What did we do before the internet? In the last 10 years it has become an essential business tool that has revolutionised the way in which most companies do business. But with such an advantage come problems, particularly when we consider that every large corporation in the world has access to the internet, with huge implications for internet misuse, abuse and criminal utilisation.
Illegitimate use of the internet by employees can be defined in two ways:
Both are problems faced by business managers, HR professionals and IT personnel in every company. My own company believes that every organisation that has access to the internet, irrespective of its size and business will be affected, creating:
Add to this the abuse of corporate integrity through criminal manipulation of the internet and the need for control is obvious.
Some shocking statistics help highlight the extent of the problem.
The legal implications of employees abusing the internet are also extremely worrying. For example:
Employees who download illegal material via company computers are putting the employer at legal risk, particularly if they are downloading child pornography or racist material.
Companies are also at legal risk for copyright violation when employees download protected MP3 music files or pirated software.
Employees and illegal users who hack or crack passwords to gain access to company networks and services, or those who send out viruses are also acting illegally.
It is also worth remembering that even the simple act of forwarding e-mails or links to unlawful websites to friends and co-workers can have serious legal implications.
Employees may also post damaging information on public websites. With a plethora of places where they can express their opinions or vent their rage, the internet functions as a very effective worldwide grapevine. This grapevine fosters rumours, innuendoes, gossip, hoaxes and intentional misinformation both quickly and widely. This can have huge implications for company integrity and share value. For example, a disgruntled employee could post damaging misinformation on public websites about your company's products, management structure, M&A strategies, or salaries, which could be read by consumers and competitors alike.
Time and reputation
Have you ever wondered why your computers are so slow at work? Your employees could be responsible. Networks are slowed or crash because of problems associated with MP3 music files being downloaded. Video and audio files or large graphic files being downloaded by workers can have the same effect. A recent study of workplace computers indicated that peer-to-peer music swapping software was found on about 20% of more than 15,000 PCs examined. Indeed, there is strong evidence to suggest that employees wait until they are in the workplace to download music in MP3 format and perform other operations which require high speed internet links, because their home connections are not as fast as the ones at work.
Then, when serious illegal activity is uncovered in the workplace, the company is more often than not named in the press. After all, it makes a much better story knowing that a top executive who was recently arrested and charged with using the internet to solicit sex with a minor worked for Disney.
So what are your employees up to on the internet? If statistics are to be believed, anything but working on making that next sale or getting that invoice out.
A survey conducted by Vault.com showed:
Maxima's own research shows that other non-work-related internet uses include:
What can you do?
Clearly, it has become essential for companies to be aware of what their employees are doing on the internet, not only to ensure productivity remains constant and to maintain integrity, but also to avoid legal action and its implications. Addressing the problem involves introducing employee internet management strategies. Indeed, the concept of employee internet management looks set to become an industry in its own right. The solution is to find a system which manages the issues without damaging morale or creating 'big brother' scenarios.
When investing in an internet management strategy, you should consider putting in place a combination of internet access management protocols (IAMs) and internet access policies (IAPs). Large companies should augment these with some form of internet access management software.
Such software products can monitor and report web use and block access to certain sites. They are able to analyse web site visits in terms of site content, provide the visitor's identity (for example user name or IP address) and the number of bytes downloaded. IT managers are able to select the type of sites that they wish to restrict access to, programme the software to log records of visits or attempted visits to restricted sites, or allow access to sites during specified time slots. The IT manager has the ability to infinitely customise the software to best suit the organisation's needs and requirements.
Solutions do not have to be costly or complex. David Bacon of QinetiQ, a leading science and technology company, questions whether most employees need access to the internet in the first place. There is a tendency in most offices to supply access to all their staff when, in reality, it is not necessary. Another simple but effective pre-emptive strike, according to Bacon, would be to place access control banners on screen, telling those staff that log on to the internet that access is being monitored. This would also avoid any potential subsequent Regulation of Investigatory Powers Act (RIPA) problems, says Bacon. (RIPA was passed in 2000 and concerns the law on the interception of communications.)
Prevention is always better than cure. You should not be tempted to rely on IAM software alone. Another simple preventative measure is to have an IAP in place to help prevent abuse in the first place. The IAP should require employees to sign a contract indicating what is and what is not acceptable internet use. It should also advise employees that they will be monitored, and that serious internet abuse is a sackable offence.
Obviously though it is no good having a policy if it is not enforced. Perhaps solutions to assist in enforcing such policies would be to make them part of the employee review system, whereby the employee is advised of their non-work-related internet usage, or to set up a company-wide employee reward system for effective and efficient internet usage.
Organisations must be careful not to feel totally protected by an IAM/IAP. Human resources and line managers have the responsibility of recruiting, monitoring and disciplining staff. In this respect, another preventative measure is to carry out pre-employment and existing staff vetting to screen out the candidates or existing staff who might have a propensity to abuse the internet.
Despite well written IAPs and state of the art IAMs why are employees still foolhardy enough to risk accessing sites? The answer is three-fold. First, there is no system that can totally stop employees viewing sites that contain pornographic images, racial hatred, or anything equally unpleasant residing in the darker, dingier lay-bys on the information highway. The impressive speed in which modern technology moves means even the very latest internet monitoring software dates very quickly.
Secondly, any system is only ever as good as the person monitoring it. Modern monitoring systems are becoming more automated, with options for logging and flagging up system discrepancies, but they ultimately depend on human intervention. If the system flagging goes unnoticed, then the employees' actions go unnoticed too.
Finally, people can just be downright stupid. They may have started looking at porn sites as a bit of a lark at home, but there are bona fide statistics to show that such activities can become habit forming. And as with all habits, its difficult to stop once it is started and people will always bring their personal habits with them to work.
In an article in PC World the author described an interview between an employee and his boss in which he was warned that the company knew of his visits to pornographic websites and that if it happened again he would be dismissed. Within a few months he was at it again, even though he was well aware of the risks. Apparently 'he couldn't help it'. The employee explained that the problem started with his visiting sexually explicit web sites after work hours. It became a habit and then an obsession, which finally got him the sack. As I said people can be stupid.
Roy Ramm is a non-executive director of Maxima Group plc, www.maxima-group.com