Forward a raunchy joke to co-workers? Surf the Web for an hour looking for new golf clubs? E-mail a peer at a competitor about your company’s upcoming sale? Employees of Economical Janitorial and Paper Supplies in Kenner, La., know better. That’s because they know Big Brother — also known as IT director Mike York — is watching.

York blocks inappropriate websites and certain e-mail extensions. He also gets a report on employees’ use of the Internet, which he regularly scours for suspicious behavior.

“They know about it,” York says. “I don’t want to be sneaky. If they know, it will keep them honest.”

A growing number of companies have taken an interest in employee use of company computers, particularly Internet and e-mail. Nearly 40 percent of major U.S. companies monitored employee e-mail in 2000, up from 15 percent in 1997, according to The American Management Association.

Companies use various monitoring methods to protect against a host of potential problems, including computer viruses, harassment lawsuits, leaked company secrets and lost productivity.

Other jan/san distributor companies, however, aren’t interested in “spying” on employees.

“We empower our people to make the right decisions,” says Alex Moneith, president of Quaker City Paper Co., York, Pa. “We’d rather correct a problem if we see it than worry about the what-if scenarios. Eighty percent of the things we worry about never happen.”

Should employees have a right to privacy at work? Is monitoring employees worth the hassle and cost? Is it a practice your company even needs to consider?

Costly Problem
Legal liability is at the heart of most employee-monitoring programs. Companies hope to prevent the spread of sexually or racially inappropriate jokes that could offend someone and leave the company susceptible to a costly harassment or discrimination lawsuit.

Think you won’t be sued? It’s not an obscure concept; it’s a very real threat that faces today’s business owner. About 15,000 sexual harassment cases are brought to the U.S. Equal Employement Opportunity Commission (EEOC) each year. A single harassment lawsuit costs the average Fortune 1000 company more than $350,000 in legal fees and damages awarded.

Many cases are not related to offensive e-mail, but those that are can be quite costly. Chevron recently paid $2.2 million to settle a sexual harassment lawsuit after internal e-mail was used to transmit a joke called, “25 reasons beer is better than women.”

Think your employees are above the fray and would not misuse Internet access? Don’t be so sure. A Georgia Institute of Technology study found that 64 percent of employees’ time on the Internet is spent on non-work-related entertainment. And 25 to 30 percent of all e-mail leaving a business through the Internet is of a personal nature, according to the Gartner Group.

Robert Cronyn, president of Empire Cleaning Supply in Los Angeles learned this the hard way. While checking personal e-mail, an employee brought a virus onto the company computer system that knocked out the computers and cost $1,000 to repair.

“Now we have a policy in place that we do not allow employees to check their personal e-mail,” Cronyn says. “If they go onto a website, it has to be business-related. If they are doing something personal in nature and a virus attacks our system, they are responsible for paying to get it corrected.”

Employees have no implicit right to privacy when it comes to their use of company property. That lack of privacy is a two-way street. A company has no protection from its employees’ actions. In other words, a company is responsible — and sometimes liable — for everything their employees do with their computers while on the job.

“Any e-mail sitting on a disk somewhere can be used to hang you,” says Steve Epner, president of Brown Wallace Smith Consulting, St. Louis. “Companies have a great interest and reason to monitor what’s going on with their computers. This is not something that is esoteric, that doesn’t happen. It’s something that has been in the forefront in legal battles lately and I think it will continue to be.”

One in six people say their company has experienced negative effects associated with Internet usage. In addition to legal woes, about eight out of 10 U.S. companies have lost valuable information over the last two years due to computer viruses, hackers, bitter employees or disasters, according to an Information Week/Ernst & Young survey.

You Be The Judge
Despite this, many companies continue to operate under the honor system. That’s the case at Miller Paper Co., a distributor in Amarillo, Texas.

“We’re a different kind of cat,” says president Barbara Miller. “We’re a family-attitude operation, even though there are 43 people and more than $10 million in sales. I’ll trust anyone until I learn they are not trustworthy.”

Epner believes that sentiment can result in a too-little, too-late scenario. “That is a great attitude until something goes wrong,” he says. “I think you have to start before there’s a problem. It’s like saying, ‘I’ll implement security after the computer gets hacked into.’”

Family-owned and operated businesses probably don’t need to monitor employees. As soon as a non-family member comes into the picture, however, they cannot be treated differently, so monitoring has to be all or nothing. Also, very small organizations may not need to play Big Brother.

“What’s your business and what are you doing?” asks Epner. “If you are getting sued all the time, it’s very much worth knowing what’s coming in and going out. If you have two dozen employees and no one is coming after you, it probably doesn’t make a difference.”

Large companies may want to have their IT team install one of the many software programs that are available for e-mail and Internet monitoring. Smaller companies can work with their Internet service provider to do the same or to learn less formal ways of checking up on employees.

Good Policy
Companies are struggling to find effective ways to balance employee freedoms and corporate protection. To ward off liability and nasty viruses, a company needs to set up a business-only e-mail policy and make sure its employees understand it and adhere to it.

A good monitoring system should not be about “catching” employees. It should be about protecting the company. Every business must decide what is acceptable use of company computers and the monitoring policy should reflect that.

York does not want to trap employees. In fact, he isn’t upset if an employee makes a 5-minute visit to eBay or sends an e-card for a friend’s birthday. York did have a problem with an employee who insisted on putting AOL Messenger on her work computer — a program that would likely drastically reduce her productivity (not to mention expose the company to potential viruses).

“I had a steady battle trying to limit her from doing stupid stuff,” he says. “When I asked her not to install it, she did it the next day. She went to sites just to irritate us and show that she could do it. Any measures I put on, she could hack around them.”

With an informal monitoring policy in place, York was limited in the action he could take. When an employee is doing something inappropriate, York asks them to correct the behavior and threatens to implement stricter policies if they don’t. The plan usually works. The AOL-pushing hacker left the company and now works in a tattoo shop.

Epner has worked with companies with zero-tolerance policies in which the first offense leads to termination. At his own company, Epner is actually quite lenient (and a bit sneaky). He announced to employees that he was implementing new security and monitoring software. It was a lie, but Internet traffic, especially during the lunch hour, dropped to near zero.

Open Disclosure
As Epner discovered, people respond best when they know what’s expected of them. It’s not only important for the workers, but it’s also an important liability point for business. A monitoring policy, even something quite informal, needs to be included in the employee handbook.

“Once it’s a part of the handbook, you need to have meetings with your employees to explain the policy to them,” Epner says. “I don’t think this is the kind of thing where you send a blanket e-mail and hope everyone reads it. I think you need to explain it in person and give them a chance to ask questions.”

Bruce Merrifield, president of the Merrifield Consulting Group, Chapel Hill, N.C., offers this final bit of advice.

“When in doubt on an issue, ask the employees,” he says. “Get their help instead of implementing a top-down edict that runs the risk of being petty, demeaning, cumbersome, and a bit too paranoid. Remember, employees are adults and parents who have children at home that can surf the Net. They have the same problems and concerns about their kids, but they don’t see themselves as irresponsible, naive kids, whether they truly are or not.”

May I Ask Who’s Calling?

While monitoring e-mail and Internet is a relatively new trend, businesses have been listening in on employees’ phone calls for a long time.

For businesses with a strong customer service focus, the practice can help ensure quality and be used to resolve disputes. But is this practice going too far?

Robert Cronyn, president of Empire Cleaning Supply, Los Angeles, records all of his company’s phone calls. A beep lets employees and callers know they are being recorded. He says the policy is important because it helped uncover a big problem with employees making too many personal calls.

“You can listen to someone’s entire day’s worth of calls in an hour,” he says. “You can find out if they know what they are saying and see how many personal calls there are. If you are on the clock, and you know you are being recorded, you’ve given up the right to privacy.”

Steve Epner, president of Brown Wallace Smith Consulting, strongly believes that employees have no right to privacy at work and is an advocate for e-mail and Internet monitoring. Despite this, he doesn’t believe companies should record phone calls.

“Big Brother should remain as a novel and 1984 is a date that has already passed,” he says. “Should we monitor the telephone? I don’t like the idea. Can we? Yes. Should we? No. The technology is there to do an awful lot more snooping and there has to be some care taken on how we move down this road so it doesn’t become a slippery slope.” — B.M.

Becky Mollenkamp is a Des Moines, Iowa-based freelance writer, and a frequent contributor to SM.


Get Smarter About Smartphone and Pocket PC Tech
If you’re a sucker for being up-to-the-minute on every aspect of the technology market, then Thoughts Media Inc. is a site for sore eyes. The site features three sections — one for Pocket PCs, another for smartphones and the third for other digital media. Packed with the latest news, thoughts and views on emerging business-related technology, you’ll get a leg up on the hottest new developments in the industry.

Informative — and lively — user discussions augment the latest news, articles and reviews. The archives are full of articles on specific phone and Pocket PC brands and models.

Your Own E-Mail And Internet Usage Policy
The first step toward keeping your employees’ Internet and e-mail usage on the straight and narrow is establishing a company usage policy. can help. The site also features general legal advice for Internet and technology professionals, and was recently touted by PC Magazine as one of the “best data resources on the Web.”

New-Product News On Cleanlink®
Hungry for more new-product news? Visit Cleanlink's New Products and peruse the extensive new-product descriptions and photos. If you want further information on anything you see, simply check off the adjacent boxes, and we’ll send it to you by mail.