How can I monitor an employee's activity on a remote Mac?

macbook-pro activity-monitor logs

If you do not trust the remote worker, do not hire them.

Legal, not technical

This is a legal problem, rather than a technical one. You should agree to a contract with the remote worker stating the limits you desire and how they will be enforced.

See Stopping certain data from ever leaving your Mac? for a related question.


What you are asking is not a built-in feature of macOS. Data Loss Prevention (DLP) software and enterprise security monitoring & analytics tools (typically used by a Security Operations Center (SOC) staff.)

There are so very many ways to move data on or off a computer that there is no log that watches all of them. Data can be moved to a remote drive (e.g. USB thumb-drive), across a network via file-sharing (AFS, NFS, SAMBA, etc.) via file transfer protocols (ftp, sftp, scp, rsync), via email, messaging protocols, the web (http), and the list goes on and on.

Additionally, just because an application is run doesn't mean it was used for a nefarious purpose. Take email for example... while it would be possible to send source code as an attachment to an email message, most of the time that's not why people use email.

And then of course there are limitations of DLP and ways to get around it and what additional measures can be leveraged to protect against those work-arounds and... can you really think of every possible work-around? You could create an unprivileged account that can't change OS settings and limit the OS so that protocols are either removed/disabled or communications can only work through a corporate gateway, etc. But in the end... a person can generally circumvent and compromise the security of any machine they are allowed to hold in their hands.

Sensitive data needs to reside in an encrypted repository such that a utility is required to access that data ... and some type of gatekeeper keeps tabs on what data is accessed and by whom.

Appropriate security monitoring analytics software has the ability to guess that something suspicious is happening by monitoring normal access patterns and looking for irregularities. E.g. if a project consists of 50,000 files and there are a 100 developers and the average developer needs to work with 25 files per week (I'm making these values up) ... but suddenly just one of the developers starts accessing thousands of files ... then this deviates strongly against the normal access patterns and generates an alert. This is just one example to give you an idea of the sort of tools used.


Actually, assuming the employee is aware of the monitoring, and it is legal where you live, simple screen sharing will allow this and is built into macOS. It is designed for controlling a remote Mac but would allow you to view the screen(s) without going whole hog into a whole DLP infrastructure.

Apple Remote Desktop will also give you the same viewing ability with added remote control abilities.

But do note that viewing another person's computer without their permission or knowledge may be unlawful, depending on the laws where you live. It is important that you consult legal counsel for advice in this matter if you have not done so already.

Related

How to tie "Primary" and "Secondary" monitor spaces?
unable to create partition on free space using disk utility
How to merge 2 partitions on macOS
Text To Speech - Custom Rate (not on the slider)
How to route traffic out a non-standard interface using pfctl?
macOS Terminal.app can't split with Command + D
Adding Bytes Using a Hex Editor
macOS High Sierra not reinstalling— locked OS x Base System
Custom short commands to open apps
Chrome in full screen weird behavior when pressing option + command + M
iMovie crashes on first startup
Is there a keyboard shortcut for the System Preferences lock?