Intrinsic Security Digital Workspace

Employee surveillance: Monitoring or spying?

Since the pandemic sparked a mass shift to a hybrid working model, many leaders have opted to introduce monitoring tools designed to track the productivity of their employees. In fact, you might be surprised to learn that a substantial 70% of companies have either implemented employee surveillance measures or are planning to do so, according to our recent “The Virtual Floorplan: New Rules in for a New Era of Work” study.

If this is a trend that is likely to continue, we – employers and employees alike – need to be asking ourselves – when does reasonable monitoring become intrusive surveillance or even spying?

This was the topic of discussion tabled to our panel of experts – Nick Cross, vice president of networking and security sales, VMware EMEA, Ralf Gegg, vice president of end user computing sales, VMware EMEA and David White, director of security solution engineering, VMware EMEA – for the second episode of our new content series ‘Convergence’. Specifically, what are the technological implications of employee monitoring and what are the commercial benefits of getting it right and the penalties for getting it wrong?

Monitoring outcome not effort

Before the discussion got into full swing, Ralf started with an important clarification that there “is a very thin line between employee surveillance or monitoring and measuring the productivity of the workforce”. Monitoring shouldn’t be about spying on staff but about understanding how the company can better support them to grow, develop and improve their experience at work.

For many countries, the restrictions on employee data used by companies are very strict and they must inform individuals about what and how they are using it. For example, companies cannot store data from cameras.

When employees were in the office, it was easy to track working times as there were processes for checking in and out. You could also see in person how someone is doing. That is much harder when employees are working outside the office environment and so some companies turn to monitoring as a solution. Employers should monitor for welfare purposes and to track the employee experience of IT. When the IT team is rolling out a new application, for example, data about which employees are using it, how, when and if there are any issues is very valuable to help improve the experience of that application.

What employers absolutely shouldn’t be doing is simply monitoring how long a person is sat at their desk. As Ralf said, “this should be about tracking outcome not effort”. Three quarters of employees say that moving to a distributed working environment has meant their performance – and not the traditional metrics such as time spent in the office – is being valued more by their employers.

Nick was keen to remind our audience that “tracking activity levels was happening before the pandemic and when the hybrid workforce element came into play”. For example, tracking sales activity such as who’s doing the right number of meetings or right level of quotations or created enough pipeline, has been happening for years. The pandemic has thrown the subject of monitoring into stark relief, enabled by more modern systems that provide increased granular visibility into the business.

The lure of data

Of course, it all really comes back to data. Monitoring employees generates a huge amount of data, collected in one way or another depending on the country of operation. As David discussed, that raises risks for companies from the perspective of security, privacy and compliance.

Companies already hold lots of information about employees – addresses, bank details, disciplinary history as well as website visits, passwords used and contents of emails. That’s attractive information for an adversary who could use it to carry out identity theft to secure loans, impersonate and send emails to other members of the organisation to steal IP or even just blackmail them.

So, we need to remember that collecting and holding this information is as much a risk for employers as it is for employees, so they likely only collect data that really benefits them. Ralf supported that view with a reminder that whatever data is stored could be exposed – as long as when the data is no longer required it should be deleted.

Is the devil in the detail?

As David was keen to point out, when we think of monitoring, “we have visions of people sat at desks trawling through data looking at what you’re doing, why you aren’t doing your job, why you went to the toilet. That doesn’t happen”.

Really, employers only use information to support the employee and when business performance is affected. When numbers are good, you don’t tend to track the details. When they’re challenged, you are more likely to look at the details of employee output.

As the panel concluded, success in a hybrid working environment is down to trust between employer and employee and being transparent, careful and compliant with any monitoring and data collection that takes place.

To listen to the conversation in full and future episodes of the ‘Convergence’ content series visit here. Next up in the series, we will be discussing why security should be an asset in your innovation toolbox.


Leave a Reply

Your email address will not be published. Required fields are marked *