Solution: Internet misuse at work

Like the technology, Internet abuse appears to have proliferated in recent years. There are, however, two ways to tackle this...

Like the technology, Internet abuse appears to have proliferated in recent years. There are, however, two ways to tackle this problem

Employee access to the Internet has become just as much part of a business' day-to-day activities as having a phone on every desk, sometimes even more so. The proliferation of email and the vast amount of information held on the Web has made this tool a vital part of the communication and information gathering process for modern day employees. But with such unprecedented access to information and communication comes the responsibility to use it in a way that benefits the organisation. Failure to do so costs UK businesses £2.5m a year says the Chartered Institute of Personnel Development (CIPD).

The CIPD report entitled Internet Use and Abuse at Work found that UK companies are losing up to £2.5m each year due to non-work related surfing. It also discovered that about 84 per cent of employees in the UK have unlimited access to the Internet and email. Another report from Unipalm showed that during the 10-week run of the hugely popular Big Brother game show, UK businesses were losing £1.4 million every week as employees tried to access the live webcams from the workplace. (The Big Brother site was visited by between 100,000 and 150,000 unique users every day, peaking during the eviction of contestant "Nasty" Nick Bateman. Each user spent an average of 15 minutes on the site costing around £2.91 each for the video stream. [Figures from the Office of National Statistics])

Examples of extreme Internet abuse tend to be well documented, and the legal and commercial dangers fully understood. Recent cases cited have included Deutschebank and Merrill Lynch, while at Orange, 45 staff were sacked for viewing pornography on the Internet while at work. Such activity can result in legal action being taken by other staff within or outside the company on the grounds of sexual harassment, an area that is very damaging for any firm both in terms of cost and reputation.

The issue of more general abuse - or misuse - still has to be tackled effectively however. If the CIPD and Unipalm figures are to be taken at face value, then the problem in the UK at least is still large and firms are leaving themselves open to huge liabilities legally and commercially.

As often happens though, where technology creates a problem it also tries to provide the answer. Almost as soon as the problem of Internet misuse at work arose, so too did the tools to tackle the issue. Many of the original Internet Access Control systems were developed from packages that were used to restrict children using the PC at home. While they served their purpose in blocking entry to inappropriate websites or unsuitable emails, they proved difficult to implement and administer, often preventing employees access to legitimate websites as well as the illegitimate.

As a result, technology was developed that enabled greater administration capabilities to be incorporated into applications offering different levels of protection for different employees. The advantage of policy management, notes Christian Christiansen, analyst at IDC, is that: "IT managers can select the various types of sites to be blocked, the time and hours by which different sites may be accessed, monitoring and reporting of actual and attempted site visits, and can customise these functions for the corporation, workgroups and individual employees."

Content Technologies, makers of MIMEsweeper and recently acquired by Baltimore, is a strong proponent of the policy management approach. It recommends establishing an "email and Internet usage policy that clarifies what the organisation considers to be acceptable and unacceptable use of that system, including personal usage, in agreement with employees". This avoids the situation where there is a complete ban on certain URLs that may have been seen as undesirable or unnecessary.

However, the increasing number of issues that companies have to take account of could stretch policy management to the limit. The Human Rights Act, which came into force on 2 October 2000, has implications for how companies control their employees' use of technology at work. According to Article 8, "Everyone has the right to respect for his private and family life, his home and his correspondence". The term "correspondence" is deemed to include email, and so employers who intercept personal email, even if it is coming through the company network, could be breaking the law.

Installing advanced Internet control tools on the network is an effective measure, but the CIPD report highlights the fact that any implementation needs to be tightly integrated with company policy. Author of the report, Clare Hogg, points out that: "If employers don't review their policies, they could find themselves liable for anything from sexual harassment claims to being in breach of copyright laws. A survey in 1999 found that 50 per cent of workers were using the Web to visit 'adult' sites. Clearly, having such a policy is vital."

Meanwhile, an emerging and alternative approach to Internet control promises to take the sweat out of implementing complex integrated policy management products. Content aggregator Mediapps is advocating that all relevant web information is delivered directly to the employee, enhancing the worker's productivity without them having to venture out onto the Internet to find what they are looking for. In essence, each employee would have his or her own specific information portal.

According to Ian Wells, managing director of Mediapps, "If a typical company employee, earning £18,000 per year, views six known web pages per day, for five minutes each, they will waste an average of 96 hours a year logging on to the web pages alone. This amounts to a cost to the company of over £1,000 per employee per year." Mediapps' perspective is that Internet misuse not only includes visiting those sites that are purely for personal use, but also those that don't contain the business information that users are seeking. The proliferation of the Internet has meant that an estimated 2 million new web pages appear every day making it troublesome for employees to locate the exact information they need.

This is also the way that IDC analysts see the market heading. "Proactive support for users is presented to users as a knowledge portal or, in Microsoft's view, a 'digital dashboard', by which individual, workgroup and corporate-wide Web access will be optimised," explains Christiansen. "On the back-end, this capability is supported by various knowledge management, search engine and other tools that will deliver the desired information to corporate users."

It is worth noting, however, that there is a downside to restricting employees to purely work related Internet and email activities. A report by the International Labour Organisation predicted that cases of depression and stress in the workplace will increase dramatically over the next few years as technology developments raise the employee's workload. If this is to be the case, then letting workers have a certain amount of time to deal with personal communication and look at sites of personal interest may help to alleviate some of that stress.

The next generation of individual content aggregation portals may well include some personal information for the user to digest in that increasingly rare "spare moment". Andy Meyer, vice president of marketing at Internet management company Websense, says, "Companies need to be aware that employee web abuse goes beyond the obvious such as online porn, gambling and hate sites. But at the same time, companies don't need to take hard line stances. Many of our customers have adopted a flexible, filtering solution allowing for some personal surfing during work hours."

And to put the problem into perspective, while CIPD estimates that surfing costs UK business £2.5m a year, the habit pales into insignificance next to the £3.3bn figure that the Institute has calculated for alcohol abuse.

Paul Grant

This was last published in November 2000



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.