Net losses: does the Web drain your firm's resources?

Employees love the Internet, and around a third of the time they spend surfing is not work-related. However, lost productivity could be the least of your worries

Employees love the Internet, and around a third of the time they spend surfing is not work-related. However, lost productivity could be the least of your worries.

Pornography, shopping and stock trading. Just another day's work for a growing number of employees. As workers are drawn to the alluring nature of the Net, corporations are facing a mounting crisis. The Web - once a productivity saviour - is fast becoming a TV set on employee desktops.

Valuable network bandwidth is being consumed by non-work-related surfing. And employees viewing truly objectionable material is leading to sexual harassment suits and other legal entanglements.

Indeed, businesses today face a double-edged sword when it comes to the Internet. In the mid-1990s, the Net was hailed as a productivity tool, the source of e-mail, e-commerce and research tools. But as the 1990s have come to a close, the Internet has become more of an obstacle, distracting workers with e-zines, e-trade and e-porn.

The Internet's growth shows no signs of slowing down. The Web has rocketed from more than two million sites in January 1994 to more than 43 million sites in January 1999. In addition, entirely new business models and content are emerging daily - from new e-commerce clothing stores to streaming video magazines.

So what are the issues facing the employer in relation to providing Internet access to employees and what can the average IT professional do about non productivity and cyber-liability. The issues, in the main, fall in to three categories: productivity, investment protection and legal liabilities.

1. Productivity

If you combine the speed of access, no phone call costs and no interruptions from family members, it is easy to see why accessing the Internet from work is so attractive. Combine that with an employee lacking enthusiasm and diligence and it's easy to understand some of the statistics recently published.

A survey recently published by IDC Research, stated that an average of 30-40% of Internet access from within the corporate workplace was not business related. This is backed up with statistics from a survey by Secure Computing that found 50% of people found time to visit x-rated sites from work, 92% of on-line traders trade from work, 84% search for new jobs, 54% visit chat rooms.

The statistics show an increase in on-line shopping - it now is the number one usage of the Internet. In fact it has taken over from pornography and that's still on the increase. The Internet is the number one cause of divorce in America today and special psychiatric centres are being set up for addicts. Employee activity of this nature reduces their productivity and slows down Internet access for legitimate users. Just ask yourself: what are your employees doing?

2. Investment protection

In addition to these problems, which cost companies millions each year, there is also the issue of investment. By the time a company implements Internet access with a firewall, a virus package, an e-mail package, a proxy, a router, a leased line and all the necessary hardware there's often no change from $100,000 (£625,000).

Given that 30-40% of access, on average, is not business related, non work-related surfing costs companies $30,000-$40,000. Given the size of leased lines it's no wonder that 70% of people downloading MP3 music files do it from work - the size of the lease line makes it quick and it doesn't cost the employee anything.

This also applies to downloading video, games software, pornographic images etc.

3. Legal liabilities

The company Internet provides your employees with a quick and easy way to perform illegal activities. This can include visiting pirate music sites like, pirate games software, pirate video, hacking tools, pornographic and obscene material.

If the issues of lost productivity and investment protection don't concern you, this should. Even if employees were wasting time before the Internet was introduced, their activities probably weren't illegal. Again, because of the bandwidth available it's common place to find employees downloading such material.

There are many other potential pitfalls in situations where employees are misusing the Internet at work.

Illegal material

According to the Computer Crime Squad, it is illegal to distribute hardcore pornography for profit.

In a recent case, an IT contractor employed by a London bank was caught downloading and selling pornography over a period of six months. His actions caused the bank great concern. On inspection his laptop contained more than 170Mbytes of images and he admitted spending approximately six hours a day downloading material.

This posed a major problem for the bank as his contract rates meant the bank had lost more than £100,000 in salary costs. His material breached a number of laws which prohibit the distribution of pornographic material for profit - the material included acts with children and bestiality, both outlawed - and in using the telephone network to download the material he was again in breach of the law.

The law could be violated in electronic distribution, procession, or transmitting of such material.

Harassment issues

Legal action could be taken by an employee against his employer if they were exposed to pornographic material.

One woman I recently interviewed sued her company for harassment after passing another employee's desk and seeing the contents of When I pointed out that the site in question was not particularly offensive, she agreed and said she was leaving the company anyway and this was a golden opportunity.

Illegal software - international copyright law

The ease of access and size of leased lines available from within the corporate environment encourages employees to download music files, video files and games and software from pirate or illegitimate sources. Not only is this taking sizable amounts of bandwidth, but it is a breach of international copyright law.

Hacking tools

Hacking sites provide staff with easy access to intuitive tools allowing them to perform hacking activities from within the corporate environment.

A recent case highlights the threat to corporates as one young network engineer was caught hacking into another large competitive company from work, using tools downloaded from the Internet. In response the company threatened to sue.

The offending company was an industry name known for providing network security consultancy and traded on its highly respected name. Being sued would have been very damaging.

The liability

Unfortunately, the liability can fall to the company. A recent legal presentation I attended stated that "companies are liable for employees' actions even if they are unaware of the breach".

The much cited case of a large British financial and pensions company, where an e-mail from an employee containing libellous comments about a competitor was seen by the competitor, confirms this. The case cost £450,000 in settlements.

Each company has directors or a company secretary who is personally held responsible for ensuring their employees keep within in the law. It surely falls to them, along with IT staff, to protect themselves against cyber liability.

Simply put, the Internet has changed from a productivity enhancement to a major distraction for workers. While management can often be shortsighted - adding more bandwidth or firing more workers - it is up to the IT professional to put controls on corporate Internet content before it becomes a problem.

With the advent of Web access policies and filtering software, IT professionals hold two of the solutions that will ensure the continued growth and success of their businesses - and their valued employees.

David Draycott is UK country manager of Internet productivity specialist Websense.

Dealing with Internet misuse

By proactively managing their company's network, IT pros can stop the threat of Internet misuse before it becomes a headline in a newspaper. With two simple steps, the IT manager can safeguard the workplace and become a saviour for upper management - without ever having to leave the building.


Outline a Web access policy for employees. Included as part of an employee manual or signed during employee training, these types of policies outline in very clear terms what kind of Internet usage is permitted, what kind is not, and the consequences for violating the rules. Sample Web access policies can be found at http://www.websense. com/products/hr/hr_iap.cfm.


Install Internet filtering software to enforce this access policy. The monitoring,reporting and filtering tools can run in conjuction with your chosen platforms i.e. firewalls, proxy servers, cache engines, network appliances or other content applications. This software is able then able to filter inappropriate Web sites, allowing managers to block everything from pornography to stock-trading sites. In addition, the software is customizable, giving managers the ability to block sites by certain users or groups and even had dynamic category updates for recent media events that companies may want to block, all updated by daily downloads over the Web.

Read more on IT risk management