Thomas Vanderbilt Communications employees like to kid each other that they are being watched by Big Brother. But the software used by their employer to monitor their computer use is no joke.
The Atlanta marketing and advertising company makes no secret that it is keeping tabs on every Web site they visit, every keystroke they tap, every instant message they send--even the contents of the messages on their personal Hotmail or Gmail accounts.
"I don't feel like I'm spying on my employees," said Thomas Vanderbilt, president and chief creative officer of the firm, whose past and current clients include high-profile brands such as Coca-Cola and Starbucks.
Vanderbilt signs confidentiality agreements with his clients and needs to be sure that contractors and young twentysomething employees are not sharing, say, images from celebrity ad photo shoots or other closely held information. The software, made by SpectorSoft, proved especially valuable when it sniffed out dummy expense reports being created by a new accounts payable clerk.
Instances of fraud rise during recessions as employees become financially desperate or disgruntled--or both, experts say. That fraud can range from abusing expense accounts to skimming and check tampering. For example, nearly two-thirds of 1,280 executives said they expect accounting fraud perpetrated by both employees and executives to increase during the next two years, according to a Deloitte survey released in January.
Hard times bring more fraud
Besides financial fraud, companies find less insidious but still costly forms
of abuse such as employees spending long, production-sapping stretches on Facebook
or YouTube.
To help avoid cases of worker fraud, companies are increasingly using monitoring and tracking software. "Employee fraud definitely increases in economic hard times," said Frank McKenna, co-founder and chief fraud strategist of BasePoint Analytics, a firm that offers fraud consulting and software for banks, mortgage lenders, and credit-card companies.
The primary reason is that employees no longer have access to credit or the ability to continue a certain lifestyle and a desperate few will resort to wrongdoing. Also, employees tend to feel less loyal to companies as they watch layoffs happen. In some cases, layoffs can actually remove people who served as watchdogs against abuse by their colleagues.
At one Fortune 500 company in the medical industry, a woman claimed to have cancer and said she was taking sick days for her treatments. Turns out that she was actually going for spa treatments and charging them to her corporate credit card. The expenses appeared to be legitimate travel-related expenses since she was going to a hotel-based spa. The situation was recently flagged by auditing software from Oversight Systems that compared the detailed charge records from American Express with attendance data.
Keystrokes can raise red flags
BasePoint's McKenna said in order to catch fraud, businesses have to
look at behaviors that are not typical of employees in certain jobs. One way to
do that is to monitor keystrokes.
In a former position, McKenna managed internal investigations at a bank. He found that on a monthly basis he could expect anywhere from one to four reps out of 3,000 that had access to customer credit-card accounts at a particular call center to commit internal fraud.
"We had to look at what they were doing on the computer and compare that to what nonfraud employees were doing," he said. "The keystroke behavior was much different." Some reps might search on particular names over and over again, while others might go into a customer's account five or more times a day.
Software that monitors keystrokes can potentially find those red flags. In research published early last year, about 45 percent of companies surveyed tracked content, keystrokes, and time spent at computer keyboards in 2007, up from 36 percent in 2005, according to the 2007 Electronic Monitoring & Surveillance Survey of 304 companies by the American Management Association and the ePolicy Institute.
In addition, about 66 percent of employers surveyed say they monitor Web surfing and block connections to inappropriate Web sites, a group that often includes adult sites, game sites, and social networking sites.
IMV Projects, an engineering, procurement, and construction management company in the oil and gas industry, estimates that each of the company's 650 employees recouped about 10 hours of work per year after the company installed software from SpectorSoft to monitor Web usage and time spent chatting on instant messaging.
"Our primary goal is to see where everyone is going," said Steven Terenta, network manager for IMV Projects. "The only time we look at one employee is when a supervisor asks us to check something out."
The company now blocks access to Facebook except during the lunch hour. IMV Projects estimates the increased productivity amounts to at least US$195,000 per year.
Hotlines can help
Technology can turn up suspicious activity, but it should not be seen as the
only solution, experts say. Much still depends on people noticing any activity
that's out of the ordinary.
"Most fraud is uncovered by accident," said Heriot Prentice, director of standards and guidance at the Institute of Internal Auditors. And the reporting of that fraud often relies on fellow workers who serve as whistleblowers. That is why experts say that something as low-tech as an anonymous hotline can be beneficial.
Best Buy lets employees report fraud by phone and via the Internet. In fact, employees helped uncover fraud that led to a Best Buy vendor-relations manager pleading guilty in January to receiving kickbacks from a computer parts supplier in an alleged fraud scheme that Best Buy said cost it US$31 million over four years.
"There's been a spike in the reporting of fraud. More people are coming forward recently," said Kathleen Edmond, chief ethics officer at Best Buy. Still, Edmond said she could not be sure whether fraud itself is on the rise. She pointed to the possibility that employees might have seen it go on in the past and not reported it. That has since changed as the economy has sunk into distress and layoffs have started, she said, adding that employees are more likely to report fellow employees who are trying to get away with something.
Still, many employees do not welcome employers watching their every move online. That was certainly the case at Thomas Vanderbilt Communications. "In the beginning the employees were very upset; they felt a lack of trust and a lack of respect and that they should have privacy," Vanderbilt said. Most can now laugh about it, he said. "It takes the negativity away about it when you can joke about it," he said, "but it is a constant reminder that you are being watched."
Play video
Monitoring Employees
My own employer, a university, is pretty much hands off in the name of academic freedom, but we do warn users that their content and activities may become apparent during maintenance (That was my contribution to the user guidelines). And of course all sorts of nasties might turn up during a forensic search. It's only a matter of time before the State imposes stricter guidelines. Bottom line, it's the employer's computer and network connections. Any personal use allowed is a privilege, not a right.
Posted by Steve Dutch on Sunday, March 08 2009 03:13 AM