Keep your private life out of your e-mails

Former Scotland Yard detective Mark Morris is using his skills to help firms crack down on employees who use their e-mail and the...

Former Scotland Yard detective Mark Morris is using his skills to help firms crack down on employees who use their e-mail and the internet for irregular purposes.

Men downloading porn and women discussing sex over e-mail are just two of the most common workplace traits ob-served by Mark Morris, head of forensics at Logica CMG during his time in the business.

Previously a detective in the computer crime unit at New Scotland Yard, Morris now uses his skills to help companies investigate their employees in cases of internet and e-mail abuse.

"Abuse can include e-mails and downloads that contain pornography or racist, sexist or defamatory material. Companies are also increasingly concerned about employees who send unauthorised e-mails outside the company which could be of a sensitive nature or concern espionage," said Morris.

Demand for Morris' services is rising as companies get serious about clamping down on this type of abuse.

Know your e-mailing rights

Last month a survey of 317 human resources managers by the Chartered Institute of Personnel and Development found that 42% of UK companies have dismissed staff and 27% have suspended staff over e-mail and internet misdemeanours.

A report from IBM Global Services earlier this year found that the cost to UK businesses of the 3,000 incidents of computer-related crime in 2002 was more than £140m. The larger proportion of this loss, said the report, comes from the theft of proprietary information, such as intellectual property. Much of this information may have been passed out of the company via e-mail.

But while companies are increasingly determined to discipline those employees guilty of e-mail abuse, Morris said they are also having to pick their way through a minefield of legislation.

With so many laws and procedures to bear in mind, Morris said many companies are not equipped to carry out the meticulous computer-related investigation that will satisfy the scrutiny of the courts.

"In a lot of cases the matter has become too dangerous for companies to handle purely by themselves," said Morris. "We live in an increasingly litigious society and the number of employee tribunals in this area has rocketed."

The legislative relationship between employees and employers has become far more complicated in recent years. As a result, the chances of ending up in court are much higher.

"It is a brave human resources manager that sacks somebody when the company has mishandled the investigation," said Morris. "People no longer walk away from their company quietly. They know their rights and that companies can no longer claim ignorance in such cases. A court will not be impressed if investigations are carried out in an ad hoc, non-professional manner."

Who is sitting at your desk?

Even though the investigation of computer misuse in organisations is continually bogged down by an increasingly complex legal framework, Morris admitted that he still finds his job interesting - especially when he stumbles on the unexpected.

"You can start an investigation looking for one thing and end up dealing with something completely different," he said.

"Just last week a company asked me to investigate an employee who had been accused of misusing his e-mail and it turned into a paedophile enquiry.

"Somebody high up had been receiving a lot of non-work related e-mails from this guy. So we took a forensic image of the computer concerned and found a lot of disturbing images.

"It turned out that these pictures did not relate to the current user but to the previous user who had left the company. All the details were passed on to the police."

Morris' work does not always lead to an employee being disciplined. In some cases the evidence he gleans from his investigations can help to prove a person's innocence.

Morris told the story of one case he was involved with last year where managers at a large financial institution in the City were convinced one of their employees was siphoning off money from the company via the payments system.

"They were convinced he was up to no good as he seemed to be living a lifestyle apparently way beyond his means," said Morris.

"What we eventually discovered was that the employee had not committed any crime against his company, but that he was making a good second wage working as a rent boy in the evenings and at weekends."

Private lives, public e-mails

But why do some employees use the company e-mail so blatantly and risk exposing themselves in such a way?

Morris thinks it is because e-mail and the internet are now regarded as such a common medium of communication that people have become complacent about how they use it.

"They treat e-mail as if it were the spoken word," he said. "I am constantly surprised to find what seemingly intelligent people use e-mail for."

Morris said he recently uncovered two women employees discussing insurance fraud over a company's e-mail. One wanted the other to write a false witness statement saying it was her husband and not the son who was driving a car involved in an accident, because only the husband was insured.

"I have also seen women touting for sex, men pursuing women, and people leading double lives via the company e-mail," he said.

He recommends that if employees are unsure what is acceptable behaviour, they should see their company's policy on e-mail and internet use.

"Some companies are guilty of not publicising their computer policies, but when employees are under scrutiny it is wise to understand what can and cannot be done. You need to know the boundaries for your behaviour."

Read more on IT risk management