|
|
|
Not Big Brother, But Watching
Employers get serious about employee misuse of e-mail and the Internet
|
Business New Haven
12/9/2002
By: Karen Singer
|
In recent years, the Internet has become an essential part of the business landscape. Though useful for running day-to-day operations, it is also a potential minefield for employers.
"The reality is, whether you're a big or small company, whether you have one or 100 employees, [e-mail and Internet access] are putting companies at risk," warns Nancy Flynn, executive director of the Columbus, O.-based E-Policy Institute. Lawsuits, lost productivity, lost information, hacker attacks and viruses are a few of the dangers on a growing list.
The statistics are sobering.
According to the CSI/FBI 2002 Computer Crime & Security Survey, 90 percent of respondents (primarily large corporations and government agencies) detected computer security breaches last year, and 80 percent acknowledged financial losses due to such breaches. Financial losses reported by 42 percent of the respondents totaled more than $456 million.
For the fifth year in a row, more respondents (74 percent) mentioned their Internet connections as a frequent point of attack more often than their internal systems (33 percent).
In announcing the survey results, CSI Director Patrice Rapalus said: "Post-9/11, there seems to be a greater appreciation for how much information security means, not only to each individual enterprise but also to the economy itself and to society as a whole. Hopefully, this greater appreciation will translate into increased staffing levels, more investment in training and enhanced organizational clout for those responsible for information security."
Other studies confirm the obvious: The Internet is a favored source of diversion for employees. Nielsen/NetRatings recently reported nearly 46 million Americans logged onto the Internet at work during August of this year - a 17-percent increase over the same time period the previous year. Peak usage hours are between 10 a.m. and noon.
Although more female office workers accessed the Web than a year ago, men spent more time online in 2002 - 31 hours versus 27 hours for women during the August survey period. Top sites visited included news, search engines and e-commerce.
"Web addiction" also is on the rise.
A study by Websense Inc. found 25 percent of responding employees professing addiction to the Internet, while 67 percent admitted surfing sites for personal reasons. Twenty-four percent said they visited shopping sites, 23 percent news sites, 18 percent pornography sites, eight percent gambling sites and six percent visited auction sites.
In another study, Nielsen/NetRatings data revealed 60 percent of online purchases are made during business work hours, while International Data Corp. (IDC) research results show 30 to 40 percent of all Internet surfing is non-work related.
Not surprisingly, employer scrutiny is becoming more commonplace - and more vigilant.
The 2001 Electronic Policies and Practices Survey, conducted jointly by the American Management Association, the E-Policy Institute and U.S. News & World Report magazine, found that 61.6 percent of the 435 respondent employers monitor employees' e-mail and Internet activities. Of those, 68.3 percent cite legal liability as the primary reason.
With good reason.
Jupiter Media reports 9.4 percent of U.S. companies have been ordered by courts to produce employee e-mails in workplace-related lawsuits, and 8.3 percent have battled sexual harassment and/or sexual discrimination claims stemming from employee e-mail and/or Internet use.
"My best advice to employers is to draft a comprehensive written Internet and e-mail policy, educate your employees about risks in the workplace, and back up the policy with content security software," says the E-Policy Institute's Flynn, who gives seminars on the subject and is author of The E-Policy Handbook.
A 2002 workplace e-risk survey Flynn worked on for insurance brokerage group Assurex Global and software maker Clearswift, shows 58 percent of employers monitor Internet use and 56 percent have Internet policies but don't enforce them.
"Employers should monitor e-mail, at least outgoing," advises Mark Wasserman, president and CEO of Janus Computer Systems in New Haven.
"If the employee is sending obscene or rude or threatening messages, the company can be held liable. Another reason is conflict of interest, such as sending e-mail to competitors."
Wasserman agrees with Flynn's assertion that companies put "content filters" on their computer systems. They come in the form of software and monitor e-mail messages for key words. Similar to parental controls on a cable-TV remote, these tools can also block or track employee access to gambling, pornography or other undesirable Web sites.
Wasserman also recommends that human resources as well as information technology (IT) specialists play a role in monitoring employee e-mail and Internet use.
Several years ago, Wasserman investigated an IT manager at a software company where he worked, only to discover the employee was spending an inordinate amount of time - and company money - visiting pornography sites.
Another area of employer concern is spam - unsolicited e-mail messages often containing product or service sales pitches. By the end of 2002, spam will comprise 35 percent of the e-mail sent to 115 million active e-mail users, according to Jupiter Research.
"Spam is dangerous because it can clog up systems as well as bring in destructive viruses," explains Andrew Kaplan, network administrator for Cybershore, an Internet-access company in Madison.
A wide range of software is available to filter out spam. Employers can also use software to monitor employee key strokes and check, for instance, whether an employee has installed unauthorized programs.
Flynn recommends companies enlist the help of a cyberlaw expert in drafting e-mail/Internet use monitoring policies, to make sure they conform to all pertinent state and federal laws. This may help prevent - or diminish the likelihood of success of - work-related lawsuits.
Every coin has two sides, and it's not uncommon these days for employees, claiming invasion of privacy, to sue employers monitoring their communications.
"Be sure to notify employees that you have the right to monitor and they have no reasonable expectation of privacy," Flynn says, adding the policy should clearly spell out the rules and the penalties for breaking them.
"You also need to have employees sign the policy," Flynn adds. "A couple of months ago, the state of Washington had an e-mail disaster, where they terminated a number of employees for sending offensive e-mails to one another. There was a policy, but there had never been any kind of formal education process.
"So make sure employees sign the policy, and acknowledge in writing they understand it. If you are sued and can demonstrate you have a policy in place that is consistently enforced, the court is much more likely to look with favor on the employer."
E-mail and Internet-use policies should be established before a company begins tracking "suspicious" employee e-mail or Internet use, according to Wasserman, who conducts such surveillance.
"We usually wait a few months once a new policy goes out, because everybody goes into panic mode," he says. "The smaller the company, the more important it is to have a monitoring policy in place."
Flynn expresses similar sentiments. "If you get an embroiled in a lawsuit, you could be looking at six to seven figures in legal costs or settlement dollars," she says, adding it's much more cost-effective to spend money to put a policy in place and "avoid disasters down the road."
Moreover, she adds, "Having employees spending up to eight hours a day surfing the Internet for personal reasons can actually be a bigger problem for smaller employers. This opens you up to viruses and hackers, and has the potential for an unexpected business interruption, which can crash the system."
Some New Haven-area employers already have set up e-mail and Internet activity monitoring policies.
The Greater New Haven Chamber of Commerce policy is contained in a manual given to new employees.
"It says Internet use should be work-related, and you should stay away from gambling sites and other sites conducting illegal activities," says chamber communications director Lynn Frederickson. E-mail messages should be free of defamatory, offensive, harassing or disruptive language, as well as sexual content or racial references.
Frederickson says all 17 New Haven chamber employees work together in a "cooperative atmosphere," adding, "There's no sense of Big Brother watching."
The e-mail and Internet use policy for telecommunications giant SBC is more stringent.
"We take this very seriously," says Beverly Levy, a spokesperson for SBC-SNET, which has 190,000 employees in 13 states, including roughly 9,000 in Connecticut.
The SBC code of conduct clearly spells out the rules regarding computer systems, which are defined as company property.
"Any employee who uses SBC computer systems expressly consents to having any e-mail communications, electronic files, or other uses or applications of the computer system monitored," according to the code, which also states: "No employee should expect privacy for any use of any company or SBC computer system or network."
Each employee is required to periodically review and sign the code, and supervisors are responsible for making sure it is followed, Levy says. A "zero-tolerance" policy prohibits access to sexually explicit sites, hate sites or others that could be considered "strongly offensive and/or inappropriate in the workplace."
Transmission of large e-mail messages, files or attachments for non-business purposes likewise is forbidden.
Although personal use of the Internet and corporate e-mail are not prohibited, they are intended primarily for business purposes. "Abuse or misuse of these resources is inappropriate, and could result in disciplinary action up to including dismissal," the policy says.
"These are not empty words," according to Levy. She declines to elaborate.
|
Go FirstGo PreviousGo
NextGo LastGo
to Index
|
|
