Caught in the web
Pay Magazine, March 2006
Caught in the web
When does the sending the odd personal email at work become internet abuse? Cath Janes reports on the cyberslacking crackdown
So what did you do at work today? Plan appraisals, juggle deadlines or indulge in a little light internet abuse? Well if you said yes to the former and no to the latter perhaps you should think again.
For most of us internet abuse conjures up images of porn and chatrooms, pallid geeks and mythical hackers – none of the things typically associated with the workplace. It’s easy to see why the majority of employees would never tar themselves with the same brush. After all, buying the next Harry Potter installment from Amazon in between meetings is hardly internet abuse. Or is it?
Cyberslacking
Surprisingly what forms internet abuse in the workplace remains largely undefined. Is it ok to log onto a rail enquiry website to check Saturday’s train times even though you won’t be working at the weekend? Can journalists enter paedophile chat rooms if they have a hunch about a child abuse scandal? Or can you come into work early to download tunes onto your iPod to keep you entertained on a business trip?
Employers are asking themselves the same questions. Cyberslacking, as it is known, is a problem that few can afford to ignore. The time employees spend web surfing or personal emailing is estimated to cost small businesses almost £1.5 billion per year. Even more worrying is that employers can find themselves liable for the consequences. Copyright theft, virus transmission and company misrepresentation are a few of the issues they could face not to mention harassment claims when employees believe they’ve not been protected from colleagues’ feckless forays into cyberspace.
“I’m constantly surprised at the number of these cases in the papers,” says Robyn McIlroy, senior associate at law firm Pinsent Masons. “In 2000 no one tackled these abuses because they rarely occurred. But today, when so many employees have access to the internet, there’s no reason why employers shouldn’t be dealing with these issues.”
The fact is that if employers are to protect themselves and their employees from internet abuse they have to take action. Not only do they have to understand the legal implications of the misuse of their communications systems but they have to create their own definitions of internet abuse.
“Internet abuse has changed over the years,” explains Greg Day, a security analyst for computer security specialists McAfee. “That’s why companies should have policies in place to tackle it. They need to be simple, explain what is acceptable and educate employees about why they have to be careful when they are using the internet or sending emails.”
Setting boundaries
Fortunately, as the cyberslacking problem increases so does the number of employers putting anti-abuse policies in place. However, these policies are living documents and need to updated as and when technology advances. It means that filing them away and forgetting about them is no more useful than ignoring the issue altogether. Why? Because unless employees know what you think is acceptable how can they ever be expected to comply?
“Many employees just don’t know the boundaries” says Day. “Ask them what they should or should not be doing. I defy you to find confident answers on anything except the obvious matter of porn.”
Blogging has exploded onto our monitors in the last few years and is a prime example of why policies and the education of employees is the key to anti-abuse success. For employers in particular the alarm bells rang when Waterstones sacked employee Joe Gordon for “bringing the company into disrepute” in his blog in January 2005. Gordon claims that he did not deliberately set out to cause offence and that his opinions were his right to free speech. However – and this is the key – he also believed that the company had no clear policy on blogging, claiming that he didn’t realise that his activities broke company rules.
The case was eventually settled out of court but demonstrates the importance of education as well as how employers put policies into action. It also clearly shows how employers can regulate the way in which employees represent their company.
The fact is that the majority of internet abuse is committed neither maliciously nor deliberately but innocently by employees who simply don’t know better. And employers have more to contend with than the sort of activities employees indulge in. They also have to think about when they indulge in them.
While spending hours of the working day emailing friends is unacceptable, does it become less of a problem if employees do it during breaks or before or after work? Any policy that defines abuse should also be clear on whether those abuses have time limitations. Those in the know suggest that employers tackle this issue with caution.
“We spend more time at work than ever before,” says Chidi King of the TUC. “If employees are in the office until all hours how can they be expected to book a holiday or do their banking unless they have access to the internet? That’s when employers have to be sensible about how much they restrict internet use. No one wants to work within a Big Brother culture.”
Using the senses
So in an age when using the internet has become second nature perhaps the issue shouldn’t be about whether employees can use the internet, but when?
“It is about being sensible,” says King. “You don’t have to track every move an employee makes. There has to be give and take and you can show that you are willing be flexible by stating when it is OK for employees to log on.”
However, while this element of trust enhances employee relations, employers also have a duty to keep their eye on what web-users are doing. Andy Davies of Mako Networks suggests that employers get passive networking systems and filters. These mean that you can keep track of web use and because employees know that you regulate the way the internet is used they think before they click on ‘enter’.
“This brings a dramatic amount of control over the way the internet is used,” he explains. “It also means that you can give employees access to the sites they need but not to those that have no application.”
Used alongside an effective policy this can help to enforce an employer’s position. However Davies cautions that once those systems are in place employers should be prepared for what they may find.
“One client of ours wasn’t happy with his broadband connection so put in place a system to help unearth the problem. He discovered that his PA was innocently downloading music before she started work. She was loyal so was devastated when she found out that she’d caused the problems. Now that he has a policy and systems in place the problem has been solved. The internet is a brilliant business tool. You just have to make sure you are using it properly.”
10-point internet policy plan
1) Outline a policy
2) Make clear the dos and do nots
3) Make clear the consequences
4) Link this to current disciplinary procedures
5) Implement the policy
6) Educate employees by placing it on team meeting agendas
7) Consistently apply the policy
Apply it fairly and without discrimination
9) Periodically remind employees about the policy
10 Update the policy as technology advances
Source: Pinsent Masons