Before, Thompson checked the logs from the company's Microsoft ISA (Internet Security and Acceleration) Server, which tracks what Web sites people access, only if a supervisor suspected an employee of violating the company's stated policies.
Now, one of his five IT staffers regularly reviews the logs, even without a specific request. "That's all he does for one day a week," says Thompson. "He goes through the logs to see if there's anything in there that needs to be exposed or discussed." Activity related to porn, gambling or hate speech automatically raises red flags, he says.
Thompson and his staff aren't exactly comfortable about this. "We're IT guys. We're not babysitters," he says. "It's a difficult position to be in, but it does come with the territory."
It helps that his IT staff is not responsible for confronting violators, only finding them. If a problem pops up, IT staff reports it to Thompson, who then determines whether to report the violation to the employee's supervisor.
He's like the neighborhood beat cop, who might catch kids stealing from the corner store but let them off with a warning the first time. "I do it on a case-by-case basis, based on my own gut feeling about what [the violator is] telling me," he says. "I'm a pretty good judge of whether or not someone's lying."
In the 10 years he's been with the company, Thompson says, he has officially reported inappropriate Internet usage to a supervisor on just two occasions.
The reason for that low number? "We regularly communicate to the rank-and-file employees that all Internet access is monitored and logged, so they know they are being watched," Thompson says. "In my view, that keeps the majority of people honest."
In addition to energy and automation systems, ENE Systems provides Web site, e-mail and other IT services to its customers. Thompson says he has seen increased interest in employee monitoring among ENE customers, which include large institutions such as the Boston public school system and State Street Bank. "More and more frequently, our customers want to know, 'What was that guy doing when [his computer] got that virus?' for example."
One customer put Thompson into an ethical dilemma when it asked ENE Systems to secretly install SpectorSoft software on its employees' PCs. SpectorSoft records everything: e-mails, chats, IMs, Web site visits and searches, programs run, files transferred. It even logs keystrokes and takes screenshots.
The owner of the company, a landscaping firm, wanted Thompson's staff to lie if employees asked what they were installing on the PCs. (Although most companies spell out monitoring policies in employee manuals, only two states -- Delaware and Connecticut -- actually require that companies notify employees that they are being monitored.)
Sign up for Computerworld eNewsletters.