Do you know what your company's computers are doing right now? Sure, they're being used to run your business. But what else are they up to behind your back? Are there any other programs running silently in the background, monitoring employee activity and sending confidential information about your company back to other organisations? Unbelievable though it may sound, there's a pretty good chance that this is indeed the case in your company.

According to a recent survey conducted by UK-based security consultancy PanSec, more than 90% of all company PCs are infected with so-called "spyware". This is the term given to software that gets installed without the user's permission and which covertly gathers and transmits data about the usage of the machine.

A report by IT market analysts The Aberdeen Group claims that there are more than 7,000 spyware programs in existence right now, running on millions of corporate and personal computers.

No computer that's linked to the Internet is immune. A spyware program isn't technically a virus so most antivirus scanners don't attempt to stop it. And spyware doesn't exploit bugs in Windows, so installing all the latest Microsoft security patches can't prevent it either.


Spyware gets into a PC by being bundled with legitimate products. If you download and install any of the best-known file sharing applications, for example, you have no choice but to accept the spyware that it also installs and through which the free services are often funded.

Once installed, spyware starts monitoring the way that the computer is used and feeding back the information to the Website operators who sponsored the program's distribution. The site operators want to understand precisely how a visitor travels through their site, and which menu options he or she clicks on. They want to know which other sites are visited, for how long, at what time of day, and which types of adverts get clicked. They want to know which applications are installed on the victim's computer, and where he or she is based (which can be gathered from the user's email address or the phone number programmed into the modem).

The spyware distributors then use all this information to present your staff with adverts for products that they hope you're most likely to buy. And the database of usage statistics also gets sold to other marketing companies and spammers.

But does spyware really matter? What does it matter if everyone knows the intimate details of your staff's surfing or shopping habits? Not only is it an invasion of privacy, it can also be a security risk. Do you really want a collection of large marketing organisations to know everything your employees use the Internet for? For example, if staff are researching new products or sending emails to potential clients, is it really acceptable for details of such activity to be disclosed to all and sundry?