EVERYBODY’S GONE SURFIN’
by Jon Persky
Productivity Issues
Internet use in the workplace is both a necessity and a tempting distraction. In a poll commissioned by www.lawyers.com, seven in ten U.S. adult office workers use the Internet at work for personal purposes, and more than half send and receive personal messages on their work e-mail accounts. Additionally, almost 75% of office workers are either as or more likely to use the Internet at work for personal reasons than they were two years ago.
Not only does this affect your bottom line due to lost productivity, but it can open your organization up to a host of risks and potential liabilities. All this despite the fact that 45% of office workers have been explicitly informed that the company is monitoring their use of technology at work.
However, are businesses really monitoring it closely?
A study by America Online and Salary.com found that insurance personnel waste 2.5 hours per day on non-work-related activities, with personal Internet use being the main distraction. Given these numbers, the impact to your bottom line for both lost productivity and wasted salary dollars is significant. The same study determined that the amount of time wasted represents, on average, $6,000 per year per employee for work that’s expected, but not performed.
If you’re paying people to work eight hours per day, you expect to get that, right? Although most employees might not be stealing time intentionally, you can be sure that Internet abuse of some magnitude is taking place in your office. Employee abuse of the Internet not only hurts the productivity of businesses, but in some cases, compromises the security of your network.
Legal Issues
Are you retaining 100% of your e-mails and instant messages, or can your employees delete them? If you’re retaining them, how easy is it to retrieve them? One of the challenges with personal e-mail is knowing what’s being communicated. Are your employees spending time communicating with their friends? Even worse, are they e-mailing critical information such as social security numbers, credit card numbers and other confidential information to an identity theft ring? Could a producer who’s planning to leave your agency be sending a competitor x-dates, policy information, etc., through her personal e-mail?
Abuse of instant messaging protocols (such as Twitter, Yahoo!, and Facebook) carries the same issues as e-mail, with the additional risks of virus vulnerability. Many people ask if monitoring each of these areas is legal.
In reality, if a company has an employee Internet usage policy, workers have no real expectation of privacy. Three in four employers say they monitor the Internet usage of employees, and just over half of U.S. companies claim to review and retain employee e-mail messages, according to a survey by the American Management Association. There are few laws that regulate employee monitoring, and the Privacy Rights Clearinghouse advises all employees to assume that their workplace activities and communications are being monitored.
Says Kristin Byron, assistant professor of management at the Syracuse University Whitman School:
“People have this incredible belief that their e-mail is private and that employers are not allowed to monitor it. The reality is that employers can monitor e-mail. Since December of 2006, federal rules governing civil litigation require U.S. companies to keep better track of their employees’ e-mails, instant messages, and other electronic documents in case of litigation.”
AP Business writer Chris Rugaber notes that:
“Companies and other parties involved in federal litigation must now produce ‘electronically stored information’ as part of discovery, the process by which both sides share evidence before a trial. Federal and state courts have increasingly been requiring the production of such evidence in individual cases, and the rules clarify that the data will be required in federal lawsuits.”
Without a better sense of what data organizations have and where to find it, some companies are settling lawsuits in order to avoid the costs of electronic discovery.
Potential Solutions
To get yourself in front of these potential liabilities, you should first develop a clear “Acceptable Internet Usage Policy” and communicate it with your employees. Most organizations require employees to sign a document stating that the employee has read and fully understands the policy. The policy should not be so strict that it penalizes responsible people. The objective is to create an experience in which employees can get their job done and use the Internet efficiently, but be able to manage those who abuse the privilege of Internet access at work.
Surfing the net increases your risks of being infected with viruses, spamware, and malware. Although an Employee Internet Monitoring (EIM) product isn’t a substitute for your virus or anti-spam software, it will improve your overall protection because your employees won’t be surfing areas that usually house and distribute these types of security threats. Ideally, you want to block many areas of the Internet where these threats lurk. You can also block certain areas of the Internet that might leave your organization susceptible to lawsuits. It should be easy to identify the risks associated with inappropriate computer use, and the potential legal costs if you face a lawsuit for sexual harassment or copyright infringements. In Arizona, a small company was sued for $1,000,000 for employees illegally downloading music at the office; and a company in New Jersey was sued for not actively addressing an issue with an employee’s known online pornography problem. Some EIM solutions allow blocking access to particular categories of sites (such as pornography or peer-to-peer) with one click of the mouse.
The second step is implementing an EIM tool that best fits the needs of your organization. One area of confusion involves the difference between monitoring and blocking. Numerous businesses comment that their firewall allows them complete blocking of sites, which is often too restrictive because they are generally an all-or-none proposition. A good product will allow you to set up groups of employees with different levels of access depending on the role of each employee. Although EIM products can come in the form of desktop software, server-based software, or a network appliance, the latter is generally the easiest to implement and the most cost-effective solution. In many cases, a network appliance can be up and running in less than 30 minutes and does not require technical expertise. Once installed, it requires very little attention, and because content updates are done automatically, the tool ends up being managed by the office manager, HR manager, or even the business owner
ASCnet past president Dana Nulty- Beals of Nulty Insurance (Kalamazoo, MI) recently implemented iPrevision’s Panoptech device (www.iprevision.net). “It took us less than 15 minutes to get the device out of the box, installed on the network, and gathering data,” says Beals “How many technology projects have been this easy and efficient?” Iprevision’s Panoptech device also permanently records all incoming and outgoing e-mails and instant messages, even if an employee deletes them. This could be a lifesaver if you face a lawsuit and are required to produce your e-mails under the revised e-discovery rules. In the back of your mind, you’re probably asking yourself, “Do I really want to be ‘Big Brother’ and read each employee’s e-mails and instant messages?”
In most cases, the answer is “No.” However, sing a tool such as Panoptech gives you the capability to manage by exception. Although you don’t need to read what everyone is doing or writing all day, you probably do want to identify your most active Internet users are and see where they’re spending most of their time on the Web. Owners alternatively, managers who think that they don’t really want to know what is going on should ask themselves, “Why wouldn’t I want to know if an employee was trying to access pornography sites at the office or of others were spending three or four hours a day shopping online or planning their next vacation?
Then ask yourself, “Is that really what they’ve been hired to do?”
Jon Persky, CIC, CPA, PHR, is president of Optimum Performance Solutions, LLC, an agency consulting firm that provides valuation, merger and acquisition, agency, perpetuation, strategic planning, and marketing and retention services to insurance agencies nationwide. He is also a member of The National Alliance faculty and a speaker at Ruble Seminars. For more information, contact John at (813) 835-7337; e-mail [email protected]; or visit www.optperform.com. Reproduced from Resources Magazine, with permission from The National Alliance for Insurance Education and Research.