Skip to content
Home » security » Is my IT department spying on me?

Is my IT department spying on me?

There’ve been some stories floating around about how to make your IT department spy on you. The advice is good. The question you may be asking is how much does your IT department really know? Or, more directly, is my IT department spying on me?

I can’t answer the second question with certainty. But the first question is a lot. I’ll tell you a story.

Your work computer collects an obscene amount of data, and it’s possible to infer a lot of things from it. Including when you go to the bathroom. But data without context doesn’t prove anything, it reinforces your preconceived notions.

A former boss gave me an assignment. He wanted me to figure out how to determine if someone was goofing off. It’s not all that hard.

First of all, your company probably has a proxy server like Websense (Forcepoint) or Bluecoat. It keeps them from getting sued. It’s been a long time since I’ve looked at Bluecoat logs, but Websense logs include a category. It’s very easy to go through Websense logs and differentiate from someone reading Microsoft Office forums or a hobby forum.

If you’re goofing off on the Internet, Websense and Bluecoat know. It may be more work to tease that out of Bluecoat, but it would be doable.

But I also discovered it’s easy to tell when someone is away from their computer.

Your computer is always chatting up other computers on the network. But it looks different when you’re using the computer than it does when you’re away. It’s all in the Windows Event Log for troubleshooting purposes.

I also noticed that Microsoft Office writes a lot of events when you’re using it. But if you’re not using it, it doesn’t.

I won’t say the tools I used and I won’t say the events I looked for. I’m not certain I want other people duplicating my work. It felt kind of wrong. But I had an automated way of gathering and visualizing the data. I plotted my own data on a timeline. You could completely tell what time I got to work, what time I left, and when I went to lunch. If you were really nosy, you could figure out my other breaks too.

My boss showed it to the CIO, who said, “This is awesome and terrifying.”

Like I said, I’m very uncomfortable using this as a fishing expedition or witch hunt. Building a scoreboard that lets you track an entire department and see who spends the most time in front of the computer seems wrong. Why? If two people spend an hour puzzling out a problem on a whiteboard, they don’t get credit under this system. They could just as easily be playing video games. You don’t know. Data without context only reinforces preconceived notions.

I don’t have a problem using it after someone did something wrong. But the potential for misuse is there. It’s also fairly inevitable that people in IT will find things they aren’t really supposed to know completely innocently.

So if you’re asking, “Is my IT department spying on me?” the answer is it depends. I can’t tell you if they’re actively spying on you. But if they want or need to figure out what you did yesterday, they can.

If you’re working, your computer will prove it. If you’re goofing off, your computer will prove that too.

Now, I’ve worked in places that had a surveillance culture, and I’ve worked in places that cared only about results. If you’re working and you’re in a surveillance culture and you’re uncomfortable, find another job. But do your job hunting at home. If you’re looking for a job with your company computer, that’s easy to tell.

If you’re goofing off and you’re wondering if your IT department is spying on you, I suggest you ask a different question. Why are you unhappy with your job? If you’re happy, you’ll goof off a lot less. Fix what’s wrong with the job you have. But if you can’t, find one where you’re happier. Your career will be better for it.

If you found this post informative or helpful, please share it!
%d bloggers like this: