Internet Abuse in the Workplace
The Internet has become an invaluable resource in the workplace, the world’s biggest reference library, social media center, and pornography outlet is now only a click away. This availability presents a significant risk factor for employer liability and costs employers thousands of hours in productivity each day. Monitoring employee internet use is one way to reduce employer liability, and whether or not you agree with the principles behind internet monitoring, many employers agree that it is a necessary evil.
Internet abusers range from upper management employees in private offices viewing hardcore pornography, to the department assistant in a cubicle that spends 3 hours a day doing online shopping, making travel arrangements, and paying bills through the company Internet. Internet abuse is endemic in the workplace and organizations are being forced to face the problem head on, or suffer the consequences.
Among the many consequences of internet abuse is a loss of productivity and scores of litigation issues such as sexual harassment, hostile work environment and discrimination. Monitoring Employee Internet access is one way that an organization can limit its liability.
Defining Internet Abuse
Defining Internet abuse is the first challenge, and creating an organization wide acceptable use policy (AUP) is the first step in the definition. An AUP defines what constitutes internet abuse in your organization. What was acceptable internet behavior in one organization may be unacceptable in another, so the AUP is a highly customized policy, based on the organizational mission. The organization determines what lines will be drawn when it comes to internet abuse.
The key to a successful AUP implementation in most organizations is similar to other policy development issues in the workplace. There must be “buy-in” from the “top-down”, in other words, the leaders of the organization must agree to the principles of the AUP and endeavor to push that policy down to the directors, managers and supervisors within the organization. The most critical stage of AUP development is dependent on upper management “buy-in” and their willingness to demonstrate the importance of this policy to the rest of the organization.
Holding a series of Internet workshops with the employees of your organization is one way to introduce your new acceptable use policy. As an educational session, an internet workshop can address the sensitive issues surrounding internet abuse in an open forum where employees can ask questions and provide input in a non-confrontational setting.
During the internet workshop, the organization can begin to educate the employees about Internet abuse and give them a chance to re-evaluate their internet habits at work. It is important to be as open as possible with your employees regarding your chosen methodology for enforcing the AUP.
For example, if the organization has decided to employ internet blocking technologies, the AUP should define the specific types of websites that will be blocked, for example, many organizations block pornography, “gross depictions” and “hate” websites. Discussing the types of websites the organization has decided to block and answering questions regarding the reasons for blocking will reinforce the organizational mission, and demonstrate the types of websites that are inappropriate within your organization.
If your organization is going to monitor and report on employee internet access, the workshop will give you a chance to show the employees what the internet reports look like, and discuss the circumstances in which they will be used. Taking the mystery out of what the organization is planning in regards to internet monitoring and blocking will reduce employee speculation and set new expectations throughout the organization.
Problems with Internet Monitoring
The technical aspects of blocking website access and monitoring employee internet access are not without problems. The software for blocking websites has advanced tremendously over the past 5 years; however, there are still problems with blocking “all” inappropriate websites and blocking websites that you did not intend to block. No system is perfect and you will need assistance from your selected software / hardware vendor in addition to your information systems department.
If possible, it is always better to meet, in person, with the vendor representatives prior to the purchase of any internet monitoring software. Voice your concerns with the vendor and secure “after sale” support with the vendor help desk. If you have an information systems department, make sure they are involved from the start of the project to help address any technical problems that the new system could bring.
Monitoring Employee Internet Access- the People Side
Outside of the technical issues that will occur, the people side of internet monitoring can be the most problematic of all. Even with the dissemination of information given at the internet workshop and taking great care during your policy development, some employees will, inevitably feel that internet monitoring is unfair. Given this fact, it is of the utmost importance that the internet reports are accurate, beyond question. Even if they are correct, there are still issues to consider. The scenarios listed below are examples of how employees could react if they are confronted with the accusation of internet abuse. Moreover, the excuses below may be completely accurate and good explanation by the accused.
“It wasn’t me!”
It’s always possible that some other person was on the accused employee’s computer surfing the Internet. Once a user steps away from the computer anything can happen. Another person sits down and starts using the computer logged in as the accused, everything they do on the Internet is recorded under somebody else’s name. One suggestion is to have the user lock their computer before leaving for an extended period of time; this will reduce the chances of misidentification of the internet abuser.
“They have my password”
This is a similar situation to the one mentioned above, if I have a user’s password, I could log-in as the user and all of my internet access would be attributed to them. How they got the password is another issue entirely, however the user makes a good point and has a potentially valid excuse for an internet report that shows abuse.
“The Internet Report is Wrong”
This can occur if the monitoring software is setup incorrectly or if there are network issues causing identification problems. This is another reason why you want your information systems department involved from the start and technical support from the vendor who sold you the internet monitoring solution. Defending a internet report that shows abuse is a difficult when you don’t understand how the technical aspects of internet monitoring work.
The Bottom Line
Internet reporting is not an exact science, the reports could be wrong, and the person accused of Internet abuse may be completely innocent. The key is to research the potential offender and look into their history. People who abuse the internet usually have a history of doing so, so look into their past Internet use first and then look at the internet records on their computer. In short, do a “reality check”. Too often we take technology for its word and fail to look on the human side for insight that may confirm or make us question our suspicions. This practice will help reduce the number of errors that could be made during the investigation of internet abuse, and help the employer maintain their credibility.
Internet abuse is a fact of life in most large organizations today. Monitoring employee internet use and employing blocking technologies can be helpful in reducing employer liability and improving employee productivity. Developing an acceptable use policy to outline acceptable internet behavior in your organization is the first step in the process. To implement this policy successfully, the policy must be supported by upper, mid, and line level managers. The organization should endeavor, with enthusiasm, to educate the employees of the organization about internet abuse and share the organizations plans to monitoring use and block inappropriate websites.
Prior to purchasing a software or hardware solution for internet monitoring / blocking, a vendor should be selected and invited into the organization to explain the technical problems that can occur with internet monitoring and blocking technologies. During this vendor selection process it is very important to include your information systems department and other technical staff. Arranging after-sale support with your vendor of choice is highly recommended.
Finally, there is the people side of the problem. Internet monitoring and blocking are only as good as the software and hardware solutions that are developed. There are many ways that these solutions can fail, so doing a thorough investigation prior to accusing an employee of internet abuse is also highly recommended.
Steve Thomas is a network analyst and has a website located at http://www.drivinglaws.org that provides information about hands-free driving laws across the United States