Workplace Monitoring Software: What Your Employer Can Actually See

#The tool running in the background

You can tell how much experience someone has with this by whether they treat the control as binary. It isn't.

You start your work laptop. You log into your VPN. You open Slack, check email, start your first task. Somewhere in the background, software you've never consciously interacted with is taking a screenshot of your screen every 10 minutes, logging every website you visit, measuring how often you switch between applications. And calculating a "productivity score" that will appear on your manager's dashboard.

If you work remotely for a medium-to-large US employer, there's a 70%+ chance this describes your work environment. Per Gartner and industry-analyst data, workplace monitoring software adoption accelerated dramatically during 2020-2022 with the pandemic remote-work shift. And has continued expanding even as employees have returned to offices.

The monitoring-software industry includes:

• Hubstaff (most common for gig/remote teams, ~$25M ARR)
• Teramind (deeper enterprise monitoring with DLP features)
• Veriato (enterprise-focused, deep behavioral analytics)
• ActivTrak (mid-market, dashboard-heavy)
• Time Doctor (time tracking + productivity monitoring)
• InterGuard (forensics-grade monitoring)
• Controlio (comprehensive monitoring)
• BambooHR Time (integrated with HR platform)
• Toggl Track (lighter-weight time tracking)
• ProHance (productivity analytics)

Plus built-in monitoring in enterprise tools like Microsoft 365 (Productivity Score, Viva Insights), Google Workspace (Work Insights). And endpoint protection (CrowdStrike, Microsoft Defender for Endpoint, SentinelOne) which include monitoring features beyond security.

This post covers what workplace monitoring captures, the legal landscape, how to know if you're being monitored. And what to do if you're uncomfortable with the monitoring in your workplace.

#What the tools capture

Modern workplace monitoring is broad. A typical enterprise monitoring stack captures:

#Activity monitoring

• Active application time. How many minutes you spent in Excel, Slack, Chrome, etc., per day
• Website visits. URLs, page titles, time spent
• Document activity. Files opened, modified, copied, printed, emailed
• Keystrokes per minute / mouse activity. Used to distinguish "active work" from "away from desk"
• Time of day patterns. When you start, when you stop, when you take breaks

#Screenshot and screen recording

• Periodic screenshots. Every 3-10 minutes is common. Some tools do continuous recording.
• Screenshot triggers. Some tools capture on application launch, browser navigation, or policy-violation triggers.
• Video playback. Security-focused tools let investigators replay entire workdays.

#Keystroke logging

• Full keylogging. Every keypress captured, including passwords (most tools claim to filter password fields, with variable accuracy).
• Search term logging. What you typed into search engines, internal search tools, Slack search.
• Content in emails, chats, documents. Before you send.

#Communication monitoring

• Email content. Sent and received, including personal email if accessed from work devices.
• Slack / Teams / chat. Including direct messages.
• Video call metadata. Who you called, duration, some tools record content.
• SMS. On BYOD devices with MDM, some tools capture text messages.

#Network activity

• DNS queries. Every hostname resolved.
• HTTP / HTTPS traffic. With SSL inspection (many enterprise deployments), the content of HTTPS traffic.
• VPN usage. Including time spent connected to which networks.
• File uploads. Especially to cloud services.

#Location and device

• GPS location on mobile devices with MDM.
• WiFi networks connected to (reveals home location, coffee shops, other workplaces).
• Device movement patterns. Some tools correlate WiFi + GPS to infer workday locations.
• Hardware inventory. What's plugged in, installed software, USB device usage.

#Productivity scoring

Increasingly, tools compute derived "productivity scores":

• Active time per day
• Focus time (consecutive minutes in a single application)
• Distraction ratio (switching frequency)
• Application categorization (Excel = productive, YouTube = distracting)
• Collaboration metrics (time in meetings, message response time)

These scores often drive performance reviews and management decisions.

#Behavioral analytics

Enterprise-focused tools like Teramind and Veriato include:

• Insider threat detection (unusual file access patterns, data exfiltration attempts)
• Behavioral baselines (alerting when you deviate from your normal patterns)
• Anomaly detection (login from unusual location, unusual app usage, unusual data transfer volume)

#Specific tool profiles

#Hubstaff

Primary use case: time tracking for contractors and remote teams.

What it captures:

• Screenshots every 10 minutes (configurable)
• Activity levels (keyboard + mouse movement)
• Website visits
• Application usage
• GPS location (on mobile)

What it doesn't capture (by default):

• Keystroke content
• Email / chat message content
• Audio / video

Typical deployment: announced to employees. Common in gig work, contracting, remote startups.

#Teramind

Primary use case: enterprise insider threat detection and DLP (data loss prevention).

What it captures:

• Everything Hubstaff captures, plus:
• Keystroke content (full logging)
• Email content (sent and received)
• IM content
• File activity (copy, move, delete, USB transfer)
• Printer activity
• Video recording of screens
• Behavioral analytics with anomaly detection

Typical deployment: often covert. Enterprise finance, healthcare, legal, government contractors.

#Veriato

Primary use case: enterprise behavioral analytics and investigations.

What it captures:

• Full keystroke logging
• Screenshot / video recording
• Email and document content
• Web browsing
• "Psychological profile" scoring based on sentiment analysis of communications
• Behavioral baseline deviations

Typical deployment: enterprise. Often used for specific investigations as well as general monitoring.

#ActivTrak

Primary use case: mid-market productivity monitoring.

What it captures:

• Application time
• Website time
• Screenshots (configurable)
• Productivity scoring
• Team dashboards

What it emphasizes: "coaching" framing. Tools for managers to identify productivity opportunities than surveillance.

Typical deployment: mid-market remote teams, 50-2000 employees.

#Microsoft 365 / Google Workspace built-ins

Microsoft Productivity Score (now partially rebranded as Viva Insights):

• Collaboration patterns
• Meeting load
• Focus time
• Email response times
• Aggregated org-level, drilldown to individuals at admin discretion

Google Workspace Work Insights:

• Similar scope
• Collaboration patterns, tool usage, meeting load

Both are enabled by default in many enterprise deployments. Most employees are unaware.

#Endpoint Detection and Response (EDR) "monitoring" features

Security tools like CrowdStrike, Microsoft Defender for Endpoint, and SentinelOne are primarily for detecting attacks. They also capture extensive telemetry that can be used for workplace monitoring:

• Process execution history
• Network connections
• File access patterns
• USB device activity
• User session activity

Most enterprises don't use EDR for productivity monitoring, but the capability exists.

#What's legal

The legal landscape for workplace monitoring varies substantially.

#United States

Federal baseline: the Electronic Communications Privacy Act (ECPA) of 1986 prohibits interception of electronic communications, with a broad exception for employers monitoring "in the ordinary course of business" of their own systems.

Result: employers can generally monitor any activity on company-owned devices and company-issued accounts, with minimal legal restrictions. Key limits:

• Personal accounts (personal Gmail, personal Facebook) accessed through work devices. Legal gray area
• Video/audio recording of employees in the workplace. Varies by state, most require consent or notice
• Monitoring of communications between employees and legal counsel. Prohibited in most contexts
• Monitoring during rest periods or off-hours. Varies

State variations:

• Connecticut, Delaware, and New York. Require employers to provide written notice before electronic monitoring.
• California. Strongest employee privacy protections. Requires consent for certain monitoring, prohibits some productivity-scoring use cases, restricts data sharing.
• Illinois. Biometric information (including keystroke biometrics in some interpretations) covered by BIPA, requiring consent.
• Oregon, Colorado. Worker-privacy-adjacent protections.

Most states have no specific workplace monitoring disclosure requirement. Employers can legally monitor without telling employees in most US jurisdictions.

#European Union

Substantially more restrictive:

• GDPR requires legal basis for employee data processing
• Monitoring must be proportionate, necessary, and disclosed
• Employees have rights to access monitoring data about themselves
• Works councils often have consultation rights on monitoring deployment

#Other jurisdictions

Variation is wide. Some countries (Germany, France) have strong employee privacy protections. Others (Russia, China) permit broad surveillance.

#How to know if you're being monitored

If you've been handed a work laptop, assume you're being monitored. That's the 2026 default.

Specific indicators:

#1. Check installed software

Windows: Settings → Apps → Installed Apps. Look for names like:

• Hubstaff
• Teramind
• Veriato
• ActivTrak
• Time Doctor
• InterGuard
• Spector / SpectorSoft
• Controlio

macOS: Applications folder. Same names plus macOS equivalents.

Look for unusual processes running. Task Manager (Windows) or Activity Monitor (macOS) can show what's actively running. Tools often have stealth names like "service.exe" or "com.apple.helper". The obvious names are the friendly ones.

#2. Check running services

Windows: services.msc shows all services. Look for employer-related names.

macOS: launchctl list shows launch agents/daemons.

#3. Check network connections

Windows: netstat -b (admin required) shows which processes have network connections.

macOS: lsof -i similar function.

Connections to domains owned by monitoring vendors are indicators.

#4. Check policy notifications

Many companies have employee handbooks or onboarding documents that disclose monitoring. If you've never read them, now's the time.

Some employers are required by state law to disclose. If your state requires it and you haven't seen a disclosure, that's itself informative (they're either non-compliant or haven't deployed monitoring).

#5. Ask your employer directly

"What monitoring software is deployed on my work devices? What does it capture? Who has access to the captured data?"

Competent HR should be able to answer. If they can't, that's informative.

#6. Observe behavior

• Screenshots happening: sometimes visible briefly as a "flash" in the window
• Unusual process activity: high CPU periodically when you're not actively using the computer
• Slow performance after a software update: new monitoring capability may have been added
• VPN required even for local work: traffic is being routed through central inspection

#What to do about it

If you've discovered monitoring and you're uncomfortable:

#Option 1: Accept it

Workplace monitoring is legal in most US jurisdictions. Your employer has legitimate interests in productivity and security. If the deployment is reasonable and you're not being harmed by it, accepting it may be the path of least resistance.

#Option 2: Minimize exposure

The practical defense is keeping personal activity off work devices and work accounts:

• Personal accounts (personal Gmail, banking, social media) on personal devices only. Never access from work devices.
• Personal messaging (SMS with family, personal Slack, iMessage on a personal phone) on personal devices.
• Health information, legal information, politically sensitive information on personal devices with personal accounts.
• Job searching from personal devices. This one particularly. Don't search for new jobs from your work laptop. Monitoring software captures this readily.

Rule: if you'd be uncomfortable with your employer reading it, don't do it on work devices or work accounts.

#Option 3: Raise the concern

If your workplace monitoring is unusually invasive or deployed without disclosure, the escalation options:

• HR discussion (may or may not resolve)
• Employment attorney consultation (if you believe monitoring is unlawful)
• State labor board complaint (in states with monitoring disclosure requirements)
• Employee organizing (if monitoring is contentious, a union or works council can negotiate limits)

#Option 4: Find a different employer

Monitoring norms vary widely by company. If your current employer's monitoring is intolerable to you, other employers have less invasive practices. During job search, interview questions:

• "What monitoring tools are deployed on employee devices?"
• "Do employees have visibility into their own monitoring data?"
• "What's the policy on personal activity on work devices?"

Employers with reasonable answers are available. Employers with evasive answers are informative.

#Specific scenarios

#Remote work

Remote workers are monitored more than office workers. Standard features:

• Screenshot capture (often every 10 minutes)
• Activity tracking
• GPS on mobile devices

Recommendations for remote workers:

• Keep a clean workspace during work hours. The screenshots go somewhere
• Don't have personal tabs open during work hours
• Use a separate personal device for personal activity, even if you're at home
• If your employer offers "focus mode" or "break mode" that pauses monitoring, use them

#BYOD (Bring Your Own Device)

If you use your personal device for work (via MDM enrollment):

• The MDM typically monitors work-related data and can monitor the device broadly
• Your employer can typically wipe your device remotely
• Personal content on the device may be accessible to your employer
• Terminating employment may trigger device wipe

Recommendation: avoid BYOD if possible. Request a company-issued device. If you must use BYOD, understand exactly what the MDM profile enables.

#Independent contractors

Contractors on Hubstaff, Time Doctor, or similar:

• Typically aware of monitoring (it's often the reason for these tools)
• Activity levels directly tied to payment
• Screenshots retained by the client / platform

Recommendation: use the tools as designed. Work during tracked time, don't work during untracked time (you're giving away unpaid labor). Don't mix personal activity with tracked work sessions.

#Unionized workplaces

Monitoring is often subject to collective bargaining. Your union may have negotiated limits on monitoring. Check your contract.

#Healthcare, finance, government

Industries with legal monitoring requirements (HIPAA, SOX, ITAR) often have more extensive monitoring by necessity. Employee expectations of privacy in these environments are lower. Compliance requirements drive the surveillance.

#The data-aggregation concern

Beyond "my employer watches me at work," an increasing concern is aggregation of monitoring data across employers and tools:

• Productivity scoring platforms that compare you to peers in your role/industry
• AI models trained on monitoring data to identify "ideal employee" patterns
• Employee turnover prediction based on monitoring data (are you about to quit? the model will tell HR before you do)
• Cross-employer data sharing via third-party analytics platforms that aggregate monitoring data

Your monitoring footprint at your current employer may be contributing to models that shape future employers' hiring and management decisions.

Largely unregulated. The legal and ethical framework for employee monitoring data lags the technical capability.

#For managers and HR

If you're in a position to shape monitoring policy at your organization, considerations:

• Disclosure builds trust. Employees who know what's monitored behave appropriately. Employees who discover hidden monitoring lose trust irrecoverably.
• Monitoring creates adversarial dynamics. High-trust workplaces outperform high-surveillance workplaces on most productivity metrics over time.
• False positives cause harm. Productivity scoring that punishes employees for non-tracked work (creative thinking, analytical work, rest breaks) is counterproductive.
• Legal exposure. Even where monitoring is legal, inappropriate use creates employment litigation risk.
• Employee privacy as a competitive advantage. In tight labor markets, "we don't run invasive monitoring" is a recruiting edge.

A more surgical approach:

• Monitor what's necessary for security and compliance
• Avoid productivity-scoring deployments
• Disclose monitoring fully, in plain language
• Give employees access to their own monitoring data
• Use aggregate analytics (team-level) than individual scoring where possible
• Don't deploy monitoring that measures things you don't need to manage

#What Valtik does in this space

Valtik's workplace-privacy consultations serve two audiences:

For employees concerned about monitoring: confidential consultations to assess your specific situation, identify what's likely deployed, suggest operational practices to protect personal content. And advise on escalation paths if monitoring appears unlawful or inappropriate.

For employers planning or reviewing monitoring deployments: consultations on legal compliance, employee communication, reasonable-use policies. And alternatives to invasive monitoring that achieve the underlying business goals.

Reach out via https://valtikstudios.com.

#The honest summary

Workplace monitoring is the norm in 2026. If you work remotely for a US employer, assume you're being monitored unless you've specific evidence otherwise. The legal framework permits broad monitoring. The ethical framework hasn't caught up.

The practical defense is compartmentalization: personal activity on personal devices, work activity on work devices. This isn't ideal. It's a workaround for an environment where your employer has decided the monitoring serves their interests.

At the organizational level, monitoring is a choice employers make. Some make it surgically and disclose clearly. Others make it invasively and hide it. You have information to make decisions about where to work. And as an employee you've some (limited) influence on the monitoring practices at your current employer.

Knowing what's watching you is the first step.

#Sources

1. Electronic Communications Privacy Act. Legal Analysis
2. Connecticut Employer Monitoring Law (Public Act 98-142)
3. Delaware Monitoring Disclosure Law
4. New York Electronic Monitoring Law (2022)
5. GDPR Article 88. Processing in the context of employment
6. Hubstaff Official Documentation
7. Teramind Product Documentation
8. Microsoft Workplace Analytics Privacy
9. ACLU Workplace Privacy Position
10. EFF Workplace Surveillance Guide