Internet Abuse in the Workplace
The Internet has become an invaluable resource in the workplace, the world’s biggest reference library, social media center, and pornography outlet is now only a click away. This availability presents a significant risk factor for employer liability and costs employers thousands of hours in productivity each day. Monitoring employee internet use is one way to reduce employer liability, and whether or not you agree with the principles behind internet monitoring, many employers agree that it is a necessary evil. my wegmans connect
Internet abusers range from upper management employees in private offices viewing hardcore pornography, to the department assistant in a cubicle that spends 3 hours a day doing online shopping, making travel arrangements, and paying bills through the company Internet. Internet abuse is endemic in the workplace and organizations are being forced to face the problem head on, or suffer the consequences.
Among the many consequences of internet abuse is a loss of productivity and scores of litigation issues such as sexual harassment, hostile work environment and discrimination. Monitoring Employee Internet access is one way that an organization can limit its liability.
Defining Internet Abuse
Defining Internet abuse is the first challenge, and creating an organization wide acceptable use policy (AUP) is the first step in the definition. An AUP defines what constitutes internet abuse in your organization. What was acceptable internet behavior in one organization may be unacceptable in another, so the AUP is a highly customized policy, based on the organizational mission. The organization determines what lines will be drawn when it comes to internet abuse.
The key to a successful AUP implementation in most organizations is similar to other policy development issues in the workplace. There must be “buy-in” from the “top-down”, in other words, the leaders of the organization must agree to the principles of the AUP and endeavor to push that policy down to the directors, managers and supervisors within the organization. The most critical stage of AUP development is dependent on upper management “buy-in” and their willingness to demonstrate the importance of this policy to the rest of the organization.
Holding a series of Internet workshops with the employees of your organization is one way to introduce your new acceptable use policy. As an educational session, an internet workshop can address the sensitive issues surrounding internet abuse in an open forum where employees can ask questions and provide input in a non-confrontational setting.
During the internet workshop, the organization can begin to educate the employees about Internet abuse and give them a chance to re-evaluate their internet habits at work. It is important to be as open as possible with your employees regarding your chosen methodology for enforcing the AUP.
For example, if the organization has decided to employ internet blocking technologies, the AUP should define the specific types of websites that will be blocked, for example, many organizations block pornography, “gross depictions” and “hate” websites. Discussing the types of websites the organization has decided to block and answering questions regarding the reasons for blocking will reinforce the organizational mission, and demonstrate the types of websites that are inappropriate within your organization.
If your organization is going to monitor and report on employee internet access, the workshop will give you a chance to show the employees what the internet reports look like, and discuss the circumstances in which they will be used. Taking the mystery out of what the organization is planning in regards to internet monitoring and blocking will reduce employee speculation and set new expectations throughout the organization.
Problems with Internet Monitoring
The technical aspects of blocking website access and monitoring employee internet access are not without problems. The software for blocking websites has advanced tremendously over the past 5 years; however, there are still problems with blocking “all” inappropriate websites and blocking websites that you did not intend to block. No system is perfect and you will need assistance from your selected software / hardware vendor in addition to your information systems department.
If possible, it is always better to meet, in person, with the vendor representatives prior to the purchase of any internet monitoring software. Voice your concerns with the vendor and secure “after sale” support with the vendor help desk. If you have an information systems department, make sure they are involved from the start of the project to help address any technical problems that the new system could bring.
Monitoring Employee Internet Access- the People Side
Outside of the technical issues that will occur, the people side of internet monitoring can be the most problematic of all. Even with the dissemination of information given at the internet workshop and taking great care during your policy development, some employees will, inevitably feel that internet monitoring is unfair. Given this fact, it is of the utmost importance that the internet reports are accurate, beyond question. Even if they are correct, there are still issues to consider. The scenarios listed below are examples of how employees could react if they are confronted with the accusation of internet abuse. Moreover, the excuses below may be completely accurate and good explanation by the accused.
“It wasn’t me!”
It’s always possible that some other person was on the accused employee’s computer surfing the Internet. Once a user steps away from the computer anything can happen. Another person sits down and starts using the computer logged in as the accused, everything they do on the Internet is recorded under somebody else’s name. One suggestion is to have the user lock their computer before leaving for an extended period of time; this will reduce the chances of misidentification of the internet abuser.
“They have my password”
This is a similar situation to the one mentioned above, if I have a user’s password, I could log-in as the user and all of my internet access would be attributed to them. How they got the password is another issue entirely, however the user makes a good point and has a potentially valid excuse for an internet report that shows abuse.