Employee Monitoring: Balancing Security & Productivity

Published July 25, 2019 | Categories: System Administration , IT Services

Is your small business optimized for digital security and productivity?

Pretty much every business takes measures to protect its network and IT infrastructure. With the extraordinary proliferation of malware and ransomware attacks in recent years, it’s just prudent planning to set up strong defenses against potential intruders.

Managed IT services, which focus on more mundane tasks like updating and patching business applications, typically don’t receive the same level of scrutiny. But, they also play a key role in protecting your company’s key digital assets.

Why Monitor Employee Computer Habits?

The focus with managed IT services shifts from outside threats to internal ones. With firewalls and security protocols in place to counteract bad actors, in-house monitoring efforts ensure that internal digital vulnerabilities are identified and neutralized.

In addition, monitoring of your employees’ computers offers managers and business owners something else – the ability to track productivity. This can come in the form of tracking the websites employees visit, time spent in business application, idle time and a host of other activities.

Considering American cultural ideals of privacy and trust, however, this type of monitoring can rub some employees the wrong way. So, how do you navigate the competing priorities of security and privacy as a business and keep your employees happy at the same time?

Two Approaches to Employee Monitoring

There are two schools of thought pertaining to monitoring employee computers – and they are on the opposite ends of the spectrum. We’ve dubbed these as the “Don’t Do Stupid” and the Centralized Control options.

The “Don’t Do Stupid” Model

This is the less hands-on approach to employee monitoring. It works well in office cultures with a high degree of trust and business environments where a potential breach of trust would not result in a catastrophic failure. This is the more permissive set up, and probably the one most preferred by employees, managers and IT professionals alike.

With this approach, productivity is encouraged by a simple “black list” of websites that employees cannot access. Black listing is guided more by legal requirements, industry norms or security considerations, rather than the drive to limit employee browsing options.

Security is upheld with a minimum number of rules and tracked employee activities with potential for exposure to cyber threats or other digital vulnerabilities.

The Centralized Control Model

This model has much in common with the much more controlled way that internet activity is regulated by non-democratic governments, like China. The approach replaces the “black list” with a “white list” – rather than listing the destinations employees can’t access, the organization creates a limited list of approved websites.

Activity tracking is also much more robust, aiming to collect as much data on individual employee usage patterns as possible in order to promote a culture of efficiency.

This type of employee monitoring set-ups are more commonly deployed by larger organizations, like health systems, banks and multi-national corporations.

Your Model

Which model works best for your business? As with most things, your business needs will dictate the appropriate approach to employee computer monitoring. And, odds are, it’s going to fall somewhere in between the two extremes described above.

Once you settle on the level of monitoring that works for your business goals and office culture, it helps to have a knowledgeable IT team implement the monitoring set up.

Beacon Knows Managed IT Services

Looking for an experienced IT team that can help you manage your business network? Look no further, BITS is here to help. Give our team a call today to discuss your IT management needs.

 

Technology is changing constantly. Please note that technical information posted in the BITS blog may be inaccurate if published prior to 2022.