Employee Monitoring

More Articles

The argument that is always heard in regards to this month's topic is that it is too Orwellian, that monitoring internal electronic information is an invasion of one's privacy. I couldn't agree more, but that argument is only valid in my opinion, when you are on your home or private internet segment, not the one your employer pays for.

It is estimated that employee Internet misuse and abuse causes over four billion dollars in lost work productivity. Several surveys reveal that 1 in 5 employees view online pornography at work and that 70% of adult web sites are hit between the hours of 9am-5pm. Not only do employees surf sex sites but they also visit sport sites like espn.com, bid on ebay.com,trade stocks on etrade.com, shop online at avon.com or just send tasteless jokes to their coworkers. This type of misuse not only hurts employee job performance but increases threats to information security and drains valuable network and corporate resources. Corporations can also be held liable for harassment due to sexually or racially discriminatory email sent through corporate Intranets.

To prevent such abuses, companies have instituted proper use policies, and have actively written both filters and firewall rules(egress filtering) that block Net access to certain web sites.

Note: Too find out more about ingress/egress filtering rules and how they work, go to the URL: http://www.aplawrence.com/Security/mdgiac.html/.

Monitoring along with a properly implemented policy also creates a new set of management dilemmas:

1. How does the company enforce Internet use policies?
2. Are all employees including senior management monitored?
3. How will companies deal with employee privacy and morale?

Consider these recent findings of a Vault.com survey:

37.1 % said they surf the Web "constantly" at work
31.9 % said they surf a few times a day
21.3 % said they surf a few times a week
9.7 % said they never surf at work

Note: Vault.com, is a job-hunting Internet company, that surveyed 1,004 employees in what it called the first comprehensive survey of e-mail behavior in the workplace.

Other internet use statistics can be found at http://websense.com/products/why/stats.cfm

Findings like those have prompted more employers to monitor Internet use and to use a more stringent security policy guideline for proper use. Employees should be encouraged to use the Internet as a tool of their employment, but that repeated visits to Web sites that offer gambling, pornography, or high volume's of personal e-mail, can lead to a reprimand or termination. Internet abuse has created a booming business for software security companies as well as businesses that develop and sell security gateway appliances. Sales have soared as businesses and government agencies have scrambled to put policies and software in place to solve the problem. Despite employer awareness and security software, statistics show Internet abuse is growing.

A 2002 survey of companies, institutions and government agencies by the Computer Security Institute (CSI) and the FBI revealed two eye opening findings:

80 % acknowledged financial losses due to computer security breaches (primarily through theft of proprietary information or fraud).

78 % had Internet abuse by employees, such as downloading pornography or inappropriate use of e-mail.

Companies also report that they are disciplining more employees for Internet abuse. A survey this year, by American Management Association has found:

54 % of major U.S. companies check their employees' Internet usage

26 % have given workers formal reprimands for misusing the Internet

20 % have issued informal warnings

17 % have fired employees for misusing the Internet.

I have not found one CIO or CSO yet that hasn't told me that this is a constant struggle. Businesses and agencies all say they still have to discipline, dismiss or suspend employees for abuse of the Internet, in order to keep a balance between allowing legitimate use and preventing abuse of it.

Most companies that I have dealt with will tolerate employees using the Internet for brief, personal research or communication, but high volumes of e-mails or frequent visits to certain Web sites will trigger monitoring tools. What companies have to do is regard their Internet use policy as an internal security issue. Security awareness training for new employees and written guidelines on Internet use at work should be provided to all employees. Policies should be well written and clearly spell out, that employees should not expect privacy when they access the Internet at work.

Like I said at the start of this article, some view this approach as Orwellian, I tend to lean towards diligence.

More Articles by Michael Desrosiers

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.