Data and network security, legal compliance, and employee productivity are three important facets of running a business. One way to maintain each is by implementing user activity monitoring (UAM) technology. However, you should be aware of a few caveats. If you’re considering using these tools, it’s critical to understand the best practices for UAM and how it can help your company.
User activity monitoring is a set of software and tools that can track and record the activity of users (in this case, employees) on a digital system. UAM can be used to track systems as small as individual company-owned devices (e.g., desktops, laptops, cellphones) or as large as entire networks.
“The purpose behind the monitoring is to maintain security, whether that be a network intrusion, the theft of sensitive information or other threats,” Michael Trust, human resources practitioner at Myman Greenspan Fox Rosenberg Mobasser Younger & Light, told business.com. “UAM is used to monitor threats from internal actors, as opposed to an external threat, which is a different type of security.”
Additionally, some companies turn to UAM to monitor and improve business productivity. Employers can implement user activity logs to track individual user activity and filter results by specific criteria. The size and depth of your UAM policy will depend on your business’s size, industry and security needs.
Although monitoring employee activity can be advantageous, employers should use discretion and sensitivity when implementing employee monitoring software and policies. For example, the Electronic Communications Privacy Act of 1986 loosely governs employee monitoring and requires employers to have legitimate business purposes for monitoring user activity. States such as California, Connecticut, Florida, Louisiana and South Carolina impose tighter restrictions on employee monitoring. [Read related article: The Legalities and Benefits of Employee Cellphone Monitoring]
While you’re legally allowed to monitor user activity on company-owned devices, you need to take extra precautions if you want to monitor employee-owned devices. In either case, it’s wise to incorporate device usage and monitoring policies into your employee handbook for workers to read and sign. Learn more about creating an acceptable use policy.
Employers can take advantage of three major benefits of UAM: It helps businesses maintain network and data security, aids in legal compliance and protection, and improves employee productivity.
One of the main reasons companies turn to user activity tracking is for business cybersecurity. UAM tools can secure networks and devices, reduce the risk of data breaches, protect proprietary information and trade secrets, and prevent data loss. Organizations can fall victim to incidents like employees sharing proprietary information with unauthorized users, cyberattackers or malicious employees uploading malware to networks or devices, and naive users unintentionally accessing harmful web content. UAM tools can monitor these security threats in real time and create an audit log, allowing your IT or security team time to address them promptly.
Some employers rely on UAM solutions to maintain legal compliance and protect their organizations against litigation. For example, highly regulated industries like healthcare and financial services tend to have strict guidelines on what types of information can be shared and with whom. Tracking user behavior in real time helps companies ensure users are complying with those laws and regulations.
Additionally, if a specific user is engaging in illegal activity (such as theft, gambling or harassment) on your network or devices, you can quickly identify it and take appropriate disciplinary action. Since these surveillance tools not only track user actions in real time, but also store and report on historical activity, your business can use UAM to protect against lawsuits from disgruntled employees or customers.
Another advantage of tracking user activity is the potential increase in employee productivity.
“A very common example is monitoring of employee access of social media for personal use on company time and using company IT resources,” said David Miller, labor and employment attorney at Bryant Miller Olive. “If employees know they are monitored, they are deterred from wasting paid time on unproductive activities.”
Although some employees may view monitoring software as a sign of employer distrust, you can mitigate this concern by discussing your monitoring policies with your team and explaining the reasons behind them. [Learn more about why your employees should know you monitor them.]
Editor’s note: Looking for the right employee monitoring software for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.
Your UAM software can include a multitude of features, depending on what benefits you want from it. It can perform functions like recording video for surveillance, capturing files and screenshots, logging keystrokes, and tracking mouse, keyboard and network activity.
“UAM software reviews in real time what files, applications, devices, servers, networks, websites, internal drives, external drives, etc., are being accessed, what is being accessed and by whom,” Trust said. “It can also show if and what documents are being uploaded and downloaded during this review.”
UAM data is often recorded in real time, but it can be configured to display filtered results for a particular date, time or set of files.
Instead of using UAM to micromanage staffers and discipline unproductive workers, use it to improve your business. Communicate with employees about their activity, reward high performers and create performance improvement plans for areas where team members are lacking.
To create and implement a successful UAM policy, you should choose software that has the specific features and integrations you need, incorporate a combination of security efforts, and disclose all monitoring processes to your employees.
There is no single platform or tracking tool that will suit every business’s monitoring needs. You first need to determine the specific benefits you’re looking for in a UAM solution. Do you need to track user activity to maintain cybersecurity, or is employee productivity your top priority? If you already have other business platforms or data security software, you may need to find a UAM tool that easily integrates with those programs.
“Define your needs and objectives, and then choose a software that meets them,” Miller said. “Only choose a software that can integrate with your other platforms, like data security systems.”
See our software recommendations below.
UAM software can be an excellent security tool, but it’s not enough by itself. Trust recommends implementing other security measures – such as the best antivirus software, multifactor authentication, fewer shared accounts, strong password requirements, frequent password changes and strict file-sharing procedures – to avoid the loss of data and associated risks.
Perhaps most crucially, you should permit only essential users to access highly sensitive or confidential information. Some businesses mistakenly give all employees access to this kind of material, even if they don’t need it to perform their role.
“Many organizations do not lock down this information, and so employees could freely, for example, obtain a confidential customer list or product design or financial information or payroll information and share it maliciously inside and/or outside of the organization,” Trust said. “It could also be shared innocently for gossip. In either case, it’s a security threat.”
A combination of various security measures will give you a greater advantage in maintaining a safe and secure business.
Even if you’re not legally required to, you should be transparent about what you’re monitoring and openly disclose procedures to employees. This can ease their concerns about lack of trust while helping them adhere to your expectations for privacy and security.
“User activity monitoring has ‘invasion of privacy’ implications,” Miller said. “Employers should be careful to eliminate any expectation of privacy employees might have in, for example, personal emails, personal documents stored on company computers or social media use.”
After you discuss your monitoring policies with your employees and answer any questions they have, obtain their consent with their signatures. You should also add your employee monitoring policies to your employee handbook.
>>Read next: Employee Rights You’re Violating Right Now
It’s vital to understand not all monitoring software is the same. The best employee monitoring software for your business will depend on your specific company and what you’re expecting to get out of the program. Below are some of our top picks.
Source interviews were conducted for a previous version of this article.