As a small business owner, you want to ensure you're getting the most productivity out of your employees – especially when you're starting out. With more and more of today's work being done digitally, the threat of constant distractions looms large on the workday. With the assistance of keystroke loggers and other types of employee monitoring software, you can closely monitor your employees' online behavior – but there are some risks involved.
What is keystroke logging?
With the advent of employee monitoring software, employers have access to the necessary tools to keep close tabs on individual employees' productivity levels during business hours. One such tool many vendors offer is keystroke logging software. Also known as a "keylogger" or "keystroke logger," this type of employee monitoring software keeps a by-the-moment record of each key an employee presses on their keyboard.
Though these programs are generally offered as software that's difficult for employees to detect, physical keystroke loggers are also options on the market.
How does keystroke logging work?
At a fundamental level, keystroke loggers do what the name suggests – they log every keystroke made on the monitored keyboard, as well as every other action taken on the monitored device. Generally, these programs make their way onto computers in one of two ways: Either the employer purposely installed the software on a work machine before issuing it to an employee, or it was accidentally downloaded as a malicious program through an infected file download. With either method, the keylogger gets the most useful results if the employee or monitored individual is not aware that it exists on the machine.
Keystroke loggers surreptitiously installed onto a system are among the most common types of spyware used by malicious actors on the internet. The ability to track a user's login information – including their password – for various sites and pick up other sensitive data is why keylogging malware is an extremely popular tool among identity thieves.
A keylogger can also collect data through clipboard logging, screen logging and internet activity tracking.
Types of keystroke loggers
There are two types of keystroke loggers on the market today: software-based keystroke loggers and hardware keystroke loggers.
- Software keylogger: Once downloaded onto a computer, either maliciously or through an official action by an employer, this digital program is hard to detect by design and can record every keystroke and action in a log file.
- Hardware keylogger: Unlike their digital counterparts, hardware keyloggers are easy to detect, since they are physical items that usually plug directly into the monitored machine. Some of them look like USB flash drives, while others are installed between the keyboard USB cable and the computer's USB port.
Why do some businesses use keystroke logging?
With many Americans now working remotely, it's understandable that a small business owner would want to take measures like keystroke logging. Internet distractions are significantly harder to clamp down on when your workforce is scattered and operating in the privacy of their own homes. Without proper oversight, it could be easy for production to slow down, deadlines to be missed, and customers' confidence in your company's reliability to diminish.
"For particularly startups and small business owners, the success of their company relies on determining and fine-tuning their productivity and revenue," said Omkar Dharmapuri, founder of TechLurn. "Lazy, inactive employees might cause the business to lose money – an issue with larger consequences in smaller businesses than larger ones."
In addition to monitoring how an employee spends their day, keystroke logging software can impact other parts of a business's operations. By collecting data on current inefficiencies and identifying pain points that drag employee engagement down, a keylogger can help you streamline your business processes when implemented properly.
One way some companies do this is by subverting the covert nature of keylogging, according to Dharmapuri. By letting employees know they're being monitored, you can encourage them to become better, more productive workers.
"Some businesses opt to emphasize the fact that they're being monitored, which can have a boosting effect on employee performance," Dharmapuri said. "You can even go so far as to attach a reward system to it, using positive reinforcement to reward employees."
Editor's note: Looking for the right employee monitoring software for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.
Is keylogger software legal?
Given the harm to a person's privacy and sensitive data a keylogger could pose if mishandled, it's understandable to worry whether these programs are legal to use. If your business operates solely within the United States, there are no laws that regulate or restrict your use of keyloggers as an employer. Though several key pieces of legislation deal with digital privacy, wiretapping and the collection of communications, keyloggers have not been directly named in those laws. The case for whether the laws could apply to keylogging in the future hasn't quite been made yet either.
While there are no federal policies, some states have taken measures to make employer-installed keyloggers a violation of privacy law. New Hampshire, for example, has legislation on wiretapping and eavesdropping that defines the intercept of sensitive information as "the aural or other acquisition of, or the recording of, the contents of any telecommunication or oral communication."
David Reischer, an employment lawyer and CEO of LegalAdvice.com, said there are laws for a business to follow when monitoring employee emails, social media accounts, keystrokes, etc. A business can comply with these laws by establishing a clear company monitoring policy, which it must properly communicate to all employees.
"All [businesses] should learn local state laws when developing a monitoring policy," Reischer told business.com. "State laws may vary slightly from federal laws, which also require the disclosure of a monitoring policy."
Along with double-checking for local and state legislation that directly relates to keyloggers, you should be forthcoming with your privacy and employee monitoring policy.
"All monitoring software policies should be clearly defined, explicitly outlined, and properly documented, with a written acknowledgment by the employee," Reischer said. "All employees should sign off on a written policy that clarifies that there is no expectation of privacy whenever using company property. The policy should also clearly state that there is no monitoring unrelated to work performance."
What are the risks associated with keystroke loggers?
While keyloggers can certainly have some benefits for a business, there are some inherent risks with employee monitoring, depending on how you use such technology.
One of the biggest sticking points for privacy advocates and most employees working under the electric eye of a keylogger is that it's indiscriminate. Built specifically to capture everything, keyloggers are "risky," according to Hubstaff CEO and co-founder Jared Brown.
"Anyone who reviews the data can read any passwords the employee enters," he said. "Employees don't always know when their keystrokes are tracked or not. This creates tension between employees and employers."
This issue further highlights the need to be transparent about your reasons for implementing a keystroke logger. The problems will compound if employees find out they've been monitored without their knowledge. While many employee monitoring software providers include a keylogger, Brown said his company refuses to do so – instead opting to use data like activity rates and other tracking efforts.
Another risky area is where the logs are kept and how secure that data is. Since these keystroke logs contain account information and communications between employees, they're ripe for attack by hackers, whether to use for their own ends or to sell to an outside party.
What are some keystroke logging tools?
Once you've considered your options, checked local legislation on the use of keyloggers, and crafted a clear company policy on the practice, you're ready to look for a monitoring program. There are some employee monitoring software solutions that include keyloggers and are worth checking out. Some of the following options are among our best picks for employee monitoring software.
If you run a very small operation, you'll want to keep SentryPC in mind. With affordable service plans and an intuitive interface, SentryPC is a cloud-based solution that can monitor both Mac and PC users. Recording keystrokes is just one of the ways it keeps tabs on your employees, and it does so in real time. It also has the ability to filter certain web content, track a device's IP address, and detect when a portable drive is inserted into the device.
Poised as more enterprise-facing employee monitoring software, Teramind offers a range of monitoring methods. Through its real-time user activity monitoring, Teramind can keep track of keystrokes, as well as at least 12 different system objects, in real time. Those other trackable inputs include webpages, applications, emails, console commands, file transfers, instant messages, social media and on-screen content.
Though not one of our best picks, SoftActivity Monitor is an affordable alternative that can silently monitor your employees' activities. Once installed, it can track keystrokes and actions taken on the computer, and even how long the user is on certain websites. This program can also record emails, monitor multiple computers on the same network, and generate reports of employee activity.