How To Detect Employee Monitoring Software On Your Computer


Note: This article covers only employee activity monitoring on work computers; it does not provide information on how to detect keyloggers or other spyware on your personal computer.

When we started working on this article, it took us ages of browsing the Internet to find some kind of decent tutorial on how to detect monitoring software on work computers. At the end of the day, we couldn't find anything satisfactory, yet an article like this should absolutely be written, and it should be as comprehensive as possible. Being experts in the field, we want to share some insights into the topic, which will certainly be useful to someone who wishes to be better informed or even cautioned against taking careless actions at work.

So, let's start at the beginning.

What Is Employee Monitoring Software?

Using software to monitor employees' work computers is not a particularly novel concept, with hundreds of solutions and applications available all over the world. For example, this list  alone contains 129 of such tools.

A resurgence of such software came during the pandemic. According to the Top10VPN survey, the popularity of Employee Monitoring Software increased by 80% in March-April 2020 in comparison with the same months of the previous year. And there's a good reason for that: since many employees have switched to working remotely, their managers wanted to be certain that it wouldn't stop them from working altogether without due supervision.

Generally speaking, software that tracks workplace engagement can be grouped into three categories.

Time Tracking Software. Time trackers are designed to monitor employees' work schedule discipline, including monitoring when they turn their computers on or off as well as what sites and apps they run. These tools can also take periodic screenshots of employees' desktops and keep track of their work in projects or individual tasks. Time tracking solutions can also be used for individual time management. A notable example of a time tracker is Toggle.

Employee Monitoring Software. Such solutions not only monitor sites employees visit, but they also transfer all employees’ correspondence to their bosses (email monitoring), record all their actions at the PCs (screen video recording) and even notify management in case they violate certain set policies (auto-notifications on violations). A prime example of such software is Kickidler.

Data Loss Prevention Software. DLP solutions are more focused on protecting the network and corporate data from insiders, but they can also share information about employees' actions with their superiors. This software monitors all the files employees transfer, applications they install, and other operations they carry out, immediately informing corporate security team of any suspicious activities. A prominent example of DLP software is Endpoint Protector.

How Does Employee Monitoring Software Operate?

In order for a tracking solution to gain access to your PC, it must be installed on the machine itself. Meaning, a software agent needs to be installed on your PC for it to start collecting information about your computer activity. That's right, the software has to be installed, and there are no, so to speak, browser trackers. So feel at ease if you are working from your personal home laptop – no one will be able to install the spyware on it without your knowledge. Even if they manage to somehow hack into it and do it, that will be considered a felony. And honestly, why would anyone bother?

On the other hand, if you work in the office or even if you work from home, but you've been given a dedicated work PC, there might very well be monitoring software installed on it. In this article we'll explain how to detect it and what to do next.

Yet another case is when the employer himself warns employees about the monitoring and asks them to sign a corresponding agreement. Everything is pretty clear in that case – you are definitely being monitored and therefore you don't really need to read this article.

Does The Employer Have The Right To Monitor Employees?

Based on the laws of almost every country, with the possible exception of Portugal, employers do indeed have the right to do so, but they are obliged to include such a clause in the work contracts. At the same time, unfortunately, not all employees read their employment contract carefully enough and the wording can be very vague at best.

What's more, if we're talking about an employee's work PC, which is technically considered company property, then the employer has the right to do whatever they want with it, as long as it is not an invasion of the employee’s privacy (such as, for example, intentional dissemination of employee’s personal information obtained via monitoring software). This kind of activity may entail legal action against the employer.

Now, let's proceed to the main topic of the article and outline the ways you can detect spyware software on your work computer.

How To Tell If Your Work Computer Is Being Monitored?

Here are the main ways you can determine whether your employer has installed some type of well-known Employee Monitoring Software on your computer, be it Hubstaff, ActivTrak, Time Doctor, Teramind, Insightful or even Kickidler.

Method #1. The infamous Ctrl+Alt+Del

The most obvious way would be to open Task Manager by pressing the coveted three keys and looking for any suspicious apps in either Processes or Services tab. Then you simply google the names of such apps and learn what kind of software you have installed on your PC. 

If you have macOS instead of Windows, there’s a solution, too. Instead of working with Task Manager, you have Activity Monitor, which can be accessed via Spotlight search (Cmd + Space).

That being said, it's not the most reliable method, for quite a number of reasons.

Downside of this method

Chances are high that you simply do not have admin rights on your work PC. Without those, you won't be able to access Task Manager and you also won't be able to check for suspicious apps in the corresponding tabs.

Certain employee monitoring tools, such as the aforementioned Kickidler, for example, have a stealth installation mode and therefore won't be visible in Task Manager.

The amount of Processes and Services is usually very high. On top of everything else, this method is quite time-consuming.

Moreover, a skilled system administrator knows how to disguise such software as a system process or service.

Method #2. Command Line

This method lets you find out what applications on your PC can transmit data on the Internet.

Run the command line as Administrator, enter the command [netstat -b -n] in the opened window and look through the list of applications. Ignore the ones you know, like Chrome.exe and Telegram.exe, and google the ones you don't recognize. 

The analog of the command line for macOS is, of course, the terminal, which you can also find through Spotlight search. You have plenty of options here, such as OSXDaily. Type [ lsof -nPi | cut -f 1 -d ""| uniq | tail -n +2 ] to see the name of each application that has access to the Internet.

Downside of this method

Once again, if you don't have admin rights, this method won't work for you.

If you are on a local network, that's out of the question, too. And typically in big companies only a number of people have administrator rights privileges.

An experienced system administrator can still easily disguise the software.

Method #3. Anti-spyware software

Another proven method of detecting spyware is through dedicated anti-spyware or other antivirus software. One example of such a tool is Emsisoft Emergency Kit. It's a free antivirus scanner that does not require any installation on your PC, as it runs from a flash drive. It can easily detect spyware, Trojans, worm viruses and other keystroke logging tools. That's exactly what we need. 

Common antivirus tools can also detect monitoring software, but admins usually classify agents of such software as exceptions. In such cases, your own antivirus could be the solution. This method, however, has a number of shortcomings as well.

Downside of this method

As we have already mentioned, corporate antivirus will not reveal that you have any monitoring software installed on your PC, but it will definitely notify your supervisors that you are attempting to run third-party software on the company's hardware, even if the software in question is anti-spyware. This may lead to an unpleasant conversation with your corporate security division or even with HR.

Besides, many DLP solutions (including the previously mentioned Endpoint) do not operate at the user or system level. So you simply won't be able to detect them that way.

Method #4. Traffic monitoring

Traffic monitoring would be the safest and most reliable method, but it is also not without its flaws.

You can install traffic monitoring software, such as Glasswire, which is a completely free solution that allows you to see all the outgoing traffic on your computer. 

Try disconnecting your computer from the Internet or your corporate IP for a while. Turn it back on and see what happens. If a strong data transfer has started, it means that you are probably being monitored. If you want to confirm this, find the application transmitting the data by googling the name of said application. Keep in mind that antiviruses and other security software also transmit data, but to a much smaller extent. This method will work if the monitoring tool caches data when the Internet is turned off. 

Some Employee Monitoring Software continuously transmits data to the Server, whereas other software only transmits data at designated times, for example, at night. Therefore, if you notice spikes in outgoing traffic at night, you are probably being monitored as well.

Downside of this method

We'll repeat ourselves once more – you'll need admin rights to install such an application.

And if your computer is being monitored, your employer will be able to track the launching of a non-work related application like this through the very same monitoring tool you’re trying to detect. 

Method #5. Social engineering

There are probably people in your company who know what software is used to organize work processes, including employee monitoring. It could be the accountant who purchased the software in the first place, the technical specialist who was directly involved in its implementation, or the HR manager who reviews reports on employee productivity produced by the solution. Establish a rapport with these people, and they might very well tell you everything – or at least give you some hints.

Downside of this method

As such, there are no drawbacks of this method. The only question is whether it's worth all the effort on your part. Frankly, the easiest approach for you would be to stick to the rules we describe further on and not have anything to worry about.

Other methods of detecting monitoring software

It’s worth mentioning other, less effective ways to spot spyware on your computer, such as checking what applications have access to your webcam (keep in mind that not all monitoring tools have this feature), checking your Program Files folder (the system administrator may have changed the installation folder of the monitoring solution in the first place), checking your antivirus software exclusions (you'll need corresponding access rights). 

What Should You Do If Your Work Computer Is Being Monitored?

Use a work PC solely for work purposes

As cliché as it may sound, it is the smartest response to the practice of monitoring employees’ work computers. Do not conduct personal correspondence on your company PC, do not browse entertainment content, and, most importantly, do not enter personal passwords or bank account details on your work PC. For personal purposes, use a phone that is not connected to the corporate wi-fi. What’s more, we advise you to adhere to this rule even if you are sure that your employer does not use any kind of Employee Monitoring Software.

Don’t store personal files on a work PC

This tip acts as an addition to the previous one. Under no circumstances should you store your personal files on a work PC, whether it is a physical drive or a cloud service. This is what personal devices are for.

Don't access job search sites

Keep in mind that automatic notification triggers are primarily configured to detect websites of that sort and your employer will immediately be notified of such incidents. After all, you can check these sites from your personal phone, disconnecting from the corporate wi-fi beforehand.

Don't try to uninstall the monitoring software

It seems to be the most obvious solution to your problem, however, you should keep in mind that your employer will be notified of such an attempt, and you’ll be forced to have a not so pleasant conversation with the HR.

Try to reach an agreement with your employer

Have a conversation with your employer and tell them that you aren’t opposed to such monitoring, however, you’d like to establish certain rules that would go both ways. For example, you are legally entitled to have 15-minute breaks every 2 hours during your workday. And it’s entirely up to you to decide what you’ll spend these increments of time on.

Make the most of monitoring

You no longer have to prove to anyone that you are putting in the effort; you no longer have to complain about how it goes unnoticed by everybody. If you have a time tracker installed on your computer and your employer can see exactly how hard you work, you can use this as an additional argument for promotion or a pay raise. 

Of course, this will only work for you if you're a high achiever. But if you work 2-3 hours a day, then maybe it's time for you to change something in your work-related habits.

Good luck!

Viacheslav Zimyatov,