Protect your business and stored data
Comply with cybersecurity measures required by GDPR
ET Seguridad is a user activity monitoring software that secures and reports the use of your company’s files by your employees. Protect your data with the access log and avoid unauthorized uses of your devices.
Which are the advantages of activity tracking and control software?
Security and control
Monitor, control and supervise everything that happens on your business computer network.
Control who accesses, deletes or modifies files at any time.
Monitor internet browsing and require a password to open certain programs or files.
Schedule timed screenshots on devices and cloud store them.
Register and control what is transferred to/from USB drives.
Improve your productivity
Register employees’ activity and get usage reports.
Know the actual usage time of each program and the absence of activity.
The usage time is recorded imperceptibly for the user.
Get productivity reports with usage statistics.
Account for the time invested on your customer's projects.
Global solution for GDPR compliance and data protection.
When logging in, show GDPR notice so that the user agrees.
Cloud stored monitoring and access logs, convenient in case of telework.
Useful employee time clock app is included.
Moreover, encrypt files and USB drives with ET Encrypt.
Contact us with your company’s requirements and get a free non-binding trial for 30 days, only for you.
Access control and monitoring software
Prevent unauthorized use of your company’s files by employees. Monitoring software records the user activity, but this it is not a gesture of mistrust towards your team. It is one of the security measures required by GDPR.
Keep in mind that malware can be installed while browsing certain web pages, causing computer crash or even worse, security gaps. A monitoring software supervises and controls everything that happens on the device.
All mandatory security measures by the GDPR
Establish strict access control system on your business network. Know which user opens which files and from which computer, even if they are teleworking from home.
Protect the access to programs and files
Request to enter username and password whenever a user opens a certain file or program. This way you will control the use of programs that normally could not be supervised and restricted.
Monitor internet browsing
Disable the access to web pages you decide and track your employees’ browsing history even on private browsing. It works for all browsers.
Schedule timed screenshots
You can schedule timed screenshots on company’s computers as often as you like. They can also be triggered on certain events, for example: if user visits Facebook or if opens a certain file.
Improve your business productivity
With ET Seguridad you will obtain reports about time invested on each program by employees.
Know the time dedicated to each task
Monitoring software register the active window’s name and the time spended. You don’t need any timer. Moreover, it also registers the absence of activity.
Get productivity reports
You can get productivity reports on an email address of your choice and analyze the statistics to improve your business productivity.
Account for the time invested in a customer’s project
Thanks to productivity reports, you can account for the time your team invests in a project.
Better control on teleworking
Thanks to monitoring tools and productivity reports you will reinforce confidence on your team, wherever they are.
100% guaranteed GDPR compliant
ET Seguridad is the only complete GDPR security software. It guarantees all security levels required by law.
ET Seguridad guarantees the right to digital disconnection and data protection required by telework regulations.
Employee time clock app is included
Your workers will be able to register the beginning and end of their day on their computers. If you wish, schedule an automatic check-out if computer goes on inactivity.
Displays GDPR notice when logging in
Every time a user logs in his computer, GDPR notice will be displayed on screen informing his activity will be tracked and explaining his data protection obligations.
Registers are cloud stored for 48 months
Tracking data and usage information are cloud stored for 48 months, as required by GDPR. You can review all this information at any time you want.
ET Seguridad includes ET Encrypt
ET Encrypt encrypt files and folders with AES 256 algorithm. With it you can also encrypt external USB devices to prevent data leaks. This is one of the mandatory security measures by the GDPR. Know more here >
Specially designed to protect your data easily
Manage your business network remotely
ET Seguridad is cloud stored monitoring software, so there it doesn’t need in-house network. Track activity from anywhere, as long as you have internet connection.
You can also change settings at any time, for example, you can schedule timed screenshots or blocking new websites for a certain user who is teleworking.
Keep tracking without internet connection
Even if a computer is not connected to the internet, ET Seguridad will be still tracking and locally storing information. For example, if an employee is working on a laptop while he’s travelling by plane.
When the device regains internet connection, ET Seguridad will upload the information automatically.
Get notificated in case of trouble
Get ready ET Seguridad and don’t worry. In case of trouble, such as some device that stopped activity tracking, you will get an email notification.
Notificacions will save you time, since it won’t be necessary for you to check the software to see if everything works correctly.
Is your company complying with the Telework Law?
The Royal Decree-Law on remote work entered into force in October 2020.
Download our e-book and discover what measures you should apply in terms of data protection and information security.
ET Security includes ET Encrypt
With ET Encrypt you will easily encrypt all types of files with a practically impenetrable algorithm, also for send encrypted information by email .
With it you can also encrypt removable USB drives to prevent information leaks.
Should I inform users?
Indeed, it turns out totally mandatory . Through the information screen that appears at each team login, the following is done:
- status of workers : the art. 20.3 allows the “Employer adopt the measures that he deems most appropriate for surveillance and control to verify compliance by the worker of his obligations and labor duties, keeping in their adoption and application the consideration due to his human dignity and taking into account the real capacity of the workers. handicapped workers, if applicable. “
The business organizational powers are limited and conditioned by the rights of the worker, being obliged to respect them. In order for the organization to be able to control the use of the computer without violating the right to privacy, it not only has to establish the instructions for use. In addition, it should be noted of the controls that the company is going to carry out to control this use.
It is not enough, then, for the employer to validly establish an absolute prohibition of private use of the company’s means. It must give notice of the controls and procedures that are going to be used to know the use that the worker gives to the computer (in this case, monitoring and access control software).
“If a monitoring software is installed, it must be communicated reliably”
As long as there is no business regulation or a “code of conduct” regarding the use of computers and Internet access by workers, (and not be communicated to the workers in a reliable way ) there can be no breach of contractual good faith (for the mere non-harmful use). Nor can the employer exercise controls and records on the computers of the workers. The reason is that they are protected by the right to privacy as a consequence of the doctrine established by the ECHR of April 3, 2007 (ECHR 2007.23) (Copland Case).
Furthermore, the privacy guarantee is not restricted to email. It also extends to the worker’s personal files as well as temporary files. These are copies that are automatically saved on the hard drive of the places visited on the Internet. These files may contain sensitive data regarding the privacy of the worker, insofar as they can incorporate revealing information on private aspects (ideology, sexual orientation, personal interests, etc.).
- RLOPD (Royal Decree 1720/2007, of December 21, approving the regulatory development of Organic Law 03/2018, of December 5, on the protection of personal data and guarantee of digital rights). The art. 89.2 states that “The staff must understand in an understandable way the security regulations that affect the performance of their duties, as well as the consequences that could be incurred in the event of non-compliance.”
How to inform users about monitoring software?
The simplest way for the employer is to proceed to communicate reliably to the workers of the organization about:
- The permitted uses of computers.
- Internet access permissions, as well as the mechanisms that will be implemented for their control, (also available with the monitoring software).
In this way, if these technologies are used for private purposes contrary to these guidelines or prohibitions, and with knowledge of the applicable controls and measures, it will not be understood that the control has violated “a reasonable expectation of privacy”.
Can I carry out a time control?
Companies are obliged to keep a daily record of the hours that each employee works, in order to be able to ensure the control of overtime. This control, according to the National Court (AN), must be carried out even in those companies in which overtime is not done.
In letter c) of section 4 of article 12 of the Workers’ Statute establishes that: “ the working hours of part-time workers will be recorded day by day and will be totaled monthly, giving the worker a copy, together with the salary receipt, of the summary of all the hours worked each month ”.
The ruling, dated December 4, 2015, determines that “The registration of working hours, not overtime, is the constitutive requirement to control excess hours”. Furthermore, it asserts that the denial of this registration “It places workers in a defenseless situation that cannot be tempered because overtime hours are voluntary, since the only means of accrediting them is, precisely, daily control” .
The creation of a registry, the resolution concludes, will eliminate any doubt about whether or not overtime is done and whether it is voluntary.
Do I have to limit access control to certain data and functions of the equipment?
Not only that, but it is mandatory in compliance with art. 91 of the RLOPD: “Limit access only to those resources that users require for the development of their functions” .
With ET Seguridad you can authorize or revoke the authorization of access to programs, files by type or browsing on the Internet.
Is it necessary to define user profiles?
If the computer equipment is not managed through personal user accounts, it will be necessary to define user profiles in the ET Security application itself that allows guaranteeing:
- 91.3 of the RLOPD: Requirement of the establishment of “ mechanisms to prevent a user from accessing resources with rights other than those authorized . “
- 93.1 of the RLOPD: Mandatory nature of the “Adoption of the measures that guarantee the correct identification and authentication of the users” regardless of the level of security of the data that you are going to use and process.
- 93.2 of the RLOPD: Requirement of the establishment of “A mechanism that allows the unequivocal and personalized identification of all those users who try to access the information system and the verification that they are authorized.”
- 31 bis of the Penal Code (approved in Organic Law 1/2015, of March 30). In order to avoid criminal liability of the company for possible crimes committed by its directors, employees and collaborators, the implementation of organization and management models that seek the exemption / mitigation of criminal liability of the company and its directors is foreseen . The risk, today, that a legal person may be involved in a crime against privacy or computer intrusion (art. 197 of the Penal Code) is so great that restrictive and security measures must be imposed with maximum zeal. Obviously, the technical degree of this risk will involve independent technical advice from IT specialists, engineers or qualified personnel.
What type of passwords should I define?
When the authentication mechanism is based on the existence of passwords, it must be ensured that they:
- 93.2 of the RLOPD: Unique passwords will be defined for each user so that “Allow the unequivocal and personalized identification of all users who try to access the information system and verify that they are authorized.”
- 93.3 of the RLOPD: The storage of passwords must guarantee “Your confidentiality and integrity.”
Can I manage the passwords?
Indeed, through ET Security it is possible to easily and intuitively manage the password options of the Windows policy. This allows the configuration of:
- Minimum password length.
- Minimum and maximum validity of the password.
- Password history.
- Blocking threshold.
- Duration of the blockade.
This configuration complies with:
- 93.4 of the RLOPD: The periodicity of password renewal “In no case will it exceed one year.”
- 98 of the RLOPD: From the treatment of data considered of medium level, the establishment of “A mechanism that limits the possibility of repeatedly attempting unauthorized access to the information system.”
Is it possible to control Internet browsing?
Not only is it possible, but the control of Internet browsing is a mechanism to verify compliance on the part of the worker of his obligations and labor duties. Said control cannot be carried out in any way, so the employer must proceed to communicate reliably to the workers of the organization the permitted uses of Internet access, as well as the mechanisms that will be implemented for its control. (Check the answer to the question Should I inform users?).
According to a study carried out by Robert Half International, a company specialized in executive personnel, surfing the Internet leads the list of tasks in which time is wasted during the work day. To avoid excessive use, around 25% of Spanish companies have limited the use of the Internet at work, according to a survey carried out by Adecco.
With our ET Security monitoring software, it is also possible to record and control Internet access and generate reports of time spent on the different pages visited. At the same time, it allows the customization of blacklists (access denied to web pages) by team.
Can I monitor user access to system resources?
Naturally yes. The Administrator can activate the monitoring of attempts to access applications, files located in certain directories, encrypted files, files located on USB-connected devices and web pages on the Internet.
When the data contained in the files or accessed through the applications are considered to be of a high level of security, art. 103.1 of the RLOPD establishes that: “From each access attempt, at least the user’s identification, the date and time it was made, the accessed file, the type of access and whether it has been authorized or denied will be saved.”
For how long can I store access logs?
When the data contained in the files or accessed through the applications are considered to be of a high level of security, it is not only mandatory to record the access, but art. 103.4 states that “The minimum period of conservation of the registered data will be two years.”
ET Seguridad stores access records by default for 2 years, although it is possible to extend the term.
What use are the screenshots for me?
Screenshots are a graphic tool for recording the activity carried out within the organization. Trigger settings allow defining those events that will be photographed (or captured) when they occur, defining the time between captures and the storage time for the images.
How can I check the registered information?
Not only is access registration necessary, but said registration information must be accessible by those responsible for its review and analysis. The art. 103.5 of the RLOPD establishes that “The security officer will be in charge of reviewing the registered control information at least once a month and will prepare a report of the reviews carried out and the problems detected.”
The monitoring software incorporates a report viewer of access to applications, files and web pages visited, encrypted files, screenshots and time control, fully exportable for review by authorized personnel.
Do I have an analysis tool or service?
Of course, in order to facilitate the Security Manager the task of analyzing the information and preparing the report of the reviews and problems detected, required in art. 103 of the RLOPD, offers the service of managed activity analysis . Said analysis includes the provision of a report with details of the activity record and usage and access statistics.
Why should I encrypt the data?
Why it is mandatory to guarantee improper access to information during its transport or transmission. Data encryption is the process by which readable information is transformed by an algorithm into unreadable information. This illegible information can be sent to a recipient with much less risk of being read by third parties.
The regulatory development of Organic Law 03/2018, of December 5, on the protection of personal data and guarantee of digital rights establishes:
- 92.3 of the RLOPD: In the transfer or sending of documentation “Measures will be adopted to prevent the theft, loss or improper access to information during its transportation.”
- 101.2 of the RLOPD: The distribution of media containing high-level personal data “It will be done by encrypting said data.”
- 104 of the RLOPD: The transmission of high-level personal data through public networks or wireless electronic communications networks “It will be done by encrypting said data.”
When should my users use the encryption tool?
Whenever they wish to guarantee the integrity and confidentiality of the information contained in work equipment, portable devices or that documentation that is attached to an email.
For this, the ET Encrypt encryption module offers different modes of use:
- Folder Encryption / Decryption: Encrypts / decrypts the contents of an entire folder.
- File encryption / decryption: encrypt / decrypt file content with online decryption option (at no cost to recipient).
- Creation of secure folder: automatic encryption of the files contained in the secure folder for private use by the user.
Converting from removable device (connected by USB) to secure device: the encryption application allows the creation of the secure folder on the external device with automatic encryption of the files contained in it for the safe transfer of the device.