> You should always assume your employer can see your enterprise correspondence.
Just to expand here. You should assume that your employer has access to _everything_ that you do with their assets. If you are trying to maintain privacy from your employer for whatever reason, do not use your work phone/laptop/email/etc.
You should also assume that your employer can take those things away instantly.
For example, one day your laptop forcibly restarts and afterwards you're locked out. Then a day later, you get the call that you were canned.
So always keep private communication separate and get private phone numbers / email addresses from coworkers that you get along well with. The company can delete your extension and email address, but with a bit of preparation that doesn't have to be the end of your personal relationships.
You should also assume that the email you "deleted", is still there.
Most email servers/services have a setting to keep deleted emails for a period of time. Most corporations also have a separate email server for execs that have different settings. This is above and beyond compliance settings that also email retention for different periods of time. Then there are also backups and archiving...you get the idea.
> assume that your employer has access to _everything_
I hear this a lot and it seems like sound advice, but always leaves me with questions.
Sure, my employer can see what URL's I am hitting, what applications are installed, their usage, and if they want they could even decrypt https traffic, take screenshots without my knowledge, key-log, turn on microphone and camera too.
I mean, I won't hesitate to open my personal gmail, read news, make comments on social media sometimes (like this), perform online "errands". At the back of mind, however, I wonder if someone is seeing what I am doing.
It makes me wonder, what is typical? Under what kinds circumstances would the most draconian measures (like screenshots) be taken? How much latitude are IT folks given? Are there ways to detect when really ugly things like keyloggers/cameras/mics being controlled by whatever "enterprise IT" software suite?
It seems IT folks don't talk about this much. The dominant advice is always don't use work computer for _anything_ but work. The reality is that almost everyone in every profession takes that advice with a grain of salt.
I don't think you need worry that your employer is watching everything you do. But they can and there are some common cases:
1 - some program is scanning ingoing/outgoing data looking for compliance violations (typically finance, some classified work; should be for medical privacy/PII but I don't see much of that happening). Also scans for liability issues such as porn at work etc. Easier to screen that stuff out up front rather than later, frankly.
2 - you have a highly restrictive job (e..g call center) and are being spot monitored from time to time; statistics are likely kept continuously. Distopian but yes, happens.
3 - Sysadmin ends up looking at some of your mail while debugging a problem or doing some investigation not necessarily related to you e.g. some employee is terminated for fraud: let's look at their correspondence, some of which -- innocently -- is from you. Or there was a disk crash and some data is being reconstructed, which includes your call logs or email or whatever.
The third case is the most common and is why there is often a blanket "we can read and get all your data" statement in the employee handbook. There are others, and you can guess them.
I think the truth is it really depends on your employer. I worked for one place that actively monitored and even recorded people's screens fairly frequently, and others where they honestly don't care in the slightest.
I see, but what did they do with that information? Did they just randomly browse employee's screens? What triggered that level of monitoring? Are there ways to detect when a screenshot is captured?
It seems like a lot of effort to monitor screens, it makes me think there has to be a compelling reason, and not just browsing around looking for "problems".
I was in the position of having to review people's browsing history, and occasionally their emails, at a large company. We were in charge of all internal investigations: phishing, malware, suspicion of IP theft or misconduct, and even micromanagers who wanted to see if their employees were slacking off or working at the times they claimed.
We never looked at anyone's activity without a clear reason, but that reason wasn't always very justifiable by my personal standards. However, I'd say most of it was necessary (like when tracing root cause of an alert or infection). My naive guess is this is probably pretty close to how it is in most big US companies.
For the times that were unnecessary (assessing "productivity"), our team, including our managers, always tried to provide as much evidence and guidance as possible that would work in the employee's favor, because we all knew it was complete bullshit and a big overreach. It's also very difficult to tell exactly what someone was or wasn't doing at specific times just by their browsing history. (We didn't have screen recording spyware or anything like that.) I'd say 98% of investigations were necessary and 2% were bullshit like those.
Reading emails or IMs was extremely rare and reserved for people replying to scammers/phishers, or accusations of serious misconduct or crimes.
> It seems like a lot of effort to monitor screens, it makes me think there has to be a compelling reason, and not just browsing around looking for "problems".
depends. it can often be chalked up to management having too much time on their hands, or busy work delegated to use up part of the day.
I worked for an ecommerce site that keylogged everyone's computer and was tasked with going through the recorded input for someone that quit on bad terms to find out "if she'd done anything". it was a colossal waste of time, and we only learned that she was into furry websites
Exactly, and even if your employer doesn't have logging software, they can get physical access to your laptop and look for logs and data manually. Importantly, you can't predict when and if this could happen.
Just to expand here. You should assume that your employer has access to _everything_ that you do with their assets. If you are trying to maintain privacy from your employer for whatever reason, do not use your work phone/laptop/email/etc.