What staff web misuse is costing your business

Do your employees spend time internet shopping, playing online games or downloading pirated movies? Can you trust your staff on the net? For small businesses in Australia, the internet has changed behaviour in the workplace and created new challenges for managers. Kerri-Anne Turner explores the implications of web misuse for your business.

As a small business, where do you draw the line? Is it okay to send the occasional personal email at work? What about a little internet shopping? But what about spending time on social networking sites, playing online games, downloading pirated movies and music, reading and sending inappropriate emails, gambling online or downloading porn? For small businesses in Australia, the internet has created new opportunities for mischief and new challenges for managers.

Worldwide worries
Three out of four employers have had to deal with employees who waste time online, according to a recent survey by Employment Review magazine. Companies had problems with employees misusing email, blogs and damaging comments about the company posted online. A large proportion of corporate web traffic is for non-work purposes. More than two-thirds of online porn traffic occurs during office hours.

This web misuse can have serious implications for your business:

  • Reduced productivity. If employees spend their time on a social networking site such as Facebook, they’re not spending it doing their job. Nielsen Online reported in March 2009: “Two-thirds of the world’s internet population visit social networking or blogging sites.” Even unwanted popup adverts (which are very common online) can distract and annoy users.
  • Security problems. Viruses and malware hide on websites and can install themselves as users browse infected pages. MessageLabs Intelligence reports that the number of new, malicious websites blocked each day by MessageLabs nearly doubled (91 percent) in just one month over February 2009 with 3,968 new sites intercepted daily.
  • Legal risks. When users download inappropriate or offensive material to their computers, they can contribute to a hostile environment for their colleagues. This can create legal liabilities for managers. Employees who feel harassed by this kind of material can resign and claim constructive dismissal. Damages awards in discrimination claims are potentially unlimited and several high-profile cases have hinged on sexist emails and public displays of pornography.
  • Wasted bandwidth. Internet connections cost money. If half your bandwidth is taken up with non-work traffic, you’re paying twice as much as you need to, or your business-critical communications are running at half their proper speed.
  • Unlicensed software. When users download and install software from the Internet, they create a legal risk. Software piracy is illegal. If an organisation uses illegal copies of software, it may face a civil suit and company directors risk criminal penalties including unlimited fines and up to ten years in prison.
  • Reputation risk. Social networking can create opportunities for employees to leak confidential information or spread damaging rumours online. Bad behaviour by a single employee can reflect on the reputation of the whole organisation.

Blocking non-business internet access

In the face of all these problems, most managers’ first reaction is to block all employee access to the internet. According to an Employment Review survey, all respondents tried to ban access to porn sites. Other categories received different treatment: gambling sites were banned by 88 percent, game sites by 76 percent, social networking sites by 59 percent and online shopping sites by only 51 percent.

It makes sense to block certain sites outright. Porn sites are an obvious example, but most companies may also consider gambling and game sites as utterly unrelated to work, potentially time-wasting and so block them too. However, you might want to allow employees to access social networking sites if it means that they can organise their social life without spending hours on the phone. You might also allow people to shop online if it saves them time and lets them achieve a better work-life balance.

Companies may also need to calibrate their policies to younger employees’ expectations. For example, would a young Gen Y or ‘i-Gen’ worker reject an employer who banned social networking? Indeed, many companies are making good use of sites such as Facebook for recruitment, PR and marketing. What works in some companies does not work for others. It’s a question of judgment.

Monitoring employee behaviour online
Monitoring inappropriate use may seem to be the lesser of two evils compared with blocking access to large parts of the internet, but in most cases blocking and monitoring go hand in hand. Having blocked the worst websites, you may wish to trust your employees’ judgement and rely on monitoring for enforcement.

Some people find the concept of monitoring uncomfortable—for good reason. The internet may be the home of free speech (whether you agree with it all or not), but it is also a source of inspiration and creativity. One person’s waste of time may be another person’s breakthrough.

Monitoring employee behaviour must be lawful and fair. The law is very specific about what you can and can’t do. It is possible to track how people use the internet—the sites they visit and how long they spend there—but it may not be legal. In addition, you may not feel comfortable with the Big Brother aspect. Certainly, employees have a reasonable expectation of privacy in the workplace, especially for their personal communications. To put it another way, how would you like your boss to read your personal emails and web history?

The Australian Government’s Office of the Privacy Commissioner outlines the code of practice around employee rights involving Internet usage:

  • Monitoring should be proportional to the legitimate needs of the company
  • Employers should carry out an impact assessment
  • Employees are told they are being monitored
  • Information discovered through monitoring is only used for the purpose for which the monitoring was carried out
  • The information discovered is kept secure
  • Employers are extra careful when monitoring personal communications.

The risks of internet misuse justify monitoring but that doesn’t mean that you should just go ahead and do it without careful planning. You’ll need legal advice and proper procedures as well as the right technology to actually do the monitoring.

Policy matters
Any decision needs to be backed up by a clear acceptable use policy for the internet. In Australia,  a number of organisations have helpful guides to the issues involved. Some examples are the Internet Industry Association (IIA), a national Australian membership association for the internet industry and NSW Businesslink, a Government body which provides solutions in the areas of IT, finance, HR and business support. MessageLabs’ own white paper, The Legal Risks of Uncontrolled Web Use and Email Content, is a good place to start (this is available for download at www.messagelabs.com.au/white_papers/legal_risks). Again, legal advice is important.

Each small business has its own ethos. Some managers may take a more laissez-faire approach while others want to lock everything down. Some people need full access to the web and companies may wish to give some departments or individuals more latitude than others. A good example is the marketing department of a lingerie firm who need to see their competitors’ websites despite images that might be unacceptable in other companies, or even other departments in the same firm.

In the end, it comes down to a choice. Where do you draw the line on web misuse? How do you balance individual privacy with the overall good of the business? What is the correct balance between monitoring and blocking? There is no right answer. It varies from company to company. But there is, perhaps, a right way to go about it.

—Kerrie-Anne Turner is managing director of MessageLabs (www.messagelabs.com.
au), a leading provider of business security services.

Unwanted websites

List of the most popular blocked sites by categories.

Chat                                   35.2 percent
Ads & popups                    33.2 percent
Unclassified                       13.5 percent
Streaming media                4.7 percent
Games                                1.9 percent
Personals & dating             1.8 percent
Computing & Internet        1.0 percent
Adult/sexually explicit       0.9 percent
Infrastructure                     0.7 percent

Source: MessageLabs Intelligence, Feb 2009

People who read this, also liked:
Is Facebook a business liability?
Implications of employers ‘befriending’ staff on Twitter

Related Stories