Usually the term spyware is used in the context of discussing IT provisions against malware. This is easy to understand, since a vast majority of the spyware in use in the cyber world is in fact malicious in nature.
However, another class of software functions much like spyware, but it is mainly used in a benign fashion: the internal monitoring program. A keylogger system, for example, is not necessarily a bad thing. What makes it bad is the use to which the harvested information is put. When a hacker logs keystrokes in order to determine employee user names and passwords at an online service, he or she is committing a criminal act.
An employer, on the other hand, might use the same type of program in order to track employee output in terms of characters typed per minute; the same employer might also read the keystrokes more directly in order to ascertain what percentage of a worker's time is being directed toward personal matters such as online shopping excursions. These uses of spyware have been held by the courts to be entirely legitimate when the computers and networks in question are the property of the employer and not the employee. This reflects a very real aspect of IT risk management: sometimes the risk to be managed involves employees' use of the hardware and software being provided to them.
There are some areas in which companies would be wise to exercise great discretion when it comes to using IT solutions to monitor their employees. The Obama administration has recently reminded federal agencies to be careful when monitoring employee e-mails that concern ‘whistle-blowing’, or the reporting of some form of misconduct. Although the admonition does not apply directly to private industry, court cases over the years and a variety of federal and state laws make it clear that employers may place themselves at risk if they use information garnered through monitoring to retaliate against workers who are acting as whistle-blowers.
This means that any business deciding to use monitoring should be sure to get legal advice about the proper use of any data gathered about the activities of workers. For information, however, about technical aspects of the practice, about the types of software and hardware that can be useful in order to set up an employee monitoring system, it is best to work with an IT company. SMB-focused iCorps can help you explore how a managed programs model for IT support can keep a monitoring system up and running.