The days of imagining the implausibility of Orwellian-esque monitoring of messages in the workplace are long gone. The question now turns towards how much, and how often, it might be happening. As an employer, you wonder if you should do it and if it's even possible; as an employee, you wonder how careful you should be. The most obvious place where these questions manifest themselves are where office conversations take place: workplace communication tools.
Skype, one of the most popular VoIP and communication technologies, has found itself among throngs of workplace chat apps, like Slack and Stride (formerly HipChat), where questions about the possibility and plausibility of monitoring conversations arise.
Whether your small company is using Skype to chat to colleagues, or your enterprise is using Skype for Business to collaborate or host meetings, monitoring Skype conversations is a common concern on the forefront of yours—and likely your employees'—minds.
If you think that you need to start monitoring Skype conversations but aren't sure if it's possible, I'll outline some of the factors that you should consider before making a decision. As a quick recap before we dive in:
Skype is a free communication and VoIP tool for consumers, which can be used by businesses of up to 25 people (as recommended by Microsoft).
Skype for Business is Skype's business offering. Before there was Skype for Business, there was Lync, Microsoft's business chat tool. After acquiring Skype in 2011, Microsoft rebranded Lync as Skype for Business in 2014. It has two versions:
Skype for Business Online is the cloud-based version, which is part of the Microsoft Office 365 Suite
Skype for Business Server is the on-premise version, which is deployed using a company's servers and meant for large enterprise organizations.
It's also recently launched Skype Meetings, which is a free online app for hosting meetings (we won't go into much detail about that here).
First thing's first—you'll want to know what type of security standards Skype offers in order for a business to keep its employees (and their conversations) secure. Because they're actually two different tools, Skype and Skype for Business offer quite varying security standards and features.
As a tool meant for consumer use, Skype is encrypted for any conversations taking place between Skype users. Instant messages, calls, and file transfers are all encrypted using 256-bit AES encryption, an industry standard that's also being used by the US government.
For calls that take place between Skype users and landline or mobile phone networks (known as PTSN), only the Skype portion of the conversation is encrypted. Privacy settings let you choose who can see your profile information, manage your conversation history, and block contacts.
Skype for Business, being more geared towards the compliance-heavy big business set, has more robust security standards than its consumer counterpart.
Skype for Business Online offers the same standard of security as Microsoft's set of cloud products in Office 365. This includes encryption at rest and in transit, threat management, and security monitoring, among many others.
Skype for Business Server offers the same—if not more—features, including server-related security options like central management storage, server-to-server authentication, role-based access control, and planning and design tools.
Yes—both Skype and Skype for Business offer varying degrees of monitoring.
Skype Manager is the central control center for Skype, and it's where a company can monitor usage for things like time, date, duration, and destination of calls and conversations. This is where administrators can view the activity of its members, although permission is required from members to access the data mentioned above. Without it, administrators can only view the credit balance of its members.
When it comes to Skype for Business, monitoring capabilities are much more robust to be able to fulfill the advanced needs of larger businesses and corporations.
With Skype for Business Online, the data is stored on Microsoft's servers, which means that you might not need to monitor the system as closely as you would if you were using your own servers. Monitoring with Skype for Business Online includes getting data and reports on things like peer-to-peer activity, conference participant activity, 'clients used' reports, and 'blocked users' reports. It also offers the option to turn on the Call Quality Dashboard in order to monitor call quality.
Monitoring calls over Skype for Business Server generally comes from a quality assurance perspective, with detailed steps and processes for how to set that up. Much like the cloud version, Skype for Business Server offers peer-to-peer activity summary reports, which includes data similar to that in Skype Manager, but with more detail. Call detail recording also records usage and diagnostic info about all forms of peer-to-peer communication using Skype for Business Server, including instant messaging, file transfer, and VoIP calls.
If you're using Skype, conversations are stored on your hard drive for a set time period. For both Windows and Mac users, those conversations can only be accessed in a folder on your hard drive, although Skype also saves the last 30 days of your conversation history in the cloud so that if you log in using another device, you'll be able to see your most recent conversations.
Skype for Business Online stores conversations exclusively in a Microsoft Exchange folder, much to the chagrin of many users. This folder is called "Conversations", and will appear as in an employee's Outlook. The biggest issues that employers are running into with this feature is that individual employees can disable the conversation history being saved to Outlook (hence, not saving it at all).
The only way that conversation history can be automatically stored outside of the Exchange folder is with Skype for Business Server. Here, the conversations are stored on your server, making it easier to manage the conversation history of employees who are using mobile devices to access Skype for Business. The settings can be changed following these instructions.
Given the features outlined above, it's clear that Skype for Business offers more capabilities for monitoring Skype conversations than its consumer counterpart (and Server, understandably, is more robust than Online).
With Skype, there is no explicit mention of monitoring or being able to access conversation history or call monitoring options, although there are third party tools which claim to log conversations and calls. In theory, if your business is using Skype, it would need access to an employee's physical device in order to get access to their conversation history.
With Skype for Business, there is more possibility to monitor conversations, as well as to request and access data related to those conversations without having the physical device. There is, however, one huge caveat: the law.
Technically speaking, Skype conversations can be monitored, but it's largely dependent on your company's policies and the privacy laws in your state. Monitoring and surveillance of business communication is usually subject to exceptions based on your company owning and administering the devices used for communicating and running the network. A good breakdown of employee privacy rights can be found here. The key is to both inform employees of the potential of monitoring their conversations, and to make sure that you aren't breaking any local privacy laws or HR breaches.
If you have to (or want to) be able to monitor Skype conversations on a regular basis, you're better off with Skype for Business Online or Server—just make sure that you're not stepping outside the boundaries of the law.