Sign in with
Sign up | Sign in
Your question
Closed

Key Logging Software

Last response: in Business Computing
Share
November 28, 2012 4:54:52 PM

Hello all,

I am looking to see if there is a professional key logger out there that is legal. I have created a template in our employee handbook to notify all employees that we log everything. I have seen a couple companies require we notify our employees in their EULA. Can anyone with more experience shed some light on this for me? Thank you.

More about : key logging software

a b 8 Security
November 28, 2012 5:19:03 PM

kuthedude said:
Hello all,

I am looking to see if there is a professional key logger out there that is legal. I have created a template in our employee handbook to notify all employees that we log everything. I have seen a couple companies require we notify our employees in their EULA. Can anyone with more experience shed some light on this for me? Thank you.



Hi :) 

I would check with your lawyers FIRST....

There are some VERY strict laws against this in a lot of countries....

All the best Brett :) 
Related resources
November 28, 2012 5:22:44 PM

To add to what Brett said, if you are in the US, laws can also vary from state to state.
a b 8 Security
November 28, 2012 5:27:21 PM

I agree with Brett. Just because you have a policy to monitor employees computer use doesn't actually mean you have to use a key logger. There are many other monitoring tools.
a b 8 Security
November 28, 2012 5:40:01 PM

Quote:
Love my job, since I've been bringing in $74/hr… I sit at home, music playing while I work in front of my new iMac that I got now that I'm making it online.. http://twlr.me/Facts



spam reported....ban coming in 3...2...1...
November 28, 2012 7:51:29 PM

If you are asked to install a keylogger by your company, get the request in writing and store it offsite. It is not unlawful to have and install a keylogger. What the keylogger captures may infringe on peoples rights and you may get sued later depending on how you use the information. Pretty much, the company can use a keylogger to watch its own assets. Issues come up when people log into a personal email and you log the name and password. Don't be dumb and log into the external account.

That being said, there are lots of software keyloggers and some hardware ones that you can use. I would just start looking at the reviews and pick one.

To be nice, I would remind people that a key logger is running when they logon.


November 28, 2012 7:52:18 PM

Agreed with all of the above. I would simply remove the temptation.. IE: Facebook etc.. block it so they can't get themselves in trouble. Most if not all things employees shouldn't be doing can be restricted or monitored in some form or fashion.
November 28, 2012 7:58:29 PM

I am currently blocking most personal sites. I do want to see if someone is looking for another job on the clock etc. Obviously I wouldn't be using any personal info. If someone were to login to their bank account for instance, I wouldn't want to get into any trouble.
November 28, 2012 8:02:43 PM

i would check the law of your country to avoid been prosecuted for privacy infrigement
a b 8 Security
November 28, 2012 8:10:35 PM

kuthedude said:
I am currently blocking most personal sites. I do want to see if someone is looking for another job on the clock etc. Obviously I wouldn't be using any personal info. If someone were to login to their bank account for instance, I wouldn't want to get into any trouble.

Then instead of a keylogger, you really want a proxy server to keep detailed web logs that you can pull up and search by employee. There's a lot of these around (MS Forefront used to be isa server, Ironport, Zscaler i think even barracuda does this).
November 28, 2012 8:24:14 PM

I would argue that you could look at any info on the company side of the network connection. For example, any info that could be captured in a network sniffer trace would be fair game, and you see a lot more than what a keylogger would show.

You just really can not use that info to access sites outside of your infrastructure. It is one reason some companies don't want external cloud access and have set up their own internal cloud.

Key question: does the employee have a reasonable expectation of privacy?
you want that to be 'NO" if you are running keyloggers. Employees can also claim that you keylogged and entered their private accounts and used that info to fire them. Even if you did not do that, it is opens a window for legal problems later.

Also, keylogs can be faked, and modified. I once looked into a problem where a real hacking attempt was made and a manager modified the log to look like another person had did the hacking. The only thing that saved that persons butt was the manager did not know the file had been backed up before she made the change. What a mess
a b 8 Security
November 28, 2012 8:24:54 PM

scout_03 said:
i would check the law of your country to avoid been prosecuted for privacy infrigement



Hi :) 

I TOTALLY agree, this is a legal minefield where you could EASILY be sued later if you USE the information...

I repeat, check with your companies lawyers FIRST...

All the best Brett :) 
November 28, 2012 11:46:19 PM

one solution that you could make a list on your server to block acces on the site you dont want your employees to connect to at work
!