Like the technology, Internet abuse appears to have proliferated in
recent years. There are, however, two ways to tackle this
problem
Employee access to the Internet has become just as much part of
a business' day-to-day activities as having a phone on every desk,
sometimes even more so. The proliferation of email and the vast
amount of information held on the Web has made this tool a vital
part of the communication and information gathering process for
modern day employees. But with such unprecedented access to
information and communication comes the responsibility to use it in
a way that benefits the organisation. Failure to do so costs UK
businesses £2.5m a year says the Chartered Institute of Personnel
Development (CIPD).
The CIPD report entitled
Internet Use and Abuse at Work
found that UK companies are losing up to £2.5m each year due to
non-work related surfing. It also discovered that about 84 per cent
of employees in the UK have unlimited access to the Internet and
email. Another report from Unipalm showed that during the 10-week
run of the hugely popular Big Brother game show, UK businesses were
losing £1.4 million every week as employees tried to access the
live webcams from the workplace. (The Big Brother site was visited
by between 100,000 and 150,000 unique users every day, peaking
during the eviction of contestant "Nasty" Nick Bateman. Each user
spent an average of 15 minutes on the site costing around £2.91
each for the video stream. [Figures from the Office of National
Statistics])Examples of extreme Internet abuse tend to be well
documented, and the legal and commercial dangers fully understood.
Recent cases cited have included Deutschebank and Merrill Lynch,
while at Orange, 45 staff were sacked for viewing pornography on
the Internet while at work. Such activity can result in legal
action being taken by other staff within or outside the company on
the grounds of sexual harassment, an area that is very damaging for
any firm both in terms of cost and reputation.The issue of more
general abuse - or misuse - still has to be tackled effectively
however. If the CIPD and Unipalm figures are to be taken at face
value, then the problem in the UK at least is still large and firms
are leaving themselves open to huge liabilities legally and
commercially. As often happens though, where technology creates a
problem it also tries to provide the answer. Almost as soon as the
problem of Internet misuse at work arose, so too did the tools to
tackle the issue. Many of the original Internet Access Control
systems were developed from packages that were used to restrict
children using the PC at home. While they served their purpose in
blocking entry to inappropriate websites or unsuitable emails, they
proved difficult to implement and administer, often preventing
employees access to legitimate websites as well as the
illegitimate.As a result, technology was developed that enabled
greater administration capabilities to be incorporated into
applications offering different levels of protection for different
employees. The advantage of policy management, notes Christian
Christiansen, analyst at IDC, is that: "IT managers can select the
various types of sites to be blocked, the time and hours by which
different sites may be accessed, monitoring and reporting of actual
and attempted site visits, and can customise these functions for
the corporation, workgroups and individual employees."Content
Technologies, makers of MIMEsweeper and recently acquired by
Baltimore, is a strong proponent of the policy management approach.
It recommends establishing an "email and Internet usage policy that
clarifies what the organisation considers to be acceptable and
unacceptable use of that system, including personal usage, in
agreement with employees". This avoids the situation where there is
a complete ban on certain URLs that may have been seen as
undesirable or unnecessary.However, the increasing number of issues
that companies have to take account of could stretch policy
management to the limit. The Human Rights Act, which came into
force on 2 October 2000, has implications for how companies control
their employees' use of technology at work. According to Article 8,
"Everyone has the right to respect for his private and family life,
his home and his correspondence". The term "correspondence" is
deemed to include email, and so employers who intercept personal
email, even if it is coming through the company network, could be
breaking the law. Installing advanced Internet control tools on the
network is an effective measure, but the CIPD report highlights the
fact that any implementation needs to be tightly integrated with
company policy. Author of the report, Clare Hogg, points out that:
"If employers don't review their policies, they could find
themselves liable for anything from sexual harassment claims to
being in breach of copyright laws. A survey in 1999 found that 50
per cent of workers were using the Web to visit 'adult' sites.
Clearly, having such a policy is vital."Meanwhile, an emerging and
alternative approach to Internet control promises to take the sweat
out of implementing complex integrated policy management products.
Content aggregator Mediapps is advocating that all relevant web
information is delivered directly to the employee, enhancing the
worker's productivity without them having to venture out onto the
Internet to find what they are looking for. In essence, each
employee would have his or her own specific information
portal.According to Ian Wells, managing director of Mediapps, "If a
typical company employee, earning £18,000 per year, views six known
web pages per day, for five minutes each, they will waste an
average of 96 hours a year logging on to the web pages alone. This
amounts to a cost to the company of over £1,000 per employee per
year." Mediapps' perspective is that Internet misuse not only
includes visiting those sites that are purely for personal use, but
also those that don't contain the business information that users
are seeking. The proliferation of the Internet has meant that an
estimated 2 million new web pages appear every day making it
troublesome for employees to locate the exact information they
need. This is also the way that IDC analysts see the market
heading. "Proactive support for users is presented to users as a
knowledge portal or, in Microsoft's view, a 'digital dashboard', by
which individual, workgroup and corporate-wide Web access will be
optimised," explains Christiansen. "On the back-end, this
capability is supported by various knowledge management, search
engine and other tools that will deliver the desired information to
corporate users."It is worth noting, however, that there is a
downside to restricting employees to purely work related Internet
and email activities. A report by the International Labour
Organisation predicted that cases of depression and stress in the
workplace will increase dramatically over the next few years as
technology developments raise the employee's workload. If this is
to be the case, then letting workers have a certain amount of time
to deal with personal communication and look at sites of personal
interest may help to alleviate some of that stress.The next
generation of individual content aggregation portals may well
include some personal information for the user to digest in that
increasingly rare "spare moment". Andy Meyer, vice president of
marketing at Internet management company Websense, says, "Companies
need to be aware that employee web abuse goes beyond the obvious
such as online porn, gambling and hate sites. But at the same time,
companies don't need to take hard line stances. Many of our
customers have adopted a flexible, filtering solution allowing for
some personal surfing during work hours."And to put the problem
into perspective, while CIPD estimates that surfing costs UK
business £2.5m a year, the habit pales into insignificance next to
the £3.3bn figure that the Institute has calculated for alcohol
abuse.
Paul Grant