Sending person emails from work computer; what does the company see?

<p>A few of use were discuss this the other night and we really don’t know the answer. None of us work for large companies, but many of our children do. If you have a company supplied laptop and access your personal email, if the company has key stroke logger or some other way to peek in on you, what can they actually see? For example, if you have a gmail account, can they see your emails if you read them on the company computer? What about if you use gchat or AIM?</p>

<p>It seems many of the kids and their friends use gchat while working. Not that they are saying anything inappropriate, but I wondered if their company chose to look, could they see what they were saying or just know they were accessing gchat during working hours? What about those people that travel with their laptops; is it ok to browse the web and read personal emails while traveling? I am sure each company is different and we are not talking about abusing company rules; but if the company does not have a rule about surfing or checking personal emails, can they still see what you do? So many people send tons of jokes by email that are not appropriate in the work place; if you check your personal email at work and open this type of email, might you put yourself in jeopardy? </p>

<p>I have no idea how companies “spy” on their employees; when I last worked, computers didn’t exist for the common folks :)</p>

<p>If you are using the company’s systems, they can put whatever they want to on your system to track what you are doing, from seeing your screens to logging your keystrokes. So if you’re using company computers, assume that you’re being watched.</p>

<p>I use my own equipment at the office but anything that isn’t encrypted could be captured. It may be possible for companies to record webpages that you visit by saving the datastream if there isn’t something on the browser that encrypts and decrypts the datastream. I have a friend that works at a company that does this for security agencies though I don’t have a working model as to how they do this.</p>

<p>If it’s a real concern, have them do their personal stuff on their own equipment. The safest approach would be to VPN into a remote computer to do your email or use SSH tunneling so that your traffic is securely routed though an external system and network.</p>

<p>I used to work in computer security. With a few exceptions, a company has the right to read anything and everything sent over their computers and servers, including email and websurfing habits. And many people don’t seem to be aware of this. Often, it may not be worth their time to scrutinize everything, but that doesn’t mean they won’t. </p>

<p>At my husband’s old job, he was in the office that set up the networking. There were frequent conversations there about who was surfing to “farmanimalfun.com” or what have you [I hope that’s not a real website, but just in case, I don’t recommend trying it out!] and then there would be snickers whenever the guy from office 716 walked by. Of course there are also various people out there who know what you’re surfing from home, but they are less likely to see you on a daily basis!</p>

<p>Back the big company issues: I would suggest never sending an email, going to a website, typing a forum posting, etc. on a work computer (or from a work email) that you would not mind showing to your boss if s/he came in and asked what you’re doing.</p>

<p>I don’t know the legal issues regarding checking personal email (since it seems you’d be less responsible for what you receive vs. what you send), but personally I wouldn’t do it. I would imagine the law (as well as the way company rules are written) is generally going to favor the company.</p>

<p>I’m sure it varies by company size but I was told if you are using the company’s network (internet access) they can technically see what you are doing. If a company makes you use an user id and password to log onto their network, then it’s almost certain they can and will watch your activities. Whether they actually do monitor is another issue… that depends on whether they have the resources to do it. It’s safest to assume that anything you do on the company’s computer is fair game. While occasionally checking one’s personal email account is probably not a problem, I could see where chatting all day long would be. My company has blocked sites such as facebook for that reason.</p>

<p>Some 15 years ago, when we began to get internet access at work, there was one IS tech who reviewed the daily logs of sites visited (couldn’t actually see what was typed, but could tell the PC and site) and notified supervisors if he found surfing that he deemed improper. </p>

<p>One day he found activity in the PC at the hospital medical staff office to sugarbaby dot com or similarly named site (wasn’t related to pediatric diabetes when he checked) and took it to the VP of medical staff. It resulted in quick and decisive action - the CIO was summoned and by that afternoon the medical staff office PC had its own phone link that couldn’t be monitored.</p>

<p>the reason why companies can check anything and everything the employees are doing at work was because till recently, while you are working (during work hours) practically all internet access was done through the companied supplied computer (laptop or desktop) and/or company provided internet access (company’s local area network). So, if you happen to engage in personal stuff while at work, you could assume that none is off limit from company’s interception.</p>

<p>However, this is getting to be a moot point. Now, wireless network is giving ample bandwidth for internet access to smart phone or iPad that completely bypasses the employer’s local area network. Now, people with smart phones can access internet directly through the service provider network (AT&T, Verizon Wireless), etc, and companies can NOT intercept the data transmitted from your iPad or smart phone, UNLESS they INSTALL spy program on these - I don’t think companies are doing that yet. </p>

<p>Better yet, if you have your own private smart phone not provided by the employer, whatever you send through the internet cannot be touched by the company. You are completely safe from any interception or a breach of privacy.</p>

<p>My advice: if you have to have personal communication, do it with a smart phone or iPad - it’s even better if YOU paid for it.</p>

<p>Different companies have different policies. Read your company’s thoroughly. Most of them will state that they have the authority to monitor their computers and network, and use disciplinary action in cases of inappropriate use.</p>

<p>I certainly can’t speak for all IT security teams…but, having worked in IT Security at two Fortune 500 companies, I can tell you that the security staff has some pretty big fish to fry, and isn’t typically engaged in actively monitoring what you do - but they can, and they do when they are asked to. And it wouldn’t be professional of them to just go about randomly seeing what you are doing - we had a formal request process for various types of monitoring. Laws in some countries related to monitoring computer usage vary and must be adhered to. Human Resources was always the requester - not the manager. We never randomly monitored people for fun. On occasion, law enforcement was the ultimate requester and would obtain evidence from company pc’s, servers, etc.</p>

<p>We did have to check and make sure rules were functioning, things were being blocked, that certain types of traffic was allowed or disallowed, and in doing so, you see a lot of what your co-workers are doing.</p>

<p>And oh, by the way, even if you delete files from your workstation, they are still recoverable. </p>

<p>I can also tell you, from reviewing logs, that upper management seems to be immune from monitoring. I was highly, highly offended at what executive management did with some of their time. It was demoralizing.</p>

<p>And, back in the day, when third parties weren’t managing our SPAM, we had to check that the filters were working right, not set too restrictively and quarantining legit mail. Therefore, we ended up seeing email that might be legit, and was not SPAM. However, it was clearly not business related, either. Yikes, I will never be the same after seeing some of that mail.</p>

<p>I have 15 years of crazy stories about things people do with computers at work, from kiddie porn, to stalking other co-workers to fraud.</p>

<p>I work for a finance firm, so I think we have tighter information security in place. </p>

<p>I mentioned to the head of IT infrastructure that I was wondering if a particular employee was conducting some side business while at work. In half an hour they made her 2 years emails available for me to view (included all of her deleted emails too). It turned out she was doing some web design work to make extra money. </p>

<p>We also have software to monitor emails sent in/out of work. It is to prevent employees sending custom information or financial information outside of work. We are not allowed to send spreadsheets or reports to our personal email in order to work on it at home. </p>

<p>Any IM program at work is also monitored and backed up. We had few cases where people were having affairs at work and were using IM to flirt with each other (couldn’t believe what people would say to each other).</p>

<p>I told D1 not to send/receive emails from work. She has her iphone. I told her to use that instead.</p>

<p>Agree with all told DS to use the iPhone which belongs to him and he paid for. As a small business owner I do monitor the bills for employee cel phones and in particular monitor for excessive personal phone calls during business hours. I supply the phone and pay the bill. We have also in some cases gone back and looked a internet usage not content but sites visited and times. Personal emails, flirting, web surfing should generally be done on an employees own time and their own equipment. I try not to email or text DS during business hours and I never call his personal cel during business hours. Especially for those just starting out in their careers I think it is very important. We have terminated employees for spending way too much work time on personal stuff side businesses etc.</p>

<p>

No “technically” about it. They can, and will, and do see it all.
If it’s not work, don’t do it on the network. For email, if you couldn’t read it out loud in front of all involved parties and your boss, mom and moral leader, don’t put it on the work email server! Also remember that all email will be available forever - be proactive in preventing lawsuits. If someone could sue about it, don’t talk about it on work email.</p>

<p>

</p>

<p>eta ebeee’s very astute warning to many under-30’s</p>

<p>Did anyone see this story last fall:</p>

<p>[Wipeout:</a> When Your Company Kills Your iPhone : NPR](<a href=“Wipeout: When Your Company Kills Your iPhone : NPR”>Wipeout: When Your Company Kills Your iPhone : NPR)</p>

<p>It discusses how - if you elect to receive company email on your personal (not company issued!) iphone, ipad or other device, you may be setting yourself up for disaster. With a single code sent through e-mail, your company can wipe your phone clean.</p>

<p>Realistically - </p>

<p>(Many) companies can and do monitor (to some extent or fully when requested) company email - i.e. email at company.com. They also generally retain all emails, virtually forever now, in order to make sure they met any compliance directives. Of course the extent varies with the particular company.</p>

<p>Also, (many) companies direct all internet bound traffic from the company’s network through a proxy server of theirs which is sort of a central gateway to the internet. They can monitor whatever they want at this level but more typically would use it to block access to certain websites and possibly monitor the websites to make sure they’re appropriate. They also usually block incoming spam.</p>

<p>(Most) companies would not monitor email at private email locations (gmail, hotmail, etc.) even when using company PCs since it’s a much bigger deal to capture the packets and peruse those than to review what’s on the company email. Of course, they might choose to do this even though it’s a big pain. </p>

<p>I think most companies would not use a key logger since that can generate a huge amount of data to have to review and sometimes they wouldn’t want the reviewers to see the data for every employee - for example the CEO or other executive’s keystrokes. They might, however, use it if they felt there was a true need. When they use a key logger app they could see every single keystroke.</p>

<p>Generally, if one is using a company laptop at home while not connected to the company’s network via VPN the company wouldn’t see any of the internet traffic including emails to gmail, hotmail, etc. or postings to CC. However, browsers cache a certain amount of pages, pictures, etc. and keep a history of the visited sites. These can usually be deleted though through settings in the particular browser but otherwise, if the company had access to the computer they can see it.</p>

<p>Many companies have their computers configured so that the IT department has administrative rights on it when connected to the company’s domain. When configured this way, an IT person can simply log on to your computer and see anything that’s there (as long as the computer’s connected to the domain - which it wouldn’t be if used at home and not VPN’d in).</p>

<p>All of the above is ‘generally’ since there are always exceptions.</p>

<p>The best bet is to simply not do anything inappropriate with the company computer while at work with ‘inappropriate’ meaning that you wouldn’t refrain from what you’re doing if your boss was standing behind you, or any co-worker, or the CEO, or your mother, or your kid and not do anything you’d have to try to defend in any way to your management (going to inappropriate websites, spending too much time on the internet that’s non-business related ).</p>

<p>Assume everything. VPN still wouldn’t stop it if they had a keystroke logger.</p>

<p>It all depends on the company. My company blocks the major e-mail websites but I know how to get into my gmail on my work pc. We can’t gtalk at work either. We do however have an IMing program that we use in office to chat with each other. It’s supposed to be for work communication only but coworkers talk personally to each other all the time. I know all those chats are logged so I just hope nobody says anything too bad. I had to laugh today because my old boss sent me a message asking if I could send him his favorite emoticon that he somehow deleted off his computer. He knew I had it because I made him send it to me a few months ago. Some managers don’t allow any personal chat on theirs so some of it’s just up to who your boss is. Most websites are fine (some are blocked) but I could post on here from there if I wanted to. Only on breaks though. One of my old coworkers didn’t have tv at home and she would stream tv shows on her work computer before her shift, after her shift and during lunches. One day her computer just locked up it was running so slow she couldn’t do anything. We have a ton of web based programs at work and IT had to come up and look at her computer and they were like we have to clear all this stuff out… all those internet files and cookies were just making her system go crazy… They were like we know what you’ve been doing and it’s okay with us but clean out your stuff at least once a week please…</p>

<p>

</p>

<p>Is there anyone who doesn’t know that someone is watching their work hour internet use? if not, kiddos, be aware… all that you do online at work is recorded, filtered, etc.</p>

<p>They can, and they might. I would not at all say ‘they will’. Many companies have bigger fish to fry than worrying about whether Mary Jane at the receptionist desk is surfing when no one’s looking. But an employee would be wise to assume as much…since so many employers are so completely inept. </p>

<p>Frankly, far better management and environment would be had (and the bottom line positive impacted), if companies and managers focused on what is produced and actual performance outcomes, rather than micro-managing one’s hourly work ‘just in case’. If someone using company time is impacting business, it will be showing up as a problem, and one should act on that problem; if it’s not, stop wasting your time wielding power just for its own sake. Then again, if a company couldn’t care less about the expense incurred from hyper-monitoring their workforce, demoralizing employees so they are no longer on your side and cut corners the minute you aren’t looking, and the costs of turnover and retraining mean nothing to you, then by all means, keep micro-managing. Oh and the employees you fire? Who cares…but the ones’ remaining? Are you kidding me? The ones remaining work out of necessity, hide their ill feelings, do the bare minimum for you since they care about their job and not about your success or that of the firm. You got compliance, and lost something far more valuable. You saved on a friggin’ phone bill and lost the tremendous financial windfall that comes with goodwill and a workforce that really goes the extra mile because they care about you and the company. Good luck with that.</p>

<p>Companies do monitoring now because of information security. I don’t think they are monitoring because they care about how employees are spending their time at work.</p>

<p>When you say emails are forever, does that mean on a company server? What about that side business? When a person has their own domain name, are their emails retrievable forever? By whom?</p>

<p>

It depends. If you get your own domain name and you host your own website on your own server then you can wipe out all of the data although anytime an email is sent, it’s sent from a location to a location and it’s held at both of those locations (and sometimes intermediaries) until deleted. That means that even if you wipe it out on your end it might still be held on the other end. For example, if you send it from your side business to a friend/customer at their work email address it’ll be held at that business (if they have their own mail servers) for as long as their policy states which again, can be forever at this point.</p>

<p>If the side business’ website is actually hosted by another company (godaddy, etc.) or if for email you’re really using gmail, hotmail, etc. then the email is on those company’s servers and will be held for whatever time period their policy (internal) states. Even if they remove it from their server there could be a copy on a backup image somewhere.</p>

<p>The emails are retrievable by whoever owns/controls the servers and sometimes by law enforcement if they have reason and permission to access that info.</p>

<p>Be careful what you send in email.</p>

<p>My S & H are not allowed to bring their personal cell phones in to their workplace at all (federal employees). I do NOT send them emails. I wait for H to call me because there’s no point in calling his car, where the cell phone lives when he’s not there anyway. If they want to do anything during the workday (including during lunch) on their personal cell phone or personal computer, they would have to leave their workplace building to retrieve their phone if they wanted to use it instead of company property. H doesn’t bother–he just does it all at home and uses his landline phone at work or cell phone in the car to let me know when he’s leaving work.</p>