Workplace monitoring has risks and rewards

CIOs are the front line of defence against the growing number of industrial spies who seek to gain competitive advantage in the looming recession. The...

CIOs are the front line of defence against the growing number of industrial spies who seek to gain competitive advantage in the looming recession.

The CIO's defensive arsenal is well stocked against external threats, with firewalls, intrusion detection and prevention systems, and encryption. But more CIOs are turning to technlogy to monitor and control systems they use to run the business, as the recesion sparks concerns over the activities of their own employees.

For example, Marks & Spencer uncovered the whistleblowing activities of Tony Goode by reading his e-mails to The Times newspaper.

Goode's lawyer, the GMB union's legal officer, Maria Ludkin, alleges the retailer also gained access to records about his private mobile phone calls, an allegation that M&S denies. Goode denies leaking confidential information and is appealing against his dismissal from Marks & Spencer.

Dave Roberts, director of surveillance equipment supplier The Spy Shop, says managers are becoming more paranoid about abuse or loss of company assets, as the economy slows down, and staff faced with redundancy are looking for "insurance policies".

Roberts says electronic monitoring equipment is highly effective, cheap and "idiot-proof". One innocuous-looking 13amp double adapter can hold a microphone and SIM card that allow the owner to monitor an entire room and transmit conversations via the mobile phone network to a listener anywhere in the world.

He adds that a £95 "snoopstick" can download a Trojan in 60 seconds via a PC's USB port. The Trojan lets a remote watcher monitor and even edit a message on the fly without the sender knowing. A target's mobile phone can be similarly compromised with a Trojan injected via a Bluetooth transmission to the target phone, he says.

Kirstie Ball, who wrote a specialist report on workplace monitoring for the Information Commissioner's Office 2006 report, A Surveillance Society, says the use of electronic methods to watch workers is rising.

"The three main reasons are to monitor workers' performance, their behaviour, and their personal characteristics," she says.

Ball points out that monitoring is nothing new, but that more companies are using CCTV, e-mail and web filtering, and phone call analysis.

Mark Murtagh, technical director of e-mail filtering company Websense, says more and more companies want to stop data leaving their offices.

Recent high-profile cases have highlighted the risks of data leaks. For example, the German electrical engineering firm Siemens was found to have the details of the price list and maintenance contracts of arch-rival Dassault Systemes on its intranet. Dassault said it suspected a former employee of stealing the information to buy his way into a job at Siemens.

"Data loss prevention is about identifying what data is important, controlling who has access to it, what media it can be saved to, and, more importantly, who can send it outside the organisation," Murtagh said.

Peter Skyte, national officer for the Unite trade union, agrees that monitoring is on the rise. He says companies do it partly because it is legitimate for health and safety, security or regulatory reasons, but also because they can.

Skyte believes the wholesale sacking of middle managers has left companies with no choice but to rely on technology to monitor the workplace. Unite has a privacy guide that spells out acceptable use of monitoring technology, and the Information Commissioner's Office also offers advice.

As the M&S incident shows, trust between management and staff is crucial. Properly done, electronic surveillance can build trust. Badly done, it will devastate relationships.

Read more on IT risk management