A US government employee says he had his rank reduced, his salary docked for three months and was branded a “trouble employee”, all because he opened a screensaver sent by a family member and sent one personal email.
His actions were apparently a serious violation of a rule against using departmental property for personal use.
The tale, told anonymously to Network World, a US sister publication of Computerworld, would send shivers up the spine of most New Zealanders who can access the web from work. After all, who hasn’t looked up sports results or emailed friends or family from their work PC?
Some New Zealand employers do monitor staff internet use and step in if it’s reducing productivity or involves offensive material. There are several methods of checking staff are not misusing internet access, assuming, that is, they have already been informed and educated about appropriate use.
Computerworld asked several IT managers whether they thought monitoring or blocking was the best way.
TelstraClear IT head Jenny Mortimer is overseeing the merging of two different approaches to staff use of the internet for non-work purposes.
“TelstraSaturn had monitoring and Clear had blocking,” says Mortimer, who came into TelstraClear from the TelstraSaturn side, where she was CIO. “My preference is for monitoring — I don’t support not allowing employees access to the net.
“You have to trust your staff, rather than constrain them with technology and I don’t think IT departments should be censors.”
However, the company “comes down like a tonne of bricks” on employees who display inappropriate material and it informs employees that their net use may be monitored and explanations required for “disproportionate use”.
Northland Health IS manager Steve Rayner says the Whangarei-based health board has a “reasonable use” policy for staff surfing the net.
“We don’t stop anyone emailing mum or looking up the latest football results, but for offensive, abusive or otherwise inappropriate use, there are disciplinary procedures.”
Although Northland Health’s antivirus software has some content monitoring capability and can scan for abusive language, a wholesale blocking regime wouldn’t work because, as a medical organisation, its staff often look up sites containing images of the human body.
“Sometimes it’s impossible to tell the difference between a medical site and a porn one.”
Employees are told when they join that their internet use may be monitored. In the past six years only three staff members have been disciplined over inappropriate use and that was for “very minor” misuse.
Law firm Chapman Tripp uses WebMarshal software to monitor employee internet use. IT manager Brian Bernon says preserving bandwidth for business use is the main reason for restricting non-work use.
“Bandwith isn’t infinite — we have to focus on use of business-related sites.”
He gives the example of real estate firm sites, with their multiple images of houses, as bandwidth-hoggers. “We discourage private use through education, rather than trying to be a policeman.”
Some sites are blocked, but if someone can prove looking at the site is necessary for work reasons, they’ll be given access, he says. However, the most common use of WebMarshal is to compile weekly logs of which sites have been accessed and how much bandwidth the visits have consumed, he says.
WebMarshal is also used at the ASB Bank. “We use it to block categories of undesirable sites and keywords and we think it helps produce a framework for our internal users,” says technology and operations general manager Clayton Wakefield.
The policies ASB has put in place regarding internet use are “working well and we’ve had no real issues”, he says.
“I’m not sure we’d block something like a sports site, but we’d expect responsible behaviour re how much time [an employee] is spending there.”
As the bank encourages its customers to use online banking, it doesn’t object to its employees doing so, he says, “and we encourage people to look for [work-related] information on the net”.
Products like WebMarshal allow both monitoring and blocking functions, while other software makers in the field, such as CommSoft, concentrate on monitoring. Other operators in the monitoring, blocking and filtering software arena include SurfControl, WebSense, Elron Software and St Bernard Software.
Some monitoring software makers, including St Bernard, have developed products that can track use by individual user, rather than IP address, by integrating user authentication with their product.
Whether it’s to prevent bandwidth hogging, to prevent “theft of time” — that is, employees looking up non-work sites in company time — or to make sure emails containing inappropriate content or links to undesirable sites don’t get past the gateway to a firm’s private network, many companies have some sort of monitoring or blocking regime in place, or a combination of the two approaches.
Blocking software allows categories of sites to be blocked, but one observer in the US, Dave Kearns, noted recently that a Novell product, BorderManager, which uses SurfControl software, divides up the almost four million websites in the world into just 30 categories. He says the cost of further fine-tuning to grant access to legitimate sites that may fall into one of the broad categories blocked “would probably not be cost-effective”.
Kearns believes monitoring your employees’ computer activities is counter-productive, unless you monitor a specific employee because you have reason to suspect that something is wrong. It is also counter-productive to filter the activity of your employees, he says — bad things still get through and good things get blocked.
“The best solution, as always, is education — teach your employees what you consider to be worthwhile business use of their computers, create policies that spell out what they can do and punish those who violate the policies.”