The legalities of employee monitoring against cybercrime
The era of online work has brought new challenges for employers, especially when it comes to monitoring worker productivity and protecting company information from cyberattacks.
Remote workers may need to be monitored by management to ensure that the quality of their work is up to scratch and that they don’t visit any websites or perform online actions that jeopardise the company’s cybersecurity – but how far can managers go before they fall foul of the privacy laws?
Let’s take a look at the important issue of employee monitoring in the context of productivity and digital crime and find out exactly what actions companies can take to monitor staff activity.
Can companies monitor workers in SA?
Privacy concerns are one of the top ranked issues among internet users and company employees are no exception. While managers feel the need to monitor their employees’ online actions, there’s always the threat of legal trouble for violating their right to privacy.
But does this really stand up before the law?
South Africa’s Constitution does grant citizens the right to privacy, but this right is not absolute. In other words, there are situations where companies can monitor their employees within the bounds of the RICA Act which protects the privacy rights of all internet users.
- According to the Act, an employee’s internet usage can certainly be monitored as long as the company obtains consent from the employee in advance.
- If data monitoring is essential for the operation of the business, this is also allowable in terms of RICA.
The best approach for companies is to combine these two conditions by inserting a data monitoring clause in every employment contract, and making it one of the terms and conditions of the job.
Part of the clause can explain that this monitoring is necessary to ensure the proper functioning of the business, thereby covering both conditions above.
What specific activities should companies monitor?
Obtaining employee consent to monitor their online usage, especially when they work remotely, is a good first step toward productivity and cybersecurity improvement. Here are some types of internet activities that companies should be on the lookout for.
- Specific websites. Monitoring the websites that employees visit during working hours and maintaining a list of banned sites or dangerous URLs is the first step to securing your company’s network.
- File uploads and downloads. Monitoring the number of files that your employees upload and download (and the source and destination of these files) can give your IT department a clue as to whether employees are carrying out legitimate tasks or performing suspicious actions that should be followed up.
Data monitoring can help reduce the risk of cyberattacks but encrypted backup is still essential
Complying with the RICA Act while monitoring your employees data usage can help you pinpoint suspicious activity, but there’s still no substitute for having a full backup of your most important files in encrypted format.
Our range of secure backup solutions will give you peace of mind as all your files are stored in the cloud using immutable storage on a regular basis. Browse our range of storage solutions and secure your data today.