just about every website except what was needed to do their jobs, including the Ask a Manager website. In hindsight I now understand why: they didn’t want employees to read AAM and realize exactly how dysfunctional the managers were.

    Something I also look at is the number of hits for job searches. I always struggle with whether I should inform a manager that his employee is looking for a job. The one time I said something it turned out that the hits were due to the branch manager posting job listings for a new teller and searching sites for resumes. I felt like an idiot. Anyone have any thoughts on job search hits?

    1. Ask a Manager Post author

      One option would be to give the employee a heads-up, like in your first paragraph — a “dude, don’t job search at work because it can be seen” conversation.

    2. Ariancita

      I’m always surprised when I hear of people searching for porn at work, because… in this day and age, you have to know you’re being monitored and really, porn at work? Why do you want to be titillated while in the office, surrounded by your boss and colleagues, with no option to really see that to fruition? It just seems odd to me.

        1. Jamie

          Yes, also sometimes just being idiots and “hey you guys have to see this..” which leads to the weirder porn.

          This is an issue beyond the network, because co-workers have a right to work in an environment where they wont have to see that accidentally and I absolutely have the right to not have to pull it up for the disciplinary meeting.

        2. Kathryn T.

          When I was working at a Large Software Company in Redmond nearly twenty years ago, CD burners were very expensive. As in, the company maintained a bank of CD burners, and if you needed something burned to CD, you sent the corporate duplication people an email with the network share of the files you needed backed up.

          This one guy sent corpdupe an email to have them back up his child porn collection.

          I have never seen anyone fired so fast in my entire life. The guy was in my building, but not on my floor, but word got around fast. He sent the email at 12:18AM, and was fired, arrested, and hauled out by police before 1. They called in an HR manager to handle the termination, even in the middle of the night. We were all standing with our noses pressed up against the glass watching him get marched out of the building.

      1. The Other Dawn

        We’ve actually been very lucky with that. Once in awhile I’ll see one hit, but when I look at the link it appears to be nothing more than maybe a pop-up or ad running on another website. That’s my guess anyway since I’m not a trained IT guru.

      2. Aimee

        Heh…my last role in my company involved enforcing the rules for what advertisers could and could not put in their ads on our site. That meant I was often researching laws, search engine rules, etc about escorts, strip clubs, and other things. Plus all the times I was asked to determine whether or not a website someone wanted to link to in their ads was appropriate. Generally (though not always), if they had to ask, the answer was know.

        And quite often those sites were porn or other adult material. A couple times, they were actually very explicit! IT never asked me about it, thankfully, but I did get to tell people that my job was to look at porn! (And yes, it gets old really fast. I was really happy to move to a new role after 3 years of that).

      3. fposte

        Years ago, I had a night janitor surfing on my office computer. It wasn’t very porny–some vaguely racy stuff and a chat site. With a log. In which he said his name. The maintenance people were all “We’re always unfairly blamed!” (which is probably true) but realized that since I had a cache identifying his name and his time of use that this one was pretty fair.

        I think he was just reprimanded for slacking when he was supposed to be working and told to quit it, which I was okay with, but I then did get a little paranoid about getting in trouble for stuff somebody else had downloaded onto my computer.

        1. Jamie

          That’s why a lot of places (mine) don’t allow password sharing or unlocked computers.

          If a time stamp can exonorate you – you’re okay, but if it’s during the workday the porn belongs to the person whose electronic footprint logged in. Otherwise it’s he said she said and it’s for HR to sort out.

          1. fposte

            We don’t now either, but this was back in about 1999. I was the only one in the conversation who even knew about browser caches.

    3. Jamie

      I don’t say anything for the job sites. If the time isn’t excessive and I wouldn’t say anything about x minutes on espn then I wouldn’t call this out. Depending on the circumstances I might give someone the heads up to remind them sites are monitored. That usually does it.

      For all I know they are using their break time to look for leads for a friend who doesn’t have web access. If this was accompanied with any data company data being transferred though – that’s a whole different ballgame.

      1. The Other Dawn

        I’ve actually been struggling with one case recently. On one senior manager’s usage report I’ve seen job search hits every month for over a year. I always struggle as to whether to say something because if this person were to leave, all the responsibility would flow uphill to one person and would likely mean a really long search for a new person. When it’s someone who can be replaced fairly quickly I don’t even mention it anymore.

        1. Henning Makholm

          Isn’t it natural for a senior manager to spend some time on job sites, actually? If he’s at all interested in hiring the best possible people for his organization he’ll want to have some up-to-date experience with how the sites work from the job seeker’s perspective and what he needs to compete with for the attention of the top of the crop.

          I manage nobody, but when we had a few vacancies to fill last year, everyone was asked to chip in with ideas for attracting the right people. Later I was asked specifically to go over the draft posting and see if I could come up with improvements. How would one do such a thing without first doing some research on what we’re up against? And wouldn’t that research naturally involve pretending for an hour or two that I’m the person we want to hire, to see how the job sites look to that person?

          1. The Other Dawn

            I see what you’re saying and it makes sense, but I know that isn’t the case with this particular person. He only manages one person and had just hired that person, who turned out to be a star employee. Also, I actually overheard him on a phone interview twice during the last year (walls are thin between offices).

            1. AN

              Yeah, if hes doing phone interviews at work (and possibly on the work phone line too?) he needs a tap on the shoulder.

              Also possibly a “why aren’t you happy? What is wrong and making you want to leave” discussion too.

              1. Anonymous

                OTOH, it’s probably far better for the company that he takes a few minutes for a phone interview rather than an entire personal day.

    4. JT

      Dawn – I love the thought you put into this and the approach you take.

      And in relation to your friend’s last place of work, I’ll add that being trusted at work is part of job satisfaction. If a place wants good employees, they should trust them.

      1. The Other Dawn

        You’re right. There was definitely no job satisfaction at this place, and not just because every website under the sun was blocked. My former manager is the CEO of that credit union and it didn’t surprise me at all that everything was blocked. He never trusted anyone. I also heard that there was no time clock in use so he would arrive 20 minutes early to work everyday and sit in the parking lot, watching to see when people were arriving so he would know if they’re late. That’s a great use of the CEO’s time. Made me wonder what happens when he goes on vacation. Who takes over that job?

        1. Ariancita

          Wow. Again. I’m saying this a lot in response to comments on this thread. I think this thread should be nominated for the most absurd bossess/coworker stories. I mean, the CEO (CEO!!!!) arriving 20 minutes early to monitor arrival times? I am struggling to wrap my mind around this concept. Does not compute.

          1. AMG

            There is CEO of a huge company in Denver who is notorious for monitoring the parking lot. 5 min late and you are written up on your first offense. If it happens twice, you are fired. Salaried employees, executives, everyone. He finally had to stop because their talent pool was deteriorating so badly.

        2. Ask a Manager Post author

          That is someone who has no idea how to manage.

          There’s piece in my book — written by my coauthor, so I feel I can cite it here without being obnoxious — that says, “Culture is the invisible force that transmits messages about ‘how we do things around here.’ If you’re wrestling with feeling like you have to tell your staff exactly how to handle every situation or aren’t confident that they’ll perform well in your absence, culture is likely the culprit – and the solution.”

          That CEO is a manager who had no idea how to create a culture that would support high performance.

          1. CatB (Europe)

            That is someone who has no idea how to manage

            Take it one step further: that is somenone who has no idea how to live a life. Every manager is living his/her worklife according to his/her personal beliefs and values. A distorted management style is often, extremely often, built on a distorted foundation of complexes-breeding beliefs, sick value scale and, at the end of the day, it gets to be the expression of that man’s deepest fears. The more control freak usually means the bigger fear inside. The more micromanager or bully, the bigger fear.

            1. EM

              Exactly. My old boss would call me when he thought I was taking too long at a meeting or running an errand (I was usually already on my way back when he called). I’m sure he did it to make sure I wasn’t goofing off, because that’s exactly what he did in those scenarios. He would even tell us he was leaving to catch a movie or spend time with his daughter.

          2. The Other Dawn

            Employees weren’t trusted and he definitely didn’t know how to manage. That’s why he’s not at our place anymore. I worked like a dog with him as my boss and was totally burned out when he left. Took me about two years to fully recover from it. And there are still times that I have to remind myself I don’t work for him anymore.

    5. two times

      You’re not an IT person I would consider you a wannabe HR or Security. Real IT people don’t do what you’re explaining your job is. You’re pretty much that hall monitor

      1. The Other Dawn

        A wannabe? Wow. Thanks. Further up-thread I specifically said, “I’m not a trained IT guru”. I never said I was a professional IT person. My company has about 10 employees and everyone wears multiple hats. Monitoring the internet usage, adding/deleting users, resetting passwords, and troubleshooting is only a very small fraction of my job. Larger issues and projects are outsourced, as is often the case with small companies.

    6. Hannah

      I’m just curious — what is wrong with streaming music?

      I do often have Pandora on and streaming to my work computer — I plug in my earphones directly to the hard drive because I like listening to music as I work (and I don’t normally have to answer phones, etc). Is it the bandwidth issue?

      1. Jamie

        Yes, bandwidth. If a couple of people are doing it its typically not a big deal – but enough people streaming will cause problems.

          1. Jamie

            It’s aproximately 8 KB per second to listen to radio. You can use this to figure out how much you’re using I.e. ((60 x 8) x 60)) =28,800 KB which = 28.13 MB per hour.

            It can be more if you’re listening at higher quality.

            If you have more than enough bandwidth at work they may not care. If a lot of people do it continuously it can become a problem, for some places depending on their bandwidth.

  7. Jen

    At my company, no one really cares (unless you’re watching porn or downloading movies). I do spent quite a lot of time online during the day, but as long as my tasks are finished on time (they are), my boss doesn’t care. The only time IT warned us about something was when the whole company (300 people) was streaming radio. When I got hired I was told that instant messaging is a no-no, YouTube is off limits and so on, but the reality was different – everyone up to managers uses IM to communicate (actually, it was one of the first things I had to install, since my manager is not in the same location as me) and the only problem with YouTube is that it’s slow when many people are watching videos :P

  8. Carl

    IT dude here. Well, I’ll have to tell you first and foremost: we generally don’t pay attention to it in the sense you might think.

    First, we set up tools to see what websites you go to; in fact, this is usually built in to a router / firewall. It records the sites, time of access, and perhaps time of last communication (that gives how much time you’ve spent on it).

    Second, we’re not hawks; we usually have a lot of work to do. Most managers (who aren’t tech savy) wouldn’t know what’s going on in that long list of websites (and it gets very long, very quick). We won’t be scrutinizing anyone unless its illegal, or something of that nature (not safe for work), and it’s an obvious sign to us. However, managers do ask IT what a person’s IT usage is, and what website’s they’ve visited, if there’s suspicion. Generally though, it’s mostly for legal purposes.

    Third, many websites these days are connected; that is, Facebook/Twitter/Google, all load different types of information. That “like” button showing up on pages is a communication to Facebook’s website. So, concluding with that, just having communication with Facebook isn’t enough to prove someone is using Facebook.

    As for email, yeah, I’d stay away from personal email use at work as much as possible. Depending on your job, if you had to sign something like an NDA, it could come under scrutiny. Now, the email itself isn’t property of your employer, but the way you access it is. Some nasty employers install keyloggers (record your keystrokes) — and most IT guys would try and keep this stuff out — but it can record your username/password. However, your employer doesn’t have the right to access your email. But, there is a catch: if you leave your email open, and your employer “walks by your desk” and reads it, well, that’s your fault for leaving it open. Still, they’re not allowed to go snooping through your email; they have to take whatever measures possible to protect your integrity as well as their own.

    I had a boss who asked me, “if a former employee left themselves logged in to their email account on their computer, can I read it?” She should ask a lawyer, but I told her no. Just log the person out and keep moving. Some employers are paranoid about employees saying things (fear of competition, PR, etc.). When you use personal email, you make yourself more comfortable than if you were using the company email. Oh, and yes, bosses can (legally) read your company emails, so you’re not safe there.

    As for Facebook, yeah, stay away from it at work. It’s a distraction, and informal for the same reasons as avoiding personal email use.

    But from an IT perspective, we’re generally not going to pay attention unless it’s something obvious (piracy websites, pornography, something illegal, or something sticking out — ie, hogging the Internet connection).

    1. Vicki

      When I was the sys admin at a small (100-person) company, a co-worker asked me if the company could monitor email and if they were doing so.

      I said it was possible but not easy (some effort to set up and then you have to actually _do it_ (or know what to filter for)). I also said that they weren’t doing it (because I was the only one who knew how). And that if they asked me to set something like that up I would refuse. But that in another company, things could be different.

      1. anonymouse

        I’d have answered that it’s possible if a manager asked for it, but if the coworker had concerns about it they’d have to talk to their manager. I wouldn’t tell the individual whether I would or wouldn’t do it… that’s an open invite to all sorts of misunderstandings. What if you were asked to do it, and paid overtime to look through for something specific on a specific day etc?

        1. Ask a Manager Post author

          Yeah, that’s sticky, because Vicki, your answer may have created what courts would consider a reasonable expectation of privacy for the employee … which might have been counter to what the company itself intended, and could cause issues down the road if the company did decide to monitor something at some point.

          1. Vicki

            I’m not particularly worried. You have a point (in our weird litigious society) but usually that sort of thing involves email and memos. Also, I was stating time-based facts: it is possible, it is mildly difficult for anyone who doesn’t know how to access the mail server (which was me), the only person who could do it (at that time) was me, and I wasn’t doing it and wouldn’t.

            None of that speaks to the future. And I doubt a verbal statement would hold up in court if anyone ever tried.

            1. Ask a Manager Post author

              Right, but I’m thinking your employer would have had a problem with it for that reason had they known. In general, IT shouldn’t set policy on these things — they should refer it to whoever does.

              1. Vicki

                My manager was a scientist. We had no IT department. I was 75% programmer 25% desktop support and Linux sys admin. I was the person who brought the email server in-house because I thought that sending company email through the ISP for storage was insecure.

                The company had an interesting way of “setting policy” on things. They bought their employee handbook as boilerplate and never customized it. So, the handbook included a policy against any alcoholic beverages on site. The reality was Friday “beer bashes” and the CEO had installed a bottle opener under the conference room table.

                In a large, more sectioned or bureaucratic company, I would agree with your comments. But then, in such a company, I would never been working as the part-time / only sys admin. (Lots of personal disagreements with how IT is done in large companies. :-)

        2. Vicki

          > What if you were asked to do it, and paid overtime to look through for something specific on a specific day etc?

          I was salaried exempt. And I would have refused. They would have been welcome to fire me if it came to that. I have certain standards and snooping in people’s email would have crossed a line for me. It’s not illegal and the courts allow it but it’s morally reprehensible to me. :-)

          1. anonymouse

            Nods. I still think that telling a peer/employee that you won’t monitor their email is giving them a heads up that they *could* abuse the system.

            Reading your extra comments it sounds like it was a workplace that had a lot of leeway, but what if that employee then started downloading something (very?) inappropriate, or was sending confidential information elsewhere? If you 100% wouldn’t monitor what they were doing, then you’d have to be replaced, very quickly, without notice, with a swift escort from the building.

            If that was/is something you were okay with then that’s ok, but I’d never assure another employee that I was or wasn’t going to do something like monitoring, I’d let them negotiate that with their manager.

            (This is from a person who has seen people download kiddy inappropriate content on work computers, let alone the wide gamut of adult content, virus stuff, sending confidential info to external email servers/direct to competitors etc. Snooping as an every day occurance isn’t in anyone’s interests – it’s too time consuming and pointless, but if a manager says “can you look at what X is doing and let me know if there’s anything not company approved” you can bet I’d do it – not just for job security, but because I want to protect my own professional backside, and because usually the manager comes well after some truly horrid stuff has happened – they are usually the last to know).

  9. K.

    I did a week-long temp gig as a receptionist and was told, before I even asked, “We don’t give temps internet access.” Thankfully, I always have a book with me so I could read at the desk when things were slow (which was an approved activity – that, I did ask about). I did a lot of reading that week. I also befriended someone at the company who would bring me the crosswords when he was finished reading the paper. That was nice. I assume some temp spent all day streaming porn and messed things up for future temps.

    It was a weird assignment in general – the receptionist was on vacation but spent her entire first day off training me/sitting at the desk with me. We both put in a full 8 hours. And no, they didn’t expect me to do anything but answer the phone and tell people when guests were there, and no, their phone system was not complicated. Even if she really felt that only she could train me (I’m sure there were other people in the company who know how the phones work), she could have done so in an hour at the absolute most. People would walk by and be like “Aren’t you supposed to be on vacation?”

    1. Rana

      Been there, done that (the book while temping I mean).

      As regards to the internet… as a temp I’ve seen all kinds of interesting things pop up in browsers’ autofill when trying to look something up online for work, or in the work email queue. The woman who was subscribed to about ten different horoscope services was the most noteworthy, but there other questionable things too.

      So there’s another rule of thumb: what sort of opinion of you do you want a random stranger to form based on your surfing habits?

      (At the very least, purge your histories regularly!)

      1. Blinx

        At my last job, I inherited a Mac. For some reason, all of the fonts and design programs had been deleted (!) but the person left all of their bookmarks. I could tell an awful lot about them just from the bookmarks alone! (PC computers, though, were “scrubbed” by IT).

  10. Just Me

    I use the internet for work purposes ( I medical bill and look up insurance website, medical billing code explainations etc.. ) so obviously that is OK.

    I will see the news when I in initially get on and sometimes click to an article. I look at weather when there is a potential issue ( snow or T- storms ).

    I have one friend I email once or twice a month and even that is a quick hi, how are you and when can we talk on the phone. They did say that was allowed as long as it is not constant.

    That is it. In my opinion, regardless of what a companies policy and thoughts are about internet use, FB, shopping, etc it is better to lay off more then push the envelope. I want nothing monitored regarding my personal life. I do not want anything used againts me as it relates to my production or opinions I have about anything.

    I have a home computer and a phone that I use for all my personal stuff.

  11. JT

    One comment about Facebook. I manage my organization’s Facebook presence, so I actually sometimes have to be on Facebook at work. So there are a few people on Facebook who aren’t goofing off.

    That said, it just feels so lame/wrong during work hours.

    1. Zed

      Yes, this! I contribute to my workplace’s social media presence (facebook, twitter, tumblr, pinterest, etc.) . It represents a tiny piece of my overall duties, but it’s definitely encouraged and aboveboard. But whenever I am on, STILL feel guilty and like I am slacking off. :/

    2. Evan the College Student

      Two years ago, I was interning with a startup that asked me to integrate their (web-based) product with Linked In. A couple hours later, I was creating my new Linked In account on company time and figuring out how to make best use of all the different fields. A couple weeks after that, I was asked to do the same thing with Facebook.

      Of course, this was the company where I could see the cofounder a couple desks over, and every so often he’d call out to everyone to look at the neat not-really-work-related thing he’d found online… Culture, yes, it all depends on culture…

  12. Greg Blencoe

    I think one problem with being on the internet for personal reasons while at work is that somebody can walk by your desk, see you are on Gmail or Facebook, and assume that you are goofing off all day.

    However, the truth might be that you’re on your lunch break, you just got through with a huge project and needed to get away from work for a few minutes, etc.

    This isn’t fair, but it’s just the way it is.

  13. NewReader

    This is kind of a tangent topic but not really on topic.
    When I went to college, I was tied into the college from my computer at home. One day I stopped by the IT department regarding some computer matters. The conversation was friendly, enjoyable. After a bit the IT person said “Look at this.” I turned and she had MY desktop on HER computer!!!! She could go through my entire computer!

    She said “Yeah, we all know we can do this. It’s the honor system – do not go through people’s computers.”

    My questions:
    Is this normal? Do schools and companies do this often?
    How do I protect my computer to limit access?
    How can I tell if an entity (school or biz) has that level of access?

    1. Blinx

      It IS normal for a help desk to be able to do this. They need to get remote access to troubleshoot whatever computer problems you may be having. My old company would have you click on certain things to “allow them permission” to access your computer. I have no idea if this was just for show or not. I know on the Mac, you used to be able to see little eyes (I think) in the corner when someone accessed your computer, but there may have been a way for the admin to disable this. At any rate, the only way to be safe is to have nothing but work files on your computer. If you really need to do personal work (say, at lunch time), bring in your own laptop.
      — Signed, Just a little paranoid

    2. Blinx

      Ok, I just reread your message, and realized that your computer was at home! This really freaks me out!! Was it your own computer, or the school’s? Don’t know if it makes a difference. To prevent this, disconnect the internet cable or turn off your wifi. Also, put a sticker over your camera lens, or close your laptop. There was a scandal a few years ago where a HS was taking pictures of students in their bedrooms, through their laptops! Yeah, you wonder why some people are paranoid!!

      Some tecchies, please weigh in with other preventive measures.

      1. Jamie

        Also, put a sticker over your camera lens

        Use a bandaid. The pad protects the camera lens from getting gunky with adhesive.

        Whether it was hers or the schools computer makes a big difference – although not if the webcam was activated. However, tis sounded like someone was just remote cntrolling her desktop via logmein, RDP via VPN, or any of the other million apps hat do this.

      2. NewReader

        Yes, it was my own personal computer.
        I saw my own desktop on her computer at the school. The school was about thirty miles from my house. Yeah, I got really uncomfortable when I saw the icon for “my documents” sitting in plain sight. Not that there is anything “bad” in there- it is personal- it’s my stuff.
        (I write letters to my fam on my computer, easier than handwriting and they can actually read the letter! Bonus.)

        The IT woman watched my eyes go WIDE when I turned to look at her screen. She grinned. “Not many people realize we can do this…”
        Hmmm. I bet.

        I did not have a camera on my computer at that time. Am getting one soon and a box of bandaids for my desk here. Thank you.

        I believe they did fix some problems I was having- but I was so naive that I thought they were fixing things on their end. So I am not sure if they were inside my computer fixing things here at my home.

        Perhaps there is a way that I could lock a help desk out of my documents? The rest of my computer, I really do not care. It is generic stuff. My browsing history- anyone would discover that I read the news and AAM. Big deal.

        Thanks for reading and mulling…

        1. anonymouse

          So they were logging into your personally owned private PC, 30 miles away at your house, without your knowledge? Or did you ask them for tech support and give them some sort of permission at some point?

          Because it’s possible to do all sorts of things if it was a PC loaded with their software – most work pcs (for larger companies/education institutions etc) come with some form of shell software for a range of reasons, mostly remote access so you can check your work email from home, log into the work files, get IT help when needed, log into the work policies etc – and this will include often a remote access back door for IT to be able to help trouble shoot. If you agreed to have this software on your PC then… you allowed the back door in.

          But if it was your personal PC you bought with your own money, that you’d not loaded their customised software on then someone has loaded some kind of trojan onto your PC, used an IP lookup (probably from an email you sent in, a logged web request or similar) and started basically hacking you PC. That’s a whole other kettle of fish.

          1. NewReader

            Yes, that is right. I had no idea that the school could get into my computer and have free range- go anywhere/access anything.

            I don’t know if I agreed to let them into my computer. If I did, I did not understand what I was agreeing to. In other words, I did not understand that they would have free range in my computer.
            I had access to the school site under a password. I needed this to print out stuff for my classes. There was an area for announcements, school email etc. When the site did not run well, I would call or email. (I could not get to the information I needed.) Silly me, I thought it was a programming problem on their end. I had a fairly new computer and high speed access. I didn’t download special programming for the school.

            I don’t think it was a trojan- because the IT person showed it to me. She indicated they could get into everyone’s computer like that.

            It almost sounds to me like if I am in that situation again- a solution would be to have a separate computer just for school (or work).

            Of everything, browsing history etc., the only thing that concerned me was “my documents” with my letters that were discussing family type matters. It seems to me that if a person is agreeing to that free range access they should receive a written notice of what they have agreed to.

            So, is there a way that I can limit the range when someone has this “back door” type access? Will setting up these “barricades” actually work?

            1. The Snarky B

              Hey NewReader, I don’t know if this applies to you or not, but you may have allowed the back door in a bundle without realizing it. For instance, my college required students to install a particular type/bundle of virus software before logging into the free password protected wifi. I think that bundles within that were certai permissions and service agreements to the effect of “Let us get in yo bidness, kthxbai.”

            2. anonymouse

              Rest assured that the IT people are rarely interested in your letters about your family – I know they are intensely personal to you, but unless the IT person had some form of personal attachment to finding things about you it’s highly unlikely they’d ever look in your folder – but then they were highly unprofessional showing you what they could in such a childish way.

              I am not sure how a university could justify such back door access to student’s personal PCs, but they must have felt a need. I’m guessing it might be around network security (virus scanning etc) or IT support or possibly even copyright and own work vs plagarism?

              It’s possible it was just part of a security bundle that the uni bought off the shelf and set up to manage it’s firewall access (for example if you wifi from your personal PC while on uni grounds you are using their firewall and servers to connect) and IT staff liked having it there and didn’t ask for it to be removed from the bundle.

          2. Laura L

            Here’s the thing though. It’s often necessary to download certain software to your personal computer in order to access university resources (e.g. academic databases) remotely.

            Downloading the university’s software DOES NOT make my personal computer their property and they should not be accessing my computer remotely without my consent.

            Microsoft should not be accessing my computer remotely, even though I’m a Windows user. Same thing with the university.

            1. Jamie

              I understand being upset and confused. It’s impossible to dissect exactly what happened without knowing the software involved – but in order to protect yourself in the future I’d recommend reading carefully the EULA (end user license agreement). That’s the thing 99.9% of users just click “agree” to without reading :).

              Now I personally think IT owes it to their end users, if they are not particularly tech savvy, to explain all the raminfications of software in lay terms. That’s a decent thing to do, but if it was spelled out in the EULA then it’s also incumbent on the user to ask for clarification when needed. If you are unclear ask for confirmation of the details in email so you have a written record.

              A school or business has no right to access personal info on a personal computer – but when that computer is used to access a network they have some right to make sure the computer is secure and doesn’t putting the network at risk. So it’s a two way relationship.

              The person who pulled it up as a party trick was being unprofessional, to be sure. But that would have been the perfect opportunity to express your concern and ask for clarification about that they are using and how they are using access.

              I’m a firm believer in signed access policies for this reason. Mine details exactly what I can monitor and what is probhibited, etc. I have a signed copy from every user before they access any part of our network so expectations are outlines, for both sides.

              1. NewReader

                Thanks to all for taking an interest in my question.
                I found it jarring to see my desk top on a computer 30 miles from home. But I figured if I wanted the degree I must put up with this invasion.
                Yes, I saw it as grandstanding “Look at what I can do! I can see all around inside your computer!”
                I never realized that my computer could totally be taken over by a reputable place. I thought only “bad guys” got into parts of a computer. Like I said- I was pretty naive. But I was also grateful that she showed me she could do this, I will never forget the lesson she taught me. My understanding of computers suddenly doubled.
                I did ask what prevented the IT department from running amok inside my computer and I was told “honor system.”
                Real World 101–Well, sometimes honor systems work out and sometimes they don’t.
                It sounds to me like access policies don’t actually prevent trespassing. It is another way for some people to give their word that they will not access certian areas. It sounds like those areas are still accessible though, it is a matter of choosing not to go into those areas.

                1. Ask a Manager Post author

                  I’d add not to be afraid to speak up and be assertive. This is your personal computer, not their property. In the future, feel free to say something like, “Wow, I’m really not comfortable with that. How can we change this?”

      3. bob

        It was a school district in Pennsylvania and, as an IT nerd, I think the government wussed out prosecuting anyone for what could have easily been construed as the district viewing or creating child pornography. I really wish they would have prosecuted someone over that fiasco because THAT would have sent a message.

    3. Jamie

      Do you mean your personal computer?

      Because on business owned equipment everyone should assume they have these capabilities. There is zero expectation of privacy on equipment you don’t own.

      If it was your personal computer did they ever offer tech support where they remoted into your machine?

  14. nyxalinth

    Of course, call centers are always different, ranging anywhere from “It’s fine between calls but close the window completely when a call pops in” and “Do absolutely nothing between calls except stare straight ahead waiting for a call–no reading, no chatting to co-workers, no nothing, much less surfing the net.” I’ve worked in both types.

  15. Anonymous

    Yes, absolutely. At my previous office job, the Internet usage was ridiculously monitored. The office manager would stay late and go through my (and other people’s, I assume) computer history. It was a small office and I suspect she didn’t have enough to do and was just plain nosy.

    In my first week, she spoke to me about my Internet usage — because I hadn’t realized it would be a big deal at all — I would log in to my personal email or Facebook at lunch or whatever to do a quick check.

    This is a little beside the point, but they had an employee handbook where Internet usage rules were outlined, but I hadn’t been allowed a copy of the handbook when I started because they were considering me a temporary employee for several months (shady as hell, should’ve taken that as a clear sign). She then emailed me the pertinent section of the handbook, still without allowing me a copy! Find the logic in that!

    After that incident, I didn’t do anything personal on that computer anymore. I got an iPhone several months later and just used that for anything remotely personal, like Facebook.

  16. Elizabeth

    I have an interesting situation – have to log onto the work email via the internet portal rather than through the server. So technically I’m on the internet all day. (Mac computer doesn’t play well with the outdated email server and I’m the defacto Mac IT person with help from the PC consultant that we use.) It’s a good thing they don’t monitor our computer usage!

    1. Jamie

      That wouldn’t matter. For web based work programs it’s a simple matter of adding it as an exception (or filtering the ip addys after the fact) so you could hat stuff does skew the usage reports.

  17. mh_76

    I’m reminded of my first FT job post-college: The internet was still fairly new and Y2K had only just passed so there was some fear of an ipocalypse (mis-spelling = intentional). We were told that we were only allowed to go to sites ending in xu.edu and that only for work-related purposes (actually, I don’t think we even had internet access in the first few months that I was there). If we tried to access an outside site, a clip-art “policeman” showed up on our screen, not unlike the Copy Cop logo. There’s been almost no turnover in the management there so I’d imagine that the policy is still similar, except that most of the job is done online vs. via mainframe, microsoft word, and printers.

    In the jobs that followed (even after the last X Univ job ended), I was told to be responsible / reasonable / use my judgment / common sense / etc. I’ve only had one job at which the browsers were set so that I couldn’t clear history / cache / cookies / etc, which I do every time I shut down the computer upon leaving.

  18. Teach

    Public Schools watch teacher computers pretty closely, we have been warned, and most everything is blocked anyways, but the blocks are so stringent that we often can’t find educational things on the computer!

  19. Cassie

    I work at a university so our computers are not locked down. I know many of my coworkers stream Pandora, check an occasional personal gmail, and read the news. I manage our dept’s Facebook page, so I go on there once in a while to add posts but I do wonder if people walking by think I’m just goofing off. I do use Google all the time to look up stuff for work so I’m really glad internet access is not restricted.

    Once my coworker asked me to help her with something, and she was streaming a live sporting event on her desktop. She didn’t even hide the fact that she was doing this while I was standing at her desk (e.g., minimize the screen, turn down the sound, etc).

  20. Andrea

    I have a crazy tangent story about email at work! When I was a senior in college, I worked part-time as a deposit counselor at a regional bank with a name similar to the word “harvest.” This was 1999-2000, which I will always remember because people used to come in all the time and ask if they would still have money in their accounts after Y2K. Anyway, I never accessed my personal email at work, probably mostly because in those days I didn’t use email as much as I do now. I was friends with another gal who worked there, and she used to email me at my personal email address sometimes–she would send jokes and invitations to parties or lunch and stuff like that, maybe once or twice a week, never anything inappropriate in content at all. I never even noticed that she was sending me this stuff from her work email address–again, she was sending it to me at my personal email.

    So one day, I get to work and the HR director is at my branch, waiting for me. I’d never had any dealings with HR except for signing up for benefits and stuff when I was hired. She took me into an office and presented me with printouts of the sent emails that had my email personal address (which has parts of my first and last name) as the recipient, and she asks me if I knew what a terrible offense it was to have participated in the misuse of company emails. Yeah, seriously. I basically just stared at her after she confirmed–twice–that she was indeed giving me a “verbal warning” because someone else had sent me emails at my personal email from their work email. Apparently, I was supposed to have not accepted them or something; still not clear on that. She wanted me to sign a document that basically said I was sorry so she could put it in my file, and I refused and insisted that I had nothing to apologize for. She got mad and left. Not long after, I found another job and left. The friend who had send the emails was fired.

    Two years later, I saw this HR director at a job fair at my school, where I was at a booth with the agency I worked for then, and she was there representing the bank. This loon saw me, came over and told my boss at the time that I’d been one of the best employees at that bank and that they sure missed me and that she had been so disappointed that I had left after being discovered as misusing company email. People, this was TWO YEARS LATER. I’ve never wished harder for the ability to make someone permanently disappear with the power of my mind than I did that day. (Yeah, I wish that sometimes. So what?)

    1. Vicki

      Instead of being embarrasses, you should have had a good laugh with your boss over the crazy lady’s version of “misuse of company email”.

    2. anonymouse

      I have seen a company email policy that stated if you recieved something in your work email that wasn’t accepted within the policy you were to delete it without opening (or delete it on finding it was offensive) and advise the sender that you did not want to receive further non-work related emails from them. Further abuses were to be reported to management.

      Frankly you can’t stop someone sending you something, and you certainly can’t stop someone sending you something to your personal email from a work address. I’d have told that HR person that it was an unfortunate situation that the other person had done it, and you’d discourage it, but frankly the responsibility and onus was on them. And then not signed anything…

  21. Vicki

    For me, this is far more disturbing than the question about email:

    “However, I did have a conversation with one manager who expressed her exasperation at people who wanted to work from home. How is she supposed to know they’re really working and not goofing off, she asked. I wanted to reply, “How do you know they’re working now?” So perhaps the culture is such that results are not what matters, but the appearance of getting them.”

    I hope for your sake, OP, that this is not your manager. A manager who needs eyes on every employee 8×5 or she can’t trust them is a bad manager.

  22. Sharon

    I’d like to know how the time spent on websites is calculated. I have a desk job in IT/software, and what I like to do is pull up one of the forums that I like to read. I may read it for 10 minutes, switch to another browser tab to do real work, and then hours later switch back to the forum tab to read/relax some more. I don’t think there’s anything wrong with that, but I do wonder if simply having the forum in the browser tab all day is calculated as goofing off all day. I would hope that if the loggers can calculate time on a website, it can also sense if the site is in the focused tab or not.

    Similarly, if I load the site at 9am, move it to the background and do real work for hours and then switch back and post a comment on the forum at 4:45 that does NOT mean that I’ve been slacking off all day.

      1. anonymouse

        The key difference will be in ensuring that while YOU are idle, so is the PC. Some pages have active push/active pull of data – think news sites that refresh even if you don’t click a link, or facebook feeds, online email, or forums that update without you hitting refresh.

        Now a good set of server monitoring tools will let you differentiate between the employee ‘requesting the refresh’ and the software in the webpage or website requesting it, however now all places will have these tools/know how to use them, and as such might measure each refresh/reload of the page as a use of the site. Some plugins/additional software people add to their browser windows also do this for them – refresh the page at set intervals.

        It’s usually not an issue in an office that is sensible, but if you find that the pages refresh on you and you aren’t sure about the policy of the company, or are worried that you are causing people to wonder you might want to close the tabs or install something to stop them refreshing.

  23. Anonymous

    I’ve lost track of how many Internet usage reports I’ve run on users after manager requests. Some managers rely on them to know what their people do all day. Personally, I view it as a nice tool to use when you already have a stack of evidence you generated by, I don’t know, actually managing and are ready to discipline someone. In my experience at a handful of major companies, it’s a pretty loose process to get that info on you. I’ve always felt the request should only come from HR, not the manager, to make sure it’s not abused.

    Facebook (and previously MySpace) has been blocked everywhere I’ve been so it hasn’t been an issue. But that’s one of those sites people are literally addicted to so I can safely say we would be disciplining people all the time if it wasn’t blocked. Many young people are used to being in touch with their friends all day and have a hard time not doing that at work. I’ve only worked at one company that blocked personal email. One company had the ability to view both sides of all IM conversations including MSN, GChat and AIM. Any data that passes through our network can technically be monitored. I recommend using your smartphone for that stuff but you also can’t be on that all day either.

    One thing to keep in mind is if you use Firefox add-ins to check your personal email, it appears on reports like you check email every 5 minutes or so. If there’s a random Facebook entry, it’s most likely a pop-up ad that you didn’t even see because your browser blocked it. I try to skim reports before handing them over to managers and will add a Post-It note with info like that so they understand what they’re looking at and will offer to view it with them (which they rarely take me up on). Sometimes I also pull a report on the manager or myself to give them something to compare it to. I check my personal email, blogs, etc all the time and will challenge anyone to get as much work done as I do.

  24. Miss Displaced

    The company I work for fired the person-before-me because they had checked their personal email and the boss saw a request for them to do some freelance work (not on work time, but that was excuse for the firing).

    While I do not believe the boss hacked into the private account, I am wary of this and seldom check my personal email while at work. If I do occasionally need to, I make darn sure to go home and change my login and passwords afterwards.

    It’s very sad and I have a suspicious and crappy employer.

  25. AY

    I once walked into the printer room to make some copies and out came a printer job. I took the paper that just came out of the printer to get it out of my way so that I can make my copies and just so happened to see an e-mail from manager made to some IT manager. The e-mail went something like, “Can you find out if [co-worker’s] IM conversations are work related?” We use Office Communicator and I guess the good thing was, the IT manager replied, “Yes they are all work related.” It could be possible that only the IT person knows exactly what sites/conversations your having and the manager just gets a general report.

  26. Vicki

    > I’ve had to ask that they be unblocked because they are customer sites and I need to see them).

    I recall, from many years ago, talking to someone who had to ask to have a site unblocked. She worked at a BioTech. The site was for breast cancer research. It thad been blocked because (OMG) it used the word “breast”.

  27. an_IT_guy

    TL;DW – IT generally hate being told that they need to be the “police” of an organization and `monitor internet usage for productivity’. It’s a management issue to address employees not focusing on their tasks, and it’s a 12-hour-a-day job for just one person to sit there and make sure folks aren’t going to Drudge, 4chan, etc. Most IT folk provide metrics from website blocking software, but are loathe to act as the enforcer. Besides, we’re human. We’re facebookin’ and twitterin’ just as much as everybody else is. ;)

  28. Dan

    Wow. Lots of comments over a holiday. I guess people do read AAM for more reasons than to just waste time at work :)

    Back on topic… my wife had a temp gig at a joint where, on her first day, the boss fired someone for the high crime of accessing Facebook at work. Granted, neither she nor I knew the backstory on that would, but apparently he just randomly walked out and proclaimed, “Whoever just accessed FB is fired!” I told her he was a dick, because if it was truly that much of a BFD, he would have just installed filters that prohibit such access from work computers.

  29. anonymouse

    Mmkay so I’ve made a lot of comments around technical stuff, but the reality is that I actually don’t believe in using all the technological trickery to get things through.

    I believe you are at work to work. That if you need to access sites for your job then go for it. That if you want to spend 10mins before/after work/during lunch/at the end of a three hour marathon group team bonding naked sauna-ing then go for it. That if you are meeting your targets AND helping out your colleagues in a reasonable way, and this is just a short term moment in between, go for it.

    Don’t do anything you aren’t prepared to show your grandmother, don’t do anything that a colleague walking past your PC might find offensive, don’t say anything rude or nasty to anyone else or about anyone else online and keep the ‘social networking’ to your social time – if it’s work networking then go for it.

    If you are silly enough to use work resources for personal stuff then expect it to be checked if you are found to be unethical in some other way. If it’s not something you mind your grandmother seeing it’s not a worry is it?

    Finally I believe that tweeting or facebooking etc ANYTHING about your work is complete career suicide (unless you are the official work social networker), even if you think it’s cryptic. It isn’t, it really won’t be, and if not this employer a future one could well take offense. It doesn’t matter if it’s in work hours (although that increases the stupidity in my eyes) or your own time. The only positive things you could tweet or update are company wide positives and you don’t want to be the first out with it – let the people who have the right to release the information do so first.

  30. Anonymous

    My work is pretty ridiculous. They have started tracking every minute of our work day. But their method of tracking is slightly on the honor system. They track certain activities in the database that we work on. Any work done outside the database that in essence is not trackable we have to keep track of and submit a spreadsheet of our time outside the database weekly. If they think we are spending too much time on certain things documented in this spreadsheet they can/will question us. Also the amount of time laid out for completing activities is completely unrealistic so a lot of us have so-called “low productivity” since we can’t meet their unrealistic expectations. Also, our database has a lot of intermittent kinks with it that they say they have been working on fixing since I started working here 4-5 years ago! One of those kinks is lagging!

    At my husband’s work they supposedly record everything you are doing on your computer, like a continuous video screenshot.

  31. Anonymous

    Just got back from the doctor’s office and the poor receptionist relayed this story to me. I’ve been going there for 6 years so I didn’t find it unprofessional that she told me since we’re on pretty friendly terms and I can relate to the micromanaging ridiculousless! There are at least 2 video cameras, that I could see, behind the front desk. She says her boss watches her all the time from them! And that recently he accused her of checking her personal e-mail when she was actually checking the company’s gmail account! She even showed him the e-mails that she read and responded to from patients! She said he didn’t even apologize and that he hasn’t always been like this. She said she’s been working there for 13 years too. It’s sad really. Because if you push a person enough they WILL leave…

  32. ooloncoluphid

    As an IT guy, I personally don’t care what you do on the Internet unless you’re hogging all the bandwidth. That said, we can monitor almost anything your manager asks for, so what is monitored is really dependent on your manager.

  33. Heather

    I work at a young, pretty relaxed software company. Our IT department asks that we don’t check our personal email because their filters/firewalls can’t catch any malicious emails that may come through. I’ve seen everyone be on Facebook over their lunch. Again, as long as it isn’t a lot of time and you aren’t searching for certain things that will tip people off, they don’t really care

  34. Ellie

    “Now, it’s certainly possible that there’s a workplace out there where five minutes on Gmail would bring wrath down upon you”

    . . . I work at one of those places. One of the first things my manager told me on my first day was, “Seriously, don’t even use the internet to check your bank balance at lunch.”

    I love the work that I do, so I’m not going anywhere, but our CEO has more than a few control issues.

  35. Stuart

    We are allowed to use social networks at work. I unthinkingly clicked a link on Facebook that took me to a xxx site. The work firewall denied me access and said ‘this activity has been logged and recorded’.

    I went straight to IT (big department though) and told one person what had happened, but they didn’t seem bothered and said that the firewall blocks everything even slightly dodgy. I think she assumed it was an innocent site that was wrongly blocked. I found out later at home that the site really was a xxx one. 

    Do breaches of the firewall trigger a big alert to IT and will they all think I was actually trying to look at pr0n? I wonder if I need to go back and say that I found out it was a xxx site, but that I had accidentally clicked through when the firewall was set off.

  36. Tony

    I made a very big mistake ,there where some emails(3) exchanged that where not exactly pg 13( i spared him the details) .i was very proactive and spoke to my supervisor about what had happened….he told not to worry about it and told me to please refrain from doing it again and that if anything came up he would take care of it. we are a privately held misd size company .

  37. anon

    Can your workplace moniter your access to facebook or your personal computer .Computer is never used at work.I work at a police dept ( not a cop) and I think this is harrassment

  38. No Name

    Hi,

    I know this article is a year old, but I am writing this with the hopes that you will see my comment and reply to it. So recently my manager was out on vacation. While I was about to get off work ,after 3 hours of work, I decided to just check my yahoo email if I had any new mails. when I was doing that, a manager (who is not my manager and I don’t even work for her during my spare time) walked up to me and asked what does my have me do while she is out on vacation. So I told her what I was supposed to do and what I was doing a millisecond ago. And she said “oh ok so this is (Pointing to my yahoo mail on the computer screen) not part of that right,? The internet” I was like oh no I was just checking my mail and then she left and i felt sick to my stomach after that….lol…I guess because I got scared. And I am just an intern who started at that company a few months ago (8 or so months). The fact is I have ALWAYS used internet at my workplace over there BUT that has never affected my work of not being able to turn in stuff on time or etc…..When I come in to work, I open the internet explorer to clock in but the homepage is yahoo news. So whenever I see some interesting news I open them in new tabs and minimize them and then clock in and then just glance over the news articles I opened for like 30 seconds and get to work. I know we can get a 15 min break in the morning and afternoon each in an 8 hour shift. So basically 15 mins for every 4 hours, since I work just 3 hours in the morning I just take a 5 min downtime which I split it between the 3 hours. Like a 2 min break after the first hour, and then another 2 or 3 mins break after the second hour which I find reasonable. It is not any formal break or something just to stretch out or go to restroom if I need to which RARELY ever do in public places. And it is during these 2 or 3 minute breaks that i actually read the news articles that I had left open/minimized and running in the background or surf the web. when i say surf the web it is ALL legal and acceptable sites NOT porn or youtube or facebook and such. Surf the web as in check my college email, blackboard go over any materials that might be tested that day (because I go to college straight after internship). And just keep in mind ALL this is only during the 5 to 7 mins that I split up in between my work hours. When I break mins are over i don’t close out of it because I do that at the end when I am leaving for the day, so those sites are still running. Sorry for the long info but I think I need to make myself clear. So i was wondering I will get fired because of this. my real manager who was on vacation has never raised a red flag about this and so I am assuming she does not have any problem with it. I don’t know how the other manager got to know about it? And one day when my real manager came by my desk to give me some papers I was about to leave and I needed to go to a nearest Bank of America which I didn’t know where it was. So I was looking up directions on google maps when she came by and she saw that but did not say a word and left after giving me the papers and it has been must since that and she hasn’t said anything so I am assuming she is ok with it. Moreover MANY times when I have gone into her room I have seen her on phone texting on google on the computer NUMEROUS times!. Moreover one day she bought some new shoes and she was showing it and talking about it with my other co workers for MORE than 20 mins. People sitting near my desks keep talking about their dogs, kids, home, places that they visited …just walk around each others desk evrything 15 mins and chit chat and spend more than 30 mins on ALL this the WHOLE day. recently everyone gathered together at one computer to watch the Miley Cyrus twerking video. I don’t understand how is it that all these things are work related and the things I do could land me in hot water. How can they be so biased. These times do not include their actual lunch or coffee breaks! Then I don’t get it- why just pick on me? I DO NOT get up from my seat unless I have to file something or take a copy/scan or want to use the restroom (in EXTREME cases). I have ALWAYS finished my assignments ON TIME! During summer I worked longer like around 7.5 hours a day WITHOUT taking a lunch break (which was entirely my choice). And during those long hours once I was done working for my manager I wasn’t goofing around on the internet I was supposed to work for my second manager who ALWAYS kept thanking me for my help in her department. And once I was done with her stuff I would leave if I did not have anything to do. So just because I was browsing the net during my micro mini nano small breaks do you think I would get fired? If they check my logs on their server …it might show that I was on internet sites for the whole 3 hours (which is not true) because I had just minimized those pages and not actually closed out of it. PLEASE let me know. Do you think I should apalogize? PLEASE HELP ME!!!

    1. No Name

      And please excuse my typos…I was typing too fast! I hope when you read it you can make sense of what I wrote….BUT PLEASE HELP ME! What could I do, if anything at all, to not lose my LONG TERM internship!

  39. MsFang

    Hi guys,

    I would like to know if I’m using my own laptop, but connecting the company’s internet, will they still able to monitoring my web browsing?
    If yes, does it mean as long as the internet is company’s, so they can get everything from any connected device even though they do not have the physical access?

    Thanks for replying. Cheers.

  40. anon

    Can I also ask, if employers is doing an investigation/search of the network for oorn related sites (colleague caught watching) will they just pull up a browsing history times and dates etc or can they access emails sent from private web based emails that have been deleted. Pretty sure computers do not have a keylogger.
    Thanks

  41. Jay

    A co-worker has become notorious for wasting time at work, on his computer, watching old re-runs of Gilligan’s Island and other mundane stuff. Everyone knows he fritters away time like this. Management was made aware of it some time ago, and they did nothing. Yesterday, a co-worker and I peeked at his browsing history, expecting to get a chuckle out of seeing ‘Mayberry RFD’ and ‘Bewitched’, but what we found was a history loaded with visits to porn sites. We were shocked. I’m a male, and my co-worker is female. The offending worker is male. My female co-worker is really uncomfortable around this person now. What should I do? Talk with him about it? Report it to a manager?

    1. Tyler

      If I were you, I’d steer clear of getting involved. If your female coworker is uncomfortable with this man because of his browsing history, it’s ultimately her responsibility to deal with it or report him or whatever else she wants to do. If you really feel inclined to act though, maybe leave him a polite note or something?

  42. Anon

    recent surveillance on my work computer has shown in my browser usage some 275 hits on facebook.com totalling 10hrs in 122 days.
    I do not have a facebook account! How can these hits be accumulating.
    The only thing I can think is that I have a LinkedIn account although I do not use to any great extent. I usually only open up the link when I get an e mail from LinkedIn.
    Also would using my personal g mail at work have some influence on facebook’s interest in the background??
    Anyone can help me please?

Comments are closed.