Defend Your Rights

People think of the internet as a public place, and they tend to think it’s their right to visit it whenever they please. They need to remember, though, that in the workplace the means of getting to that place belongs to the employer, who is paying for the internet access and providing the computer hardware. Time spent on the internet while at work also belongs to the employer. The organization pays the costs and carries the responsibilities. It therefore has the right to protect itself and its resources. After all, it will be the company’s door the RCMP knocks on first if an employee uses the connection to do something illegal, and it will be the company’s data that is compromised if the network becomes infected with malware. Therefore, implementing an Internet Acceptable Use Policy or Social Media Personal Use Policy is a necessity in this day and age.

An effective policy or set of policies will make it clear to your people that company internet access is for business purposes only. You want to make sure you outline when, if ever, personal use is allowed, and define all types of use that are prohibited. If you have a clear and comprehensive internet usage policy in place, you can forestall accusations that you are invading your employees’ privacy or unfairly restricting their freedom. Be firm but diplomatic. Make your policy comprehensive but reasonable. You want to get an effective policy in place, but you don’t want to alienate everyone in the process. Make the rules and the reasons behind them clear so you don’t appear arbitrarily restrictive. Make sure that your policy doesn’t make anyone feel singled out, or appear unfair in granting privileges to some while restricting others without reason.

Be Aware of the Dangers

There’s more at stake in managing your employees’ online habits at work than just maintaining productivity and discipline. Unauthorized internet usage can bring other consequences, ranging from degraded network performance to security risks and legal liabilities. Consider downloading our Network Security Policy. There are legal risks from employees using your connection to download copyrighted material like music, movies, or pirated software. Employees using your connection to access illicit sites with content like child pornography, or racial or religious hate material could bring the police to your door. Anything your employee does through your connection is going to come back to you first.

Malware, including viruses and spyware, has grown increasingly complex and dangerous in recent years. Infections can lead to damaged or lost data, computers being hijacked for illegal purposes, or sensitive information like passwords or credit card data being stolen by software that logs keyboard input. Your IT department can help protect your system with firewalls and scanning software, but it’s better to avoid the risk of infection in the first place.

Use Technology to Your Advantage

The two main technology based defenses against unauthorized internet use are traffic blocking and monitoring. Through software or network settings, you can block traffic to sites you don’t want employees visiting. There are services that maintain lists of websites with illicit or dangerous content, and allow you to block access to them. This can be done with client software on individual computers or at the network level. If nothing else, it’s prudent to block social media sites and sites with streaming video. These are the two biggest causes of wasted time and bandwidth. Workers with business-related reasons for accessing those sites can specifically be given access.

Monitoring software is capable of keeping logs of internet traffic from every computer in your organization. Having those records can help you if a problem develops requiring disciplinary action. For true accountability, it is best to have proper password protected computer user accounts in place for each employee so that you can reliably correlate activity to a specific employee rather than just a machine.

Be Transparent

If you do put a monitoring system in place, it’s best to make sure everybody knows about it. The open acknowledgement that records are being kept not only prevents potential mistrust and resentment over a perceived invasion of privacy, it can also serve as an effective deterrent to inappropriate activity. Some employees may still occasionally check the sports scores or the latest celebrity gossip, but everyone will be a lot less likely to cross the line into serious abuse of your connection if they know their activity may be monitored.

If you have a system in place but you don’t tell your people about it, you not only lose that deterrent effect, you place the burden on your IT people of actually having to sort through traffic logs for everyone in your organization and decide what is or isn’t appropriate usage. IT people are busy enough as it is, and so are you. If you can deter most of the unwanted activity, you’ll only have to look through the logs for specific instances when you suspect a problem has occurred. Consider downloading HRd's Telephone and Computer Surveillance Policy.

Be Firm but Reasonable

Any employees who are still abusing the privilege of internet access can be dealt with reasonably through normal, documented progressive discipline procedures. While you need to keep control, you also need to keep things in perspective. You want to be sure your internet is used for legitimate safe reasons, but you don’t want to overreact to every little transgression. Disciplining an employee for occasionally checking the weather is probably counterproductive. Employee engagement, productivity and retention are all served by maintaining a culture of respect. Creating an atmosphere of total lockdown, or giving the impression that you’re being sneaky or spying can destroy trust between you and your employees. This can easily spiral out of control in a cycle of mutual antipathy, which everyone wants to avoid.