Monitoring Staff Internet Usage: Strategies For Effective Oversight

Monitoring staff internet usage is an important issue for businesses, as time spent on non-work websites can lead to billions in losses due to reduced productivity. It can also expose companies to legal risks, including harassment suits, if staff access inappropriate content on company devices. To prevent this, companies can use monitoring software to track employee computer activity and block certain websites or applications. While this can improve productivity and security, it is important to respect employee privacy and gain consent to avoid trust and morale issues.

Using auditing to monitor access to files

Auditing is a crucial tool in cybersecurity and data security strategies. It allows you to monitor which files employees open and even track failed attempts to access files. This is especially important in the event of a cyberattack, as it can help pinpoint exactly what data an attacker viewed, changed, or stole.

On a Windows network, you can use the audit policy feature built into the operating system to monitor file access. Here's a step-by-step guide:

Step 1: Enable Auditing at the Server Level

• Go to Start, then open Administrative Tools and select Local Security Policy snap-in.
• Expand Local Policy, then Audit Policy.
• Go to Audit Object Access.
• Select Success/Failure as needed.
• Confirm your selections and click OK.

Step 2: Enable Auditing at the Object Level

• Navigate to the file you want to monitor in Windows Explorer.
• Right-click on the target file or folder and select Properties.
• Go to the Security tab and click Advanced.
• Select the Auditing tab.
• Choose the Principal you want to give audit permissions to.
• In the Auditing Entry dialog box, select the types of access you want to audit.
• Select the options to audit successful and failed events separately.
• Click OK when you're done.

Step 3: Review Audit Reports

Once auditing is set up, you can review audit reports to monitor file access. These reports can include details such as:

• Which file was accessed.
• Who accessed the file.
• When the file was accessed.
• The client machine used to access the file.
• The server where the file is located.

You can also review failed attempts to read, write, or delete a file. These reports typically include:

• The name of the file.
• The name of the user whose request failed.
• The time of the request.
• The server where the file is located.

Step 4: Automate and Archive Reports

To make the process more efficient, you can use tools like ADAudit Plus to automate and archive audit reports. ADAudit Plus provides real-time reports on all attempts to access files or folders on your file servers. These reports can be archived and saved locally, ensuring you have a complete access trail for investigations or compliance audits.

Additionally, you can configure these reports to be automatically generated and emailed to you at specified intervals. You can also set up instant alerts to be sent to your email or phone when critical files or folders are accessed.

Step 5: Interpret File System Accesses

Interpreting the audit log messages requires understanding the different event IDs and their meanings. For example, event ID 4663 means that "an attempt was made to access an object." You'll see a success or failure message, the name of the file or object, and the user and process that made the access attempt.

For a delete operation, you'll see event ID 4660, which indicates that "an object was deleted." To find out which file was deleted, you need to look for a corresponding event ID 4663.

Step 6: Consider Scalability and Limitations

When using native Windows file auditing, it's important to consider scalability and limitations. Collecting Windows file activity generates a massive amount of data, requiring more network bandwidth and storage. To reduce the overhead, carefully select which files you monitor and limit the collection of unneeded events.

Additionally, Windows does not log file activity at the high level needed for forensic investigations. It logs granular file operations that require further processing and correlation to make quality forensic conclusions. Therefore, you may need to use third-party tools or alternative solutions to get usable file audit data.

By following these steps, you can effectively use auditing to monitor access to files and ensure data security and compliance within your organization.

Monitoring instant messages

• Use specialised software: Tools like StaffCop offer instant message monitoring across various platforms, including web-based and application-based messaging services. It captures chat content, file transfers, and indexes them for easy access. Administrators can set alerts for specific keywords, conversations with certain people, or chats on particular platforms.
• Block chats on specific platforms: If certain platforms are not allowed by corporate security policies, employers can block them. For example, if employees are using Skype, which is not permitted, administrators can block the platform and alert them to any potential security threats.
• Monitor and control instant messaging programs: Tools like Akonix Enterprise or Symantec IM Manager allow employers to control and monitor instant messaging communications. Policies can be applied to specific groups and users, and usage statistics can be captured. For example, chat can be allowed while file-sharing features are prohibited.
• Use a unified messaging platform: By using a single platform for all employee communication, such as Slack or Microsoft Teams, administrators can easily monitor all conversations. These platforms often have built-in analytics and reporting tools that provide insights into usage data, such as the number of messages sent and calls joined.
• Utilise third-party tools: Google Workspace and Microsoft 365 offer third-party tools, such as Prodoscore, which tracks employee activities and calculates a productivity score. These tools can provide detailed usage information, such as the time spent in specific apps or collaboration trends.

It is important to note that while monitoring instant messages can help improve productivity and security, it is essential to respect employee privacy and follow relevant laws and regulations, such as obtaining employee consent and avoiding covert monitoring.

Using screen capture tools

Screen capture tools are a useful way to monitor what employees are doing on their computers. They can be used to monitor what employees are reading on their screens, rather than just the information they type in. This means that, in addition to finding out the URL of a website an employee has visited, you can actually see the site displayed on their screen, as well as any documents or graphics files they have open.

Some monitoring packages include screen capture tools as standard, and they can be used to take automatic screenshots or remotely view desktops. These screenshots can be tagged with the website or application being used, the time, and the name of the computer.

It is also possible to take continuous video recordings of employee screens, which can be searched and scrubbed, and even leveraged with OCR technology to make the video searchable. This can be particularly useful for gathering forensic evidence.

Using keyloggers

Software keyloggers are programs or apps that can be used to monitor keystrokes on a mobile phone or desktop computer. They are installed on the computer's hard drive and send logs to a third-party computer or server via email or file transfer protocol. They are the most common method used by threat actors to capture sensitive information.

Hardware keyloggers, on the other hand, are physical devices that are installed in line with the keyboard's connector or inside the keyboard itself. They are designed to have an innocuous appearance, making them difficult to detect. To access the keystroke log, the administrator typically needs physical access to the computer.

Keyloggers can be used to monitor staff internet usage by recording all keystrokes, including those related to internet browsing and application usage. This can help employers track productivity and ensure employees are not visiting non-work-related websites.

However, keyloggers also pose several challenges and concerns. They are often flagged by anti-malware software as malicious and can capture sensitive personal information, such as private messages and passwords. The sheer volume of data generated by keyloggers can also be overwhelming for administrators to manage and interpret effectively.

Additionally, keyloggers can cause auxiliary issues on devices, such as delays during typing, frozen applications, and increased computing power consumption.

Due to the invasive nature of keyloggers and the potential for capturing sensitive information, employers should evaluate less invasive monitoring methods before resorting to keyloggers.

Monitoring incoming and outgoing emails

Monitoring staff internet usage is a necessary task for network administrators, especially when it comes to monitoring incoming and outgoing emails. Emails are often the source of security breaches and can expose the company to various risks, including monetary loss, civil lawsuits, and even criminal charges.

There are several software tools available to monitor email activity, such as SurveilStar, StaffCop, and Spector CNE from SpectorSoft. These tools can record and monitor all emails sent and received, including details such as the date, time, sender, receiver, subject, content, and attachments. They can also track emails on various platforms, including Outlook, Gmail, and Yahoo.

Email monitoring software can help protect sensitive data and prevent data leakage. For example, you can set up alerts for specific words or phrases in emails, monitor emails sent to non-corporate accounts, and even block emails with dangerous attachments or sent to specific recipients.

Additionally, you can create an email correspondence graph to visualise email recipients and detect any anomalies in email routines. This helps in investigating data leaks and identifying the whole chain of events and participants.

It's important to note that consent and transparency are crucial when monitoring employee emails. While it's necessary to protect the company's interests, respecting employee privacy and adhering to relevant laws and regulations, such as the EU's GDPR, are also essential.

Frequently asked questions