What Is Keystroke Logging?

What is keystroke logging?

With employee monitoring software, employers can access the necessary tools to keep tabs on employee productivity levels during business hours. One such tool many vendors offer is keystroke logging software. Also known as a “keylogger” or “keystroke logger,” this type of employee monitoring software keeps a by-the-moment record of each key an employee presses on their keyboard.

Though these programs are generally offered as software that’s difficult for employees to detect, there are also physical keystroke loggers.

Editor’s note: Looking for the right employee monitoring software for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.

How does keystroke logging work?

At a fundamental level, keystroke loggers do what the name suggests: They log every keystroke made on the monitored keyboard and every other action taken on the monitored device. Generally, these programs make their way onto computers in one of two ways: Either the employer purposely installs the software on a work machine before issuing it to an employee, or it is accidentally downloaded as a malicious program through an infected file download.

Keystroke loggers that are surreptitiously installed on a system are among the most common types of spyware used by malicious actors on the internet. The ability to track a user’s login information, including their passwords, for various sites and pick up other sensitive data makes keylogging malware an extremely popular tool among identity thieves.

A keylogger can also collect data through clipboard logging, screen logging and internet activity tracking.

Types of keystroke loggers

There are two types of keystroke loggers on the market today: software-based keystroke loggers and hardware keystroke loggers.

• Software keylogger: Once downloaded onto a computer, either maliciously or through an official action by an employer, this digital program is, by design, hard to detect and can record every keystroke and action in a log file.
• Hardware keylogger: Unlike their digital counterparts, hardware keyloggers are easy to detect, since they are physical items that usually plug directly into the monitored machine. Some look like USB flash drives, while others are installed between the keyboard USB cable and the computer’s USB port.

Why do some businesses use keystroke logging?

With many employees now working remotely, it’s understandable that a small business owner would want to take measures such as keystroke logging. Internet distractions are significantly harder to clamp down on when your workforce is scattered and operating in the privacy of their own homes. Without proper oversight, it could be easy for production to slow down, deadlines to be missed, and customers’ confidence in your company’s reliability to diminish.

“For particularly startups and small business owners, the success of their company relies on determining and fine-tuning their productivity and revenue,” Omkar Dharmapuri, an IT professional and creator of TechLurn, told us. “Lazy, inactive employees might cause the business to lose money — an issue with larger consequences in smaller businesses than larger ones.”

In addition to monitoring how employees spend their day, keystroke logging software can affect other parts of a business’s operations. When implemented properly, a keylogger can help you streamline your business processes by collecting data on current inefficiencies and identifying pain points that drag down employee engagement.

According to Dharmapuri, some companies do this by subverting the covert nature of keylogging. By letting employees know they’re being monitored, you can encourage them to become better, more productive workers.

“Some businesses opt to emphasize the fact that they’re being monitored, which can have a boosting effect on employee performance,” Dharmapuri said. “You can even go so far as to attach a reward system to it, using positive reinforcement to reward employees.”

Is keylogger software legal?

Given the harm to a person’s privacy and sensitive data that a keylogger could pose if mishandled, it’s understandable to worry whether these programs are legal. If your business operates solely within the United States, there are no federal laws that regulate or restrict your use of keyloggers as an employer. Though several key pieces of legislation deal with digital privacy, wiretapping and the collection of communications, keyloggers have yet to be directly named in those laws. The case for whether the laws could apply to keylogging in the future hasn’t been made, either.

While there are no federal policies on keylogging, some states have taken measures to make employer-installed keyloggers a violation of privacy law. New Hampshire, for example, has legislation on wiretapping and eavesdropping that defines the intercept of sensitive information as “the aural or other acquisition of, or the recording of, the contents of any telecommunication or oral communication.” [Read related article: The Legalities and Benefits of Employee Cellphone Monitoring]

David Reischer, an employment lawyer and CEO of LegalAdvice.com, said there are laws businesses must follow when monitoring employee emails, social media accounts, keystrokes and other activities. A business can comply with these laws by establishing a transparent company monitoring policy, which the business must properly communicate to all employees.

“All [businesses] should learn local state laws when developing a monitoring policy,” Reischer said. “State laws may vary slightly from federal laws, which also require the disclosure of a monitoring policy.”

Along with double-checking for local and state legislation directly related to keyloggers, you should be forthcoming about monitoring policies and privacy expectations.

“All monitoring software policies should be clearly defined, explicitly outlined and properly documented, with a written acknowledgment by the employee,” Reischer said. “All employees should sign off on a written policy that clarifies that there is no expectation of privacy whenever using company property. The policy should also clearly state that there is no monitoring unrelated to work performance.”

What are the risks associated with keystroke loggers?

While keyloggers can benefit a business, there are inherent risks with employee monitoring, depending on how you use such technology. One of the most significant sticking points for privacy advocates and most employees working under the electric eye of a keylogger is that it’s indiscriminate. Built specifically to capture everything, keyloggers are “risky,” according to Hubstaff CEO and co-founder Jared Brown.

“Anyone who reviews the data can read any passwords the employee enters,” he said. “Employees don’t always know when their keystrokes are tracked or not. This creates tension between employees and employers.”

This issue further highlights the need to be transparent about your reasons for implementing a keystroke logger. The problems will compound if employees discover they’ve been monitored without their knowledge. While many employee monitoring software providers include a keylogger, Brown said his company refuses to do so, instead opting to use data such as activity rates and other tracking efforts.

Another risky area is where the logs are kept and how secure that data is. Because these keystroke logs contain account information and communications between employees, they’re ripe for attack by hackers, whether they use the information for their own ends or sell it to an outside party. [Read related article: Pros and Cons of Monitoring Your Employees]

What are some keystroke logging tools?

Once you’ve considered your options, checked local legislation on the use of keyloggers, and crafted a clear company policy on the practice, you’re ready to look for a monitoring program. There are some employee monitoring software solutions that include keyloggers and are worth checking out. Some of the following options are among our best picks for employee monitoring software.

SentryPC

If you run a very small operation, you’ll want to keep SentryPC in mind. With affordable service plans and an intuitive interface, SentryPC is a cloud-based solution that can monitor both Mac and PC users. Recording keystrokes is just one of the ways it keeps tabs on your employees, and it does so in real time. It also can filter certain web content, track a device’s IP address, and detect when a portable drive is inserted into the device. Read our SentryPC review to learn more about the software’s features.

Teramind

Poised as more enterprise-facing employee monitoring software, Teramind offers a range of monitoring methods. Through its real-time user activity monitoring, Teramind can keep track of keystrokes, as well as at least 12 system objects, in real time. Those other trackable inputs include webpages, applications, emails, console commands, file transfers, instant messages, social media and on-screen content. Check out our review of Teramind to see what other security features the software offers.

InterGuard

Another one of our best picks, InterGuard, is ideal monitoring software for tracking remote employee activity. In addition to keystroke logging, it has monitoring features such as screen recording and the ability to take snapshots of employees’ screens. You can view various dashboards, depending on the information you need to access. We also like that the software offers alerts and reporting so you can stay on top of employee activity as it occurs. Read our InterGuard review to gain more in-depth knowledge of the software. 

Skye Schooley contributed to this article. Source interviews were conducted for a previous version of this article.