Employers Crack Down on Personal Net Use

Tasha Newitt was aware her employer, the Washington State Department of Labor and Industries, had a policy restricting personal use of work computers, but she believed it focused on Web surfing, not e-mail. Nonetheless, she was careful to use her work e-mail primarily for professional matters. So she was stunned when the agency fired her after finding 418 personal e-mail messages received over a period of five months (or about 5 per workday) on her PC.

Newitt isn't alone: Increasingly, managers are cracking down on employee Internet activity by drafting strict usage policies--and enforcing them through use of software that monitors surfing, examines e-mail, and restricts the sites an employee can browse to.

Newitt, an eight-year agency veteran, says that she received great performance reviews as well as certificates for providing outstanding customer service in her position as a workers' compensation claims manager. Most of the personal e-mail messages were innocuous notes regarding birthday greetings and lunch plans with coworkers, she says. But none of this mattered to Newitt's employer examined her office's e-mail after a co-worker filed a sexual-harassment complaint against a supervisor. The department ultimately fired 8 employees (including Newitt) and disciplined 16 others for their improper use of agency equipment.

Entering a Humorous caption contest cost Virginia state employee Will Vehrs ten days' pay.
Photograph: Katherine Lambert
Will Vehrs, who works at the Virginia Department of Business Assistance, received a ten-day unpaid suspension for excessive casual use of the Internet while at work. Vehrs' employer knew he blogged, often about state issues, at the Commonwealth Conservative's Virginia politics blog. In fact, Virginia's governor read and sometimes reused his posts; but he was punished after composing humorous captions for photographs as part of a local newspaper's contest. His captions poked fun at a Virginia county and annoyed a local politician.

Whether streaming video is eating into a company's network bandwidth or employees' viewing of adult content is exposing the firm to sexual harassment charges, companies have some legitimate reasons to limit their workers' access to and activity on the Internet.

A 2005 survey of 526 businesses and organizations by the ePolicy Institute and the American Management Association found that 76 percent of them monitor the sites that their employees visit, and 65 percent block certain sites. At least 55 percent of them review and retain employees' e\0x2011mail, and 36 percent track the content on workers' PCs, their keystrokes, and the time that they spend at the keyboard. Lost productivity is a major concern: Last spring, some companies blocked streaming video during the NCAA men's college basketball tournament. Even so, more than 14 million fans accessed video from the NCAA March Madness on Demand Web site during the first three rounds of the tournament, according to CBS SportsLine; and considering the starting times of the games, many of them likely did so from work

Massachusetts-based Networks Unlimited audits the Internet activity of its clients' employees and sells equipment for auditing and blocking workers' Internet use. It says that many executives are surprised at what their employees do online. The company installs a monitoring box on its customers' networks for a week and then extrapolates longer-term patterns of usage from that data to estimate how many hours a year employees spend browsing Web sites.

For example, Networks Unlimited found that fewer than 100 employees at Balls Food--a supermarket and pharmacy chain based in Kansas City--had Net access at work, but that they spent a total of 686 hours in one year using Web-based e-mail such as Hotmail and Yahoo. By contrast, 120 employees at a New York\0x2013based software company spent an estimated 7700 hours in one year accessing Web-based e-mail, 2400 hours at shopping and sports-related sites, and 250 hours visiting pornographic sites. In total, the employees spent more than 17,000 hours in one year on recreational surfing (roughly 3 hours per employee per week), which translates into an estimated loss in worker productivity of $867,000, according to Networks Unlimited.

Fear of viruses, spyware, and other security breaches due to non-work-related Web use is another impetus for employers to limit their workers' Internet activity. Such attacks can disrupt company networks and lead to loss of confidential information. But Nancy Flynn, director of the ePolicy Institute and author of Blog Rules and other books on workplace tech policies, says that concern about potential litigation is the main reason organizations manage their employees' Internet use.

Internet Liabilities

Sexually offensive material read or viewed on computers in the workplace can lead to sexual harassment charges or, in extreme cases, bring law-enforcement agencies knocking at the door. a county public Works Department office in Nevada attracted embarrassing attention when an employee was arrested after downloading more than 400 images of child pornography to his work computer. The agency discovered the stash only by tracing a virus that crashed the county's network to one of the images.

The content of e-mail and instant messages can be especially dangerous. In the most recent ePolicy survey results, 24 percent of surveyed companies acknowledged that they had received at least one subpoena for employee e-mail.

"When companies get embroiled in e-mail litigation, it can become very expensive and very embarrassing," says Flynn, who runs seminars on how to establish policies and train employees in proper technology use. The issue can be especially problematic in highly regulated industries, such as health care, where workers are required to adhere to laws that protect the privacy of patient information and records. During an audit of one medical center's computers, Networks Unlimited found that spyware was surreptitiously sending information from the center's network to Gator, a spyware/adware firm, up to 2000 times a day. The audit also uncovered a keystroke-logging Trojan horse on one of the center's workstations.

The Web Off-Limits

Segal says that blocking Internet activity can become "somewhat of a political football" if workers feel that Big Brother is watching. "Sometimes you have senior management at one extreme [having] the attitude of blocking it all," he says, "and then you have the other extreme that says 'I don't want to tread there.'"

Balls Foods is an example of a company that starts by blocking all Internet access, and then doles out access to individual workers, case-by-case. The company's network systems manager, Lance Fisher, says that employees haven't complained about the restrictions because they never had unfettered access in the first place. "From the minute that employees have had Internet access, it's always been restricted access," he says. "So they can't miss what they never had." He concedes that it might be harder for a company that's never blocked access to suddenly institute a restrictive Internet policy. Bob Edwards, executive director of Boston law firm Wolf Greenberg, says that his company recognized this possibility when it audited its network and established a new policy. The firm now prohibits use of instant messaging and blocks access to hacker sites, as well as to gambling and gaming sites.

And since the firm specializes in intellectual property cases, it also blocks peer-to-peer networks. Edwards says that the last thing the company wanted was a scandal involving its own employees downloading copyrighted music or videos. "The [potential] headlines of something like that were definitely enough to make us really want to make sure that we had the thing nailed," Edward says.

Web sites with adult content are also blocked "to make sure that we weren't saying one thing with our sexual harassment policy and then...allowing free access to adult Web sites that might be offensive to others," Edwards says.

Wolf Greenberg was careful not to offend employees with its new policy, however. The firm's audit looked at Internet use in the office as a whole, rather than targeting individuals, and the data it gathered was anonymized to protect employees' privacy. "We wanted to let them know that we really had no intention to look at every site that everyone went to and that we wanted to manage this with their cooperation," Edwards says.

The law firm also carefully designed a policy that balanced its needs with those of its employees. For example, it decided not to block eBay and other shopping sites. "We want to be reasonable," Edwards says. "[The Internet is] there for them to use, and we expect that they will need to use it on occasion, but [we also want them] to be sensitive to the level of use."

Flynn of ePolicy insists that companies must take care to explain their Internet policy clearly to employees and be consistent about enforcing it. "I've seen cases where organizations...have disciplinary rules in place, including saying they will terminate violators, and then they don't terminate anyone," she says. "And there are companies that pick and choose who they terminate. That just confuses employees," says Flynn.

Kim Zetter

Subscribe to the The Advisor Newsletter

Comments