“Bossware”: what is this software that spies on employees?

“Bossware”: what is this software that spies on employees?

Bossware makes it possible to monitor an employee’s activity remotely. The use of spyware is more widespread than you might think, especially since the advent of teleworking and AI. How can they be detected and what are the risks? 

What is bossware?

Bossware” is the term used to describe software designed to monitor employees. Installed on the workstation, it collects a maximum amount of data on the worker’s activity, with the aim of obtaining an overview of their productivity. This spyware can record all online activity, keystrokes, mouse movements and even, in some cases, take random screenshots and record audio or video.

Widely used since the widespread deployment of teleworking in 2020, it enables managers to keep an eye on their employees from a distance. Now, with the development of artificial intelligence, surveillance can go even further. For example, some “bossware” software, such as Veriato, is capable of analysing worker data to assign them a “risk score” for the company’s security. Others can send alerts if the worker does not seem to be behaving appropriately at their post.

Spyware not always detectable

Bossware can be deployed visibly or silently. With visible surveillance, workers are aware that their activity is being monitored. In certain configurations, they can even act on the software by pausing it, for example. Conversely, with silent surveillance, employees are not aware that they are being “spied on”. The software may therefore have been installed remotely on their workstation without their consent.

Authorised in the United States: and in Europe?

In the United States, employers can easily force employees to install this type of software on their workstations. However, laws are now being introduced to limit their use by requiring companies to be transparent.

The GDPR also protects employees

In Europe, employee surveillance is not clearly legislated. Nevertheless, the General Data Protection Regulation (GDPR) can serve as a reference on the subject. This regulation defines the conditions for the collection, use and transfer of personal data and provides a framework for data processing operations, including those relating to employee monitoring. In this way, employee consent to the processing of their data is absolutely required. However, as the European report ” Employee monitoring and surveillance: The challenges of digitalisation “it is up to each [EU] Member State to put in place specific data protection provisions“.

Controversial but still used

In France, “bossware” is highly controversial, but it is still widely used. According to a study carried out by Vanson Bourne for VMware, “63% of French companies with more than 500 employees have implemented surveillance tools”. Nevertheless, the French Data Protection Authority (CNIL) regularly issues warnings about the use of this software. It points out that such surveillance must not “undermine respect for employees’ rights and freedoms”. Employees must therefore be informed before any surveillance tool is put in place. Surveillance in the workplace is one of the main reasons for complaints to the CNIL.

But Europe’s leading country for employee surveillance is Spain. According to the same report, “40% of Spanish companies have installed spyware”, compared with 15% in Germany and 26% in the UK.

The different ways of detecting bossware

According to TechTarget, bossware can be detected by carrying out a few checks.

Check the task manager

If an unrecognised piece of software with a name containing a number of random numbers and letters is running in the background, it may be bossware. Note that many spyware programs are not detectable in Task Manager.

Download antispyware

If you are suspicious, anti-spyware software can be useful. It will scan the device and be able to identify the “bossware” as malicious software. 

Monitor outgoing Internet traffic

Some Internet traffic monitoring software can detect unusual traffic and confirm suspicions.

What are the risks of using bossware to monitor employees?

Impact on employee productivity and well-being

The introduction of employee monitoring tools demonstrates a blatant lack of trust on the part of management towards employees working remotely. And yet, this mutual trust is essential if employees are to remain committed to the company and retain their loyalty. Surveillance, when it is visible, puts constant pressure on employees, pressure that can lead to exhaustion and burn-out. While management would like to control and act on their productivity, it is harming the well-being of its teams.

Data theft and breach of privacy

In France, employees have rights regarding the processing of their data, particularly under the RGPD. They should be aware of this and not hesitate to alert their representatives if they have any doubts about spyware in their company. The use of “bossware” leads to massive processing of personal content and data, which undermines respect for employees’ privacy. If this software is not perfectly secure, it can be targeted by cyber-attacks. As a result, data concerning both the employee and the company is liable to fall into the hands of malicious parties. Employers must protect employee data, whether it has been collected for recruitment, security or business monitoring purposes.

Conclusion: to combat bossware, promote trust and communication

In conclusion, bossware has been used a lot since the health crisis and is tending to develop with artificial intelligence. However, their effects can sometimes be harmful to employee well-being and undermine team performance.

On the contrary, the use of spyware should never be systematic for remote collaboration. It is essential that teleworking is offered in a climate of trust, in order to reap all the benefits in terms of productivity and quality of life at work. To achieve this, appropriate and secure management and communications tools are essential.

Preserving your company’s cybersecurity

The security risks of “bossware” are real. They can lead to the loss of personal data and have financial repercussions for the company.

Employees must remain aware of their rights regarding the protection of their privacy and personal data, and not hesitate to contact their representatives if they have any doubts about the use of bossware.

To find out more about teleworking : https://www.tixeo.com/en/discover-tixeo-video-conferencing/security/white-paper-on-secure-teleworking/

“Bossware”: what is this software that spies on employees?

“Bossware”: what is this software that spies on employees?

Bossware makes it possible to monitor an employee’s activity remotely. The use of spyware is more widespread than you might think, especially since the advent of teleworking and AI. How can they be detected and what are the risks?

 

What is bossware?

Definition and origin

Bossware is the term used to describe software designed to monitor employees. Installed on the workstation, it collects a maximum amount of data on the worker’s activity, with the aim of obtaining an overview of their productivity. This spyware can record all online activity, keystrokes, mouse movements and even, in some cases, take random screenshots and record audio or video.

Widely used since the widespread deployment of teleworking in 2020, it enables managers to keep an eye on their employees from a distance. Now, with the development of artificial intelligence, surveillance can go even further. For example, some bossware software, such as Veriato, is capable of analysing worker data to assign them a “risk score” for the company’s security. Others can send alerts if the worker does not seem to be behaving appropriately at their post.

Spyware not always detectable

Bossware can be deployed visibly or silently. With visible surveillance, workers are aware that their activity is being monitored. In certain configurations, they can even act on the software by pausing it, for example. Conversely, with silent surveillance, employees are not aware that they are being “spied on”. The software may therefore have been installed remotely on their workstation without their consent.

Authorised in the United States: and in Europe?

The RGPD also protects employees

In the United States, employers can easily force employees to install this type of software on their workstations. However, laws are now being introduced to limit their use by requiring companies to be transparent.

In Europe, employee surveillance is not clearly legislated. Nevertheless, the General Data Protection Regulation (GDPR) can serve as a reference on the subject. This regulation defines the conditions for the collection, use and transfer of personal data and provides a framework for data processing operations, including those relating to employee monitoring. In this way, employee consent to the processing of their data is absolutely required.

However, as the European report ” Employee monitoring and surveillance: The challenges of digitalisation “it is up to each [EU] Member State to put in place specific data protection provisions“.

Controversial but still used

In France, “bossware” is highly controversial, but it is still widely used. According to a study carried out by Vanson Bourne for VMware, “63% of French companies with more than 500 employees have implemented surveillance tools”. Nevertheless, the French Data Protection Authority (CNIL) regularly issues warnings about the use of this software. It points out that such surveillance must not “undermine respect for employees’ rights and freedoms”. Employees must therefore be informed before any surveillance tool is put in place. Surveillance in the workplace is one of the main reasons for complaints to the CNIL.

But Europe’s leading country for employee surveillance is Spain. According to the same report, “40% of Spanish companies have installed spyware, compared with 15% in Germany and 26% in the UK.

 

The different ways of detecting bossware

According to TechTarget, bossware can be detected by carrying out a few checks.

1. Check the task manager

If an unrecognised piece of software with a name containing a number of random numbers and letters is running in the background, it may be bossware. Note that many spyware programs are not detectable in Task Manager.

2. Download antispyware

If you are suspicious, anti-spyware software can be useful. It will scan the device and be able to identify the “bossware” as malicious software. 

3. Monitor outgoing Internet traffic

Some Internet traffic monitoring software can detect unusual traffic and confirm suspicions.

 

What are the risks of using bossware?

Impact on employee productivity and well-being

The introduction of employee monitoring tools demonstrates a blatant lack of trust on the part of management towards employees working remotely. And yet, this mutual trust is essential if employees are to remain committed to the company and retain their loyalty. Surveillance, when it is visible, puts constant pressure on employees, pressure that can lead to exhaustion and burn-out. While management would like to control and act on their productivity, it is harming the well-being of its teams.

Data theft and breach of privacy

In France, employees have rights regarding the processing of their data, particularly under the GDPR. They should be aware of this and not hesitate to alert their representatives if they have any doubts about spyware in their company. The use of “bossware” leads to massive processing of personal content and data, which undermines respect for employees’ privacy. If this software is not perfectly secure, it can be targeted by cyber-attacks. As a result, data concerning both the employee and the company is liable to fall into the hands of malicious parties. Employers must protect employee data, whether it has been collected for recruitment, security or business monitoring purposes.

A few ways to avoid bossware

Promoting trust and communication

In conclusion, bossware has been used a lot since the health crisis and is tending to develop with artificial intelligence. However, their effects can sometimes be harmful to employee well-being and undermine team performance.

On the contrary, the use of spyware should never be systematic for remote collaboration. It is essential that teleworking is offered in a climate of trust, in order to reap all the benefits in terms of productivity and quality of life at work. To achieve this, appropriate and secure management and communications tools are essential.

Preserving your company’s cyber security

The security risks of “bossware” are real. They can lead to the loss of personal data and have financial repercussions for the company.

Finally, employees must remain aware of their rights regarding the protection of their privacy and personal data, and not hesitate to contact their representatives if they have any doubts about the use of bossware.

To find out more

In this white paper, find out how you can boost the productivity of remote workers and improve the cybersecurity of teleworking.

white paper on teleworking security

5 tips to secure teleworking from Julien, System and Security Admin at Tixeo

5 tips to secure teleworking from Julien, System and Security Admin at Tixeo

Businesses are facing ever-greater cyber threats, and teleworking is exacerbating these risks. Julien, System and Security Administrator at Tixeo, gives us his advice on how to make teleworking (and teleworkers!) more secure.

 

Why do companies need to improve security when teleworking?  

It’s no secret that cyber threats have been on the rise for several years now. They have even increased since the pandemic and the geopolitical upheavals. Companies of all sizes are affected by cyber attacks today. And the expansion of teleworking has not helped.

IBM’s recent “Cost of a data breach” report even indicates that when teleworking is a factor in a computer attack, the cost to the company increases by almost 1 million dollars, compared with an attack without this factor.

 

What are the cyber threats of teleworking?

By definition, teleworkers work from home. The employer therefore has limited control over the teleworker’s environment and usage, particularly with regard to the home Internet connection. However, the Wi-Fi network is a primary cyber threat when teleworking. If access to it is not protected, the data on the connected device may be exposed.

Furthermore, when teleworking is hybrid, employees are often required to travel with their work equipment. Here again, connection to public Wi-Fi networks is problematic. There is also a greater risk of equipment being lost or stolen.

Finally, the resurgence of cyber-threats such as phishing and ransomware can do more damage to teleworking employees. On site, the slightest suspicion of a computer attack is discussed in open space. If they are isolated, teleworkers are likely to be less vigilant in the face of one of these cybersecurity risks.

 

What needs to be secured when teleworking? 

There are three main elements to teleworking safety. Firstly, the teleworking workstation must be protected. At Tixeo, teleworkers’ hard drives are encrypted. This limits the risk of data being compromised, if the device is stolen while on the move for example.

Teleworkers also need access to resources hosted on the company network from home and when they are on the move. Setting up a VPN protects this access. When resources are available via a cloud system (preferably a sovereign one), MFA (or multi-factor authentication) securely authenticates the user.

Finally, protecting teleworking communications is a key issue. Employees use videoconferencing to discuss a multitude of subjects, some of which are confidential. Access to these exchanges can have serious consequences for businesses, in a context of constant cyber-warfare. The use of a secure videoconferencing solution is therefore highly recommended, to avoid zoombombing and computer espionage.

READ ALSO:

 

How does secure video conferencing protect the personal data of companies and employees?

Why is it essential to raise awareness of cybersecurity among teleworkers?

Even with all the right security measures in place, the human factor is still the biggest vulnerability. According to the latest Verizon report, this factor is present in 74% of all data breaches. What’s more, 52% of cyber espionage attacks begin with “spearphishing” or “targeted phishing attacks“. This type of cyber attack specifically targets a company employee with access to sensitive information. It is generally based on identity theft and strong social engineering. The hacker’s aim is to send an e-mail that is consistent with the activity of the person or company targeted, as ANSSI explains on its website.

Teleworkers must not feel they are on their own when it comes to these issues. That’s why cyber security awareness campaigns need to be held regularly. They should be given a comprehensive IT charter tailored to their workstation, containing all the information they need on how to use the equipment they are provided with, and what to do if they suspect an attack. Finally, teleworkers need to be made aware of the increased risks of shadow IT. Shadow IT involves employees using software and applications that have not been checked and approved by the IT department. Shadow IT can lead to vulnerabilities on the workstation and, by extension, on the internal network. To avoid the inconvenience of shadow IT, IT Departments have every interest in examining the performance of the tools deployed and providing training in their use.

 

What advice would you give to companies on how to make teleworking more secure?

  1. Stepping up awareness campaigns aimed at teleworkers
  2. Facilitate support for teleworkers, in particular through software for remote control of workstations
  3. Intensify the security of mobile teleworkers’ workstations and their access to resources (VPN, MFA, Endpoint Detection & Response, Mobile Device Management, Disc encryption, etc.)
  4. Understand the uses of your teleworking employees and adapt security accordingly so as not to generate frustration and shadow IT
  5. Implement a secure videoconferencing tool to protect the company’s sensitive data and communications

Find out more about good practice in teleworking security in the white paper: discover all Julien’s security tips

To find out more about the safety of teleworking

teleworking security tips

How can we reinvent and secure remote working in 2023?

How can we reinvent and secure remote working in 2023?

Remote working is now a popular option for many employees and companies. But at a time when cyberthreats are on the increase, how can teleworking be made truly effective and its security strengthened within organisations?

Quiet quitting, digital nomads… A new vision of work

In France, as in Europe, the relationship with work has changed considerably. For many employees today, the priority is to hold a position in a company that is in line with their values, where their well-being will really be taken into account. This is what emerges from the latest barometer from the Actineo observatory. We learn that 45% of those questioned think that their employer is not concerned about their well-being at work, whereas this should be a priority for 84%.

The “quiet quitting” movement and the growing number of digital nomads demonstrate a clear desire for greater freedom and quality of life.

The benefits of teleworking  

Teleworking seems to be an appropriate and effective response to these new expectations, offering a better balance between professional and personal life. What’s more, teleworking is even said to increase employee productivity, according to a report by the French National Productivity Council. A better quality of life? Not just that, since the success of teleworking also depends on the support and appropriate management of teams.

How can teleworking management be rethought?

white paper on teleworking security

Combining collaborative performance and data security

In 2023, the introduction of teleworking will require careful thought to be given to data and communications security. When employees work remotely, the risks of cyber-security are greater and the consequences more costly.

In the IBM report, we learn that in 2022, the average cost of a data breach was 4.34 million dollars in France. When teleworking is a factor in the attack, $1 million is added to the bill. The consequences are therefore primarily financial, but they also damage the reputation of the targeted organisation for its lack of reliability.

Protecting the teleworking environment, installing a VPN, MFA (multi-factor authentication) or subscribing to a sovereign cloud service are all choices that need to be made to ensure that employees have simple, secure access to company resources.

What tools should be put in place to secure data?

Quels sont les risques de sécurité informatique principaux en télétravail ?

livre blanc sécurité du télétravail

The importance of IT hygiene training for teleworkers

Raising awareness of IT security among teleworking teams is fundamental to preventing cybersecurity risks. In fact, the human factor is always the primary cause, despite the massive increase in the security of information systems. Employees need to be made aware of the risks, but also of the best practices to be implemented to protect their equipment, particularly when they are on the move.

In addition, the deployment and use of a high-performance Secure by Design video collaboration tool remains essential for team collaboration, especially when working 100% from home. It is important to train teleworkers and raise their awareness of this tool, particularly to reduce the risks of shadow IT, which is becoming increasingly common.

The case of Tixeo, 100% augmented teleworking

For the past 8 years, Tixeo has been moving towards 100% ‘augmented teleworking’. Thanks to the TixeoFusion mode of its secure videoconferencing solution, Tixeo teams work together in a virtual open space on a daily basis. The result: simple, reliable and user-friendly communication that erases the distance between employees and strengthens collaboration.

How has Tixeo's 100% augmented teleworking model become sustainable?

white paper on teleworking security

Teleworking: 3 ways to improve productivity

Teleworking: 3 ways to improve productivity

Today, a large majority of French people believe that teleworking has more advantages than disadvantages. In fact, 72% believe that the main advantage of teleworking is increased individual productivity. These are the findings of a recent study by SD Worx.

 

Why can teleworking boost productivity?

A better work-life balance

By working remotely, employees benefit from a degree of flexibility. This enables them to achieve a better work-life balance. In fact, the SD Worx study found that 80% of French employees believe that teleworking improves work-life balance. Working from home makes personal organisation easier. It allows employees to devote themselves to sporting, cultural or community activities at the end of the working day, which makes a major contribution to their well-being.

Reduced stress and absence

The elimination of commuting and the flexibility of teleworking considerably reduce stress in the workplace, which is one of the main causes of absenteeism.

By reducing stress at work, companies can limit absences in the long term, provided that they support employees in setting up teleworking (appropriate equipment, awareness of good posture and the importance of maintaining physical activity, etc.). The quality of life provided by teleworking can therefore have a major impact on employee productivity.

 

How can teleworking productivity be maintained?

In 2022, the report by the French National Productivity Council indicates that teleworking has led to an increase in the productivity of the employees concerned. In fact, the increase in the proportion of teleworkers, from 5% before the Covid health crisis to 25% today, would coincide with a productivity gain of between 5% and 9% within companies.

However, teleworking productivity needs to be maintained over time, thanks to effective collaboration tools and appropriate management.

Making the most of video collaboration tools

The performance of teleworking employees depends above all on the collaborative tools made available by the company. In hybrid mode, employees who are present in the office and those who work remotely must benefit from continuity in their exchanges.

These tools must facilitate communication while guaranteeing a high level of security for exchanges. Teleworking, particularly in 100% of cases, means that data is more open, sometimes on very sensitive and confidential subjects. Securing communications will not only protect the company, but also reassure employees and prevent them from limiting their interactions.

Spying: how to recognise an unsecured video conference?

How do you boost the productivity of teleworking teams?

white paper on teleworking security

Fewer meetings and more quality exchanges thanks to the virtual open space

In full remote or 100% teleworking, the challenge is to enable employees to stay in touch on a daily basis, without wasting too much time in pointless meetings. 100% teleworkers need to enjoy autonomy without feeling isolated, in order to increase productivity while maintaining team cohesion.

To meet this need, Tixeo offers the TixeoFusion mode in its secure videoconferencing tool.

This feature allows teleworkers to meet in a virtual open space. Represented in video bubbles, they can chat easily, simply by clicking on the bubble of one or more colleagues. When the discussion starts, the bubbles come together to form a coloured group. The people involved then interact in the same way as in a traditional video conference, without disturbing the other teleworkers.

The benefits of virtual open-space :

 

  • Encourage informal exchanges when teleworking (and avoid unnecessary meetings)
  • Avoid feelings of isolation by having a constant view of your colleagues
  • Facilitate the sharing of information across all participants, thanks to the secure messaging functionality included in the virtual open space

Putting the right management in place

At the same time, managers need to be trained to support their teleworking teams. This is fundamental to maintaining productivity and team cohesion.

So it’s important to establish a climate of trust when working together. Teleworking employees enjoy a high degree of autonomy. To reinforce their commitment and involvement, the manager must encourage regular feedback. In addition, exchanges must be fluid and carried out as much as possible by videoconference with the camera activated, to improve the quality of exchanges. This helps to detect any uneasiness or difficulties at an early stage.

 

Setting rituals

These regular feedbacks can be programmed in the same way as daily meetings. These daily meetings, which are very popular with IT teams, enable them to take stock of current projects. This type of ritual helps to improve the productivity of teleworking staff: it reminds them of the objectives to be achieved and motivates the workforce, while at the same time rewarding the progress made.

Finally, when teleworking, managers must ensure that their teams take breaks during the day and disconnect after their working day. Hyperconnection has an impact on the teleworker’s health and is detrimental to their quality of life and productivity. Regular exchanges with the manager can help identify this type of problem.

 

Read also:

QWL: how do you break the isolation of teleworking?

QWL: how do you break the isolation of teleworking?

QWL: how do you break the isolation of teleworking?

Whether imposed or flexible, teleworking can be a difficult experience for employees. Teleworkers may feel isolated from their colleagues and superiors. This major risk has consequences for employees’ well-being and commitment to the company.

 

Facilitating communication

Isolated teleworking inevitably means poor communication. When teleworking, the communication tools deployed must be simple and easy to use, so that employees pick them up quickly. However, this is sometimes not enough.

A simple instant messenger is easy to use, but doesn’t allow you to recreate qualitative interactions. Generally, exchanges are short and limited to questions and answers. Communication is therefore insufficient. Over the long term, the links between employees become weaker.

Full remote: why are team buildind essential?

 

Making the most of videoconferencing

The deployment of videoconferencing tools in companies is now essential for teleworking teams. However, these solutions are still under-utilised. Many employees deactivate their webcams during online meetings and lose the opportunity to interact more effectively with the person they are speaking to. This type of practice leads to a feeling of isolation when teleworking.

 

The importance of non-verbal communication

Non-verbal communication can provide information about a colleague’s emotional or physical state and enable the conversation to be adapted. Body language (facial expressions, movements, posture, etc.) can indicate agitation, apathy or dissatisfaction. The gaze may be shifty or fixed, indicating interest and attention. All these elements contribute to enriching communication and getting the most out of it.

6 questions to ask yourself before starting a videoconference

Setting up rituals

On the other hand, holding a series of videoconference meetings throughout the day can quickly become exhausting for employees and, above all, counter-productive. What’s more, these meetings generally leave little room for informal communication. This does nothing to reduce the feeling of isolation among employees.

To maintain a good team dynamic, certain rituals need to be put in place, such as weekly meetings or short “daily meetings”. These encourage exchanges without taking up too much of the working day. Other, more informal and fun activities can be devised to strengthen team cohesion (online games, challenges, video afterwork, etc.).

The aim is to strengthen links between teams while maintaining autonomy and productivity.

 

 

The virtual open-space to avoid feelings of isolation and strengthen team spirit

On a daily basis at Tixeo, the teams are continuously connected in real time in a virtual open-space, TixeoFusion.

Every morning, employees work together in the same space, working remotely without feeling isolated.

Everyone appears in a video bubble and can work in peace and quiet, surrounded by their colleagues. To exchange views, employees simply click on a colleague’s bubble to switch to a traditional videoconference. The other colleagues can see the bubbles coming closer together, creating a discussion group.

isolement télétravail

Each discussion group is represented by a different colour.

The teleworker is just like being in the office:

  • they can easily share their screen,
  • hold a meeting
  • have an informal chat with a colleague
  • or concentrate on their work while seeing their colleagues.

All this without feeling isolated.

Finally, TixeoFusion also facilitates the exchange of information between all participants, via the integrated instant chat module.

Thanks to the virtual open-space, teleworking employees can easily chat with different teams, which also strengthens cross-functional collaboration.

 

 

Integrating new teleworkers

In teleworking, the arrival of a new employee must be well prepared in order to facilitate their integration into the company.

On the first day, everything must be done to ensure that the newcomer feels welcome and can get to know the teams in place. Support during the first few weeks is crucial to help them take charge of their new role and their place in the organisation. Regular exchanges should be arranged to identify any difficulties at an early stage. A rapid and successful integration of a teleworking employee will limit the risks of isolation.

 

In a recent interview with French Tech Méditerranée, Renaud Ghia, CEO of Tixeo, gives his advice on how to welcome a new 100% teleworking employee.

Raising team awareness

Organisations need to react before a teleworker becomes truly isolated. There are various warning signs: loss of motivation, lack of involvement in meetings, fewer exchanges, etc.

Awareness-raising measures can be put in place within the organisation to prevent isolation while teleworking. In addition, managers need to be trained in these issues so that they can react quickly and support their staff. Regular feedback with their teams is also recommended to detect this type of malaise.

 

 

Monitoring workload and respecting the right to disconnect

Finally, the feeling of isolation when teleworking can also be felt when an employee is overloaded with work. When teleworking, it’s easier to stay at your desk for a few extra hours to finish a task. However, this hyper-connection can have harmful effects on the employee’s health and personal life, and can lead to a feeling of isolation.

Here again, the manager must ensure that the employee’s workload is consistent and that they can disconnect completely after their working day to devote themselves to their family life and leisure activities.

 

How do you encourage team cohesion when you work 100% from home?

white paper on teleworking security