IT Value

Who’s Minding the Shop?

Keeping an eye on Web-surfing employees.
Esther SheinSeptember 14, 2005

During a normal workday, public-relations manager Lindsay Peroff generally visits the Website of a Vancouver-based radio station and listens to music online. Christopher Bennett, a PR colleague at junk-removal company 1-800-GOT-JUNK?, follows soccer on the Web, often listening to digital broadcasts of games.

In fact, finding an employee these days who doesn’t access the Internet for personal use during working hours is a bit like finding a lifeguard who doesn’t like getting wet. Like Peroff and Bennett, most workers with PC access don’t see anything wrong with a little personal perusing at work. And like Peroff and Bennett, most work-time Web surfers insist their productivity is not affected by the time they spend on such admittedly non-job-related pursuits.

Apparently, executives at 1-800-GOT-JUNK? disagree. In May, after finding that network traffic had increased dramatically during the previous two months, management deployed software that monitors network usage. “Our Internet costs had skyrocketed, to the point where they said it was eating into our budget,” acknowledges Peroff. “The only thing they could think of was that a lot of people use their computers for personal music and radio.”

A lot of people do. The truth is, personal use of company T1 lines — once a swell little perk of the Digital Age — is getting out of hand. And productivity may be suffering because of it. In a recent survey of employees conducted by Internet-monitoring company Websense, 93 percent of respondents said they spend at least some time accessing the Web at work.

Outside of breathing, it’s hard to find any activity that 9 out of 10 employees do on a regular basis. Workers who spend two hours a day going online for personal pursuits are spending two hours less each day doing work. Of the group who told Websense they use company Internet access for non-job-related reasons, more than 60 percent said they send personal E-mail. More troubling for employers, well over half of the respondents told Websense they conduct personal transactions on the Web — things like banking, booking trips, and shopping.

Web Junkies

Experts warn that those kinds of activities leave a corporate network wide open to malicious code. Moreover, any slanderous or defaming sentiment sent by an employee over a company’s E-mail system or via instant messaging could put an entire company at risk. In the mid-1990s, for example, Chevron paid $2.2 million to settle a sexual-harassment suit stemming from inappropriate jokes being sent by employees over company E-mail. Says Nancy Flynn, executive director of The ePolicy Institute, a training and consulting firm in Columbus, Ohio: “E-mail in particular is the electronic equivalent of DNA evidence.”

A number of vendors — including SpyTech, Websense, and eBlaster — offer software that helps companies monitor the Web activity of their employees. Some applications filter E-mail, others block workers from going to unauthorized Websites.

1-800-GOT-JUNK? installed two open-source Unix-based products, called MRTG and CACTI. The applications, says the company’s former network administrator, Marvin Heyboer, monitor all inbound and outbound network traffic. “Once the word was out that I was monitoring computers,” he recalls, “people who had been listening to online music stopped.”

Critics of such monitoring — and there are plenty — say tracking the Internet activity of employees smacks of Big Brother. They also claim that workers who are forced off the Web may simply turn to different technologies to entertain themselves at the office. “We’re allowed to bring our iPods, so everyone just listens to that now,” says Peroff.

Employees at 1-800-GOT-JUNK? don’t seem bitter over the company’s cutting the cord. “We stopped, and it wasn’t a real issue,” says Peroff. Besides, she notes, “we have profit sharing, so every little expense is monitored.”

Esther Shein is a regular contributor to


What should an Internet-usage policy include?

  • Establish a written policy that is comprehensive and addresses any possible violation. It should be written in language that is not open to interpretation.
  • Educate the workforce. Don’t assume employees will simply comply with the policy. Ask employees to sign a statement saying they agree to comply with the policy, and will be subject to disciplinary actions if they don’t.
  • Enforce the policy. Monitor E-mail activity and blogs, and block visits to unauthorized Internet sites.

Source: The ePolicy Institute