The Internet has become an invaluable resource in the workplace; the world’s biggest reference library, social media center, and pornography outlet is now only a click away. This availability presents a significant risk factor for employer liability and costs employers thousands of hours in productivity each day. Monitoring employee internet use is one way to reduce employer liability. Whether or not you agree with internet monitoring principles, many employers agree that it is a necessary evil.
Internet abusers range from upper management employees in private offices viewing hardcore pornography to the department assistant in a cubicle that spends 3 hours a day doing online shopping, making travel arrangements, and paying bills through the company Internet. Internet abuse is endemic in the workplace, and organizations are being forced to face the problem head-on or suffer the consequences. Among the many consequences of internet abuse is a loss of productivity and scores of litigation issues such as sexual harassment, hostile work environment, and discrimination. Monitoring Employee Internet access is one way that an organization can limit its liability.
Defining Internet Abuse
Defining Internet abuse is the first challenge, and creating an organization-wide acceptable use policy (AUP) is the first step in the definition. An AUP defines what constitutes internet abuse in your organization. The acceptable internet behavior in one organization may be unacceptable in another, so the AUP is a highly customized policy based on the organizational mission. The organization determines what lines will be drawn when it comes to internet abuse.
The key to a successful AUP implementation in most organizations is similar to other workplace policy development issues. There must be “buy-in” from the “top-down”; in other words, the organization’s leaders must agree to the principles of the AUP and endeavor to push that policy down to the directors, managers, and supervisors within the organization. The most critical stage of AUP development is dependent on upper management “buy-in” and their willingness to demonstrate the importance of this policy to the rest of the organization.
Internet Workshops
Holding a series of Internet workshops with your organization’s employees is one way to introduce your new acceptable use policy. As an educational session, an internet workshop can address the sensitive issues surrounding internet abuse in an open forum where employees can ask questions and provide input in a non-confrontational setting. During the internet workshop, the organization can educate the employees about Internet abuse and give them a chance to re-evaluate their internet habits at work. It is important to be as open as possible with your employees regarding your chosen methodology for enforcing the AUP.
For example, if the organization has decided to employ internet blocking technologies, the AUP should define the specific types of websites that will be blocked; for example, many organizations block pornography, “gross depictions,” and “hate” websites. Discussing the types of websites the organization has decided to block and answer questions regarding the reasons for blocking will reinforce the organizational mission and demonstrate inappropriate websites within your organization.
If your organization is going to monitor and report on employee internet access, the workshop will give you a chance to show the employees what the internet reports look like and discuss the circumstances in which they will be used. Taking the mystery out of what the organization is planning regarding internet monitoring and blocking will reduce employee speculation and set new expectations throughout the organization.
Problems with Internet Monitoring
The technical aspects of blocking website access and monitoring employee internet access are not without problems. The software for blocking websites has advanced tremendously over the past 5 years; however, there are still problems blocking “all” inappropriate websites and blocking websites that you did not intend to block. No system is perfect, and you will need assistance from your selected software/hardware vendor in addition to your information systems department.
If possible, it is always better to meet, in person, with the vendor representatives before the purchase of any internet monitoring software—Voice your concerns with the vendor and secure “after-sale” support with the vendor help desk. If you have an information systems department, make sure they are involved from the project’s start to help address any technical problems that the new system could bring.
Monitoring Employee Internet Access- the People Side
Outside of the technical issues that will occur, the people side of internet monitoring can be the most problematic. Even with the dissemination of information given at the internet workshop and taking great care during your policy development, some employees will inevitably feel that internet monitoring is unfair. Given this fact, it is of the utmost importance that the internet reports are accurate, beyond question. Even if they are correct, there are still issues to consider. The scenarios listed below show how employees could react if they are confronted with the accusation of internet abuse. Moreover, the excuses below may be completely accurate and a good explanation by the accused.
“It wasn’t me!”
It’s always possible that some other person was on the accused employee’s computer surfing the Internet. Once a user steps away from the computer, anything can happen. Another person sits down and starts using the computer logged in as the accused; everything they do on the Internet is recorded under somebody else’s name. One suggestion is to have the user lock their computer before leaving for an extended period of time; this will reduce the chances of misidentifying the internet abuser.
“They have my password.”
This is a similar situation to the one mentioned above; if I have a user’s password, I could log-in as the user, and all of my internet access would be attributed to them. How they got the password is another issue entirely. However, the user makes a good point and has a potentially valid excuse for an internet report that shows abuse.
“The Internet Report is Wrong”
This can occur if the monitoring software is set up incorrectly or network issues causing identification problems. This is another reason you want your information systems department involved from the start and technical support from the vendor who sold you the internet monitoring solution. Defending an internet report that shows abuse is difficult when you don’t understand how the technical aspects of internet monitoring work.
The Bottom Line
Internet reporting is not an exact science, the reports could be wrong, and the person accused of Internet abuse may be completely innocent. The key is to research the potential offender and look into their history. People who abuse the internet usually have a history of doing so, so look into their past Internet use first and then look at the internet records on their computer. In short, do a “reality check.” Too often, we take technology for its word and fail to look on the human side for the insight that may confirm or make us question our suspicions. This practice will help reduce the number of errors made during the investigation of internet abuse and help the employer maintain their credibility.
Summary
Internet abuse is a fact of life in most large organizations today. Monitoring employee internet use and employing blocking technologies can help reduce employer liability and improve employee productivity. Developing an acceptable use policy to outline acceptable internet behavior in your organization is the first step in the process. To successfully implement this policy, the policy must be supported by upper, mid, and line-level managers. The organization should endeavor, with enthusiasm, to educate the employees of the organization about internet abuse and share the organization’s plans to monitor the use and block inappropriate websites.
Before purchasing a software or hardware solution for internet monitoring/blocking, a vendor should be selected and invited into the organization to explain the technical problems with internet monitoring and blocking technologies. It is essential to include your information systems department and other technical staff during this vendor selection process. Arranging after-sale support with your vendor of choice is highly recommended. Finally, there is the people side of the problem. Internet monitoring and blocking are only as good as the software and hardware solutions that are developed. There are many ways that these solutions can fail, so doing a thorough investigation before accusing an employee of internet abuse is also highly recommended.