Despite these concerns, full-scale computer audits are completed by less than 25% of US companies. This means that more than 75% of US companies work much less effective and don’t get additional profit because their employees use Internet at workplace with private goals instead of their direct duties. Legal liability When employees download various files via the Internet (e.g. software, data, music, pictures, video etc.) whether intentionally or unintentionally, they may break the intellectual property rights of third parties, causing the organization to possible legal action.
Damage to Computer System Misuse of Internet can damage IT systems or electronic files, change or corrupt information at the computer. It’s not a secret that some Web sites, such as gambling or porno sites leave cookies, plug-in or other uninvited information or programs at user’s computer. Other viruses are spread via uninvited e-mails with attachment. Principle of their work is a message with request to open an attachment or visit a Web site. When recipient does it, a virus is downloaded to his or her computer. Then the virus can be executed or copied to the operational system of one computer and then infect the entire network of the company.
Increasing network traffic Personal use of the Internet may occur when employees download resource intensive Web pages or large files (e.g. software, data, music, pictures, video etc.), which take up unnecessary network bandwidth. It can have a damaging effect on business related network traffic, especially on smaller networks. No one company is obliged to pay for content, which is not useful for direct corporative activity.
The internet policies of an organization have to be supported by technical appliances. These are responsible for monitoring the traffic between the companies’ workstations and the internet, they filter the traffic. It exists a variety of technical solutions to the problems mentioned earlier. To find the right one, the requirements of the company have to be kept in mind. This refers for example to the size of the organization, the special kind of company, or the amount of traffic.
A future product should ensure that internal users like employees or executives cannot evade a filtering system. Contemporaneously, the necessary time for sending or receiving E-mails or for accessing internet sites may not increase as the internet is essential for a lot of businesses, especially for a software company. The different solutions may differ regarding the necessary time to be implemented. Internal solutions are probably faster to realize than external ones.
The possible solutions can be separated in four different filtering systems. They analyze the traffic between the internal and external world. The information sent and received has to be in line with the rules set be the internet policies. Each filtering system should be presented briefly including illustrations for visualization. Workstation-based systems These filtering systems must be installed on every workstation within the company which might lead to high costs and is therefore quite often not practicable for companies. Furthermore, the user (especially technologically high-skilled employees) may configure the system. It fits rather to households.
Sniffers and Passive systems This solution is not installed on every personal computer. One filter monitors the traffic sent between the individual workstations and the internet. Significant time problems might occur, depending on the traffic and the number of workstations. To avoid these problems, advanced (and costly) hardware may be necessary. The internet filter plays a passive role while monitoring the traffic which leads to the advantage that the systems remains stable if the filter stops running.
Sniffing System Source: St. Bernhard SoftwareTM. Retrieved November 6, 2005, from Proxy filters play a more active role in the filtering process. They interact between the internet and the individual workstations. The proxy filter is put in the middle between the internal computers and the world wide web. They decide whether the traffic in question should be processed or not. As everyone has to use a proxy filter, the network traffic gets slower. As this filter system is an integrated part, a failure in it leads to problems for the whole network, a significant disadvantage to the above mentioned passive solution.
This filter just has to be placed between the network router and the firewall. It is placed between the companies network and the internet. Therefore, nothing has to be installed on the workstations and the network has not to be changed. As everything leaving or entering the network has to pass this in-line application, the filter examines the whole traffic and can decide about processing it or not. The decision about processing or not can be sent to the user to inform about the current traffic state.
It is clear that most employees do not want to completely sacrifice their privacy at work. Typically employees’ access to the network and computer systems is password controlled. Privacy is reached by use of non-obvious passwords and changing them frequently. Employees’ personal passwords give them access to their files, e-mail account and to web browsing. This may give the impression that no one can access their files or monitor their activities on the network. Some staff may not be aware that system administrators are usually able to access everything on the network. (“Guidelines on Workplace E-mail, Web Browsing and Privacy”, 2000, para.5)
That’s why privacy issues should be clearly explained in the Internet use policy. Employees should know, in what cases their privacy is guarantied and what private information may be accessed by system administrators. Unions’ point of view Delbar, Mormont and Schots note that the issue of privacy and the use of new technologies at the workplace are thus becoming increasingly important for employers and unions (though to varying extents). For example, at international level, Union Network International (UNI) – the global union federation for white-collar and private sector workers’ unions – and its affiliates have been campaigning for some years on the issue of the protection of workers ‘on-line rights’ at work (EU0210205F).
At national level, unions and employers/employers’ organizations in many countries are increasingly issuing or proposing guidance, policies and codes of practice on workplace ICT use (see below under ‘Social partner views and initiatives’ for more information on these various initiatives). An indication of the significance that these issues are gaining at the workplace is provided by a survey conducted in the UK in 2002 by the solicitors of Legal and Personnel Today magazine.
It claimed that UK employers spent more time disciplining staff over Internet and e-mail abuse than any other workplace issue. The three most commonly disciplined ‘cyber crimes’ were excessive personal use of the Internet or e-mail, sending pornographic messages and looking at pornographic websites. In a number of cases this has led to dismissal – most commonly in relation to the exchange of pornographic e-mails.
International and European institutions’ point of view International and European institutions are also paying increasing attention to the relationship between ICT and privacy at work, with a number of recommendations and codes drawn up by bodies such as the Council of Europe and the International Labor Organization (ILO) – for example, in 1996, the ILO issued a code of practice on the protection of workers’ personal data, covering general principles of protection of such data and specific provisions regarding their collection, security, storage, use and communication. There have also been relevant recent cases in the European Court of Human Rights.
Turning to the EU, in 1995 it adopted a Directive (95/46/EC) on the protection of individuals with regard to the processing of personal data, which is relevant to the privacy issue in that electronic monitoring in the workplace can be treated as a form of collecting or processing personal data. More specifically, the European Commission has recently consulted the social partners on the protection of workers’ personal data and now appears to be planning a draft Directive on the issue. At national level, a few countries have started to adopt or propose workplace-specific data protection/privacy legislation, while all countries have general data protection legislation in place (Delbar, Mormont and Schots, 2004-2005, para. 5-6)
Corporate Culture: it’s still a corporate culture issue as much as a legal issue. One shouldn’t impose this type of rule if it doesn’t fit your corporate culture. You know your culture and no lawyer can advise you on it. This is the civil war part. You can make people feel like distrusted idiots if you suddenly impose rules that don’t fit the way you’ve always done business. At the other end are your executives. Presumably, you trust them and that’s why they have the job they have. Telling them that they are prohibiting from taking a quick look at cnn.com during the work day or occasionally checking how the stock market is doing that day might make them feel like you aren’t giving them the professional respect they have earned.
Whether it’s an AUP or any other corporate issue, I don’t think you want your lawyer’s worst-case possible scenario to guide your every move. Legal is but one part of the business picture, albeit an important part. However, business and life are filled with risks and you can’t get anywhere always choosing the least risky path We think that as you establish your policies, you should place more emphasis on monitoring rather than prohibition.
I’m suggesting that you frequently remind all employees, including your highest-ranking executives, that you monitor all Internet and computer use. You should take the position that nobody has an expectation of privacy when using the company’s systems. Where you find that balance between monitoring and prohibition is that corporate culture thing. Look at your organization’s personality as you make your decisions.