Getting the balance right
Getting the balance right
There's a fine line between email and Internet abuse in the workplace and reasonable use of the technology to take time out, communicate with friends and family and pay bills. At the same time, there is a big difference between employer dictatorship and respectful management when it comes to enforcing polices and rules for employees. Rodney Appleyard explores how difficult it is to get the balance right
Email and Internet misuse, including - but not exclusively - the sending and downloading of porn, is fast overtaking theft of office supplies or lying to the boss at the top of the list of disciplinary actions reported in the workplace.
In Australia, the number of complaints to regulators over Internet porn, especially child pornography, has increased by more than 300 percent since 2000.According to a survey carried out in the UK in June 2002, 212 people reported taking action in 358 disciplinary cases related to email and Internet abuses in the work place, compared to 326 cases for incidents of violence, dishonesty and safety breaches.
The findings discovered that the top three Internet-related abuses were excessive personal use of the company's Internet or email connection, sending pornographic emails and accessing pornographic websites.
This implies that companies, especially in the financial services sector, who hope to make the most out of email, to ensure productivity and minimise security and legal threats, need to adopt better ethical email and Internet monitoring techniques.
According to Jack Andrys, the CEO of Perth-based email and Internet monitoring software vendor WebSpy, many Australian companies are a bit too relaxed about the misuse of email and Internet and Acceptable Usage Policies. He says that these organisations think that they just simply have to purchase software to control it, but do not realise these policies have to be managed carefully too.
"The software alone cannot prevent employees from using emails and the Internet in a non-productive manner. People need to be good managers too. Employers are naive if they think that one tool is enough to stop people from taking advantage of the company's software."
"The software is not useful unless it is fine-tuned and customised. For instance, there needs to be instances in a company's policy whereby an employee is allowed to use the Internet to pay off his/her credit card. This, after all, will save the employee from having to go out to the bank, which would mean working less hours. It also gives the employee a sense of freedom, which is important. It's about trust. Having a rigid email and Internet policy can sometimes breed unhappiness."
Andrys says that companies need to constantly review their policy because of the subjective nature of what is acceptable and not acceptable. He adds that it is easier for a smaller business to manage these policies than it is for an enterprise, where blanket restrictions might not be appropriate.
He also considers that when an individual is sacked for improper use of email or the Internet, it is often as bad a reflection on the management of the organisation concerned as it is of the guilty employee.
"It makes you think: 'What has the manager done to allow this misuse to happen because the employee must have continued to ignore the warnings?' Misuse should be preventable before it gets to the stage of sacking a worker."
David Russell, senior policy adviser at the Australian Industry Group, says: "Employers monitor employees for three purposes: unlawful activity by the employee; activity which is contrary to the interests of the employer, and to monitor employee performance.
"However, industrial tribunals are wise to staff being dismissed solely based on email and Internet misuse. An employee is likely to win in an industrial tribunal if the basis of that person's dismissal is due to the apparent abuse of Internet and email."
Meanwhile, David Taylor, the regional director for Australia & New Zealand of security vendor NetIQ, is of the view that it is important in terms of effectively ensuring email and Internet policies are being followed by assigning micro-managers to monitor small groups of people throughout the enterprise.
"Minimising misuse is much easier to manage if you divide people into small groups and allocate responsibility to somebody who can keep track of those people. Otherwise, if you have laws that cover large numbers of people, the department will lose track of people, and could end up with hundreds of old email accounts, from former employees who have long since left the company.
Nobody will know that they are inactive, whilst they continue to receive junk mail. This just causes an extra headache when it comes to managing emails.
"But appointing a manager to small groups of people throughout the organisation allows practices to be carried out more successfully. The manager can view all of the emails and sites visited, through monitoring software, and communicate restrictions and accessibility rights accordingly."
The NSW draft Workplace Surveillance Bill was created last year in an attempt to address the balance needed between employers and employees.
Alison Peters, the deputy assistant secretary of the NSW Labour Council, outlines why she supports the Bill.
"People like to be treated with dignity and respect whether they are at work or not. Electronic monitoring of staff can be counter-productive where employees don't feel they've been treated fairly and reasonably.
"Organisations need to be very aware of how to deal with their email and Internet policy. The consequences of a bad policy or no policy can cause lack of trust, absenteeism, bad health, disputation, increase staff turnover, encourage legal challenges and attract risks to the company's reputation.
"[Conversely], the benefits of a progressive policy can produce better trust with employees resulting in higher productivity, lesser negative health effects, improved organisation by employees (such as paying bills online) and better cooperation between unions and management. In addition, real consultation engenders ownership and greater compliance."
Peters believes that a good email policy involves ensuring that it is known and understood by staff and not open to interpretation.
"It needs to be explicit about what is allowed and what is not acceptable; you need transparency over what is logged; it needs to outline who can access it (and for what purpose); describe how compliance will be monitored, including the consequences of breaches; it needs to explain how the policy will be reviewed and it needs to promote email etiquette."
Tim Smith is the director of Bridge Point's security practice group, which produces the Bridge Point Compliance Manager software. This package addresses weaknesses in information security by working behind the perimeter defences to check whether corporate desktop and laptop computers contain pornographic images and movies; illegal audio and video files; profanity and obscenity within files and inappropriate Internet material that has been viewed.
Smith says of the new legislation: "The Bill is good because it educates the employer about Acceptable Usage Polices, and makes it clear for them and the employee to understand where the line is. It increases awareness for both parties, which creates harmony in the workplace."
Email and Internet monitoring software, such as those used by Bridge Point, WebSpy, NetIQ and Computer Associates, provide an overview of what is happening on each person's desktop. Every page and email sent is automatically monitored and transferred to a report. Action is only taken according to the policy set by the individual company. For instance, if a person is using the Internet for fun for too long, and is chewing up the bandwidth unreasonably, this could be a reason for that employee being warned to stop using the Internet for long periods.
The software is used to gather intelligence about each person's purpose of use. Somebody might send confidential information to another person outside of the company. In this case, the software will be alerted to this document being sent, or hidden inside an email, and will link it back to the person who sent the message. Once it has been detected, the line manager, or person in charge of the employee, will know what the misdemeanour is and who did it, so that an appropriate punishment can be applied.
Andrys says that it is a crime in itself to ignore how the resources can be used effectively. "There was a case in the U.S. when an employee watched a lot of child pornography on his PC. Another employee was exposed to these horrific images everyday at work. Eventually, the parent of the employee exposed to the images sued the company for negligence.
"This situation could have been prevented if the company had been on top of its policy of banning pornographic sites from being viewed by its staff. Instead, its practices were not tight enough to target abuses of the Internet, and therefore, it was punished for this."
Andrys believes that employers should have an open conversation with their employees about the monitoring that goes on within the organisation. He says that if the workers know that they are being watched, but they also have the freedom to use the Internet and email according to their common sense, then they will be more likely to use it appropriately. Going even further, he says that if they can view the logs, which indicate whether they are overstepping the mark or not, then they will know where the line is exactly and will know when they are about to step over it. In his view, this complete transparency creates 100 percent honesty and eradicates abuse altogether.
Related Article: