Talking Shop: Strengthen your Internet usage policies to avoid being 'the online cop'

Tips for making and enforcing tougher Internet usage policies

If you dig around long enough on eBay you can find a nice, old Chelsea brass ship’s bell clock for just $350. Dig a little more and you will find a first edition copy of Fighting the Flying Circus, the autobiography by World War I flying ace Eddie Rickenbacker, for just $19.99.

But this type of surfing has become a problem for some businesses where employees are spending way too much time digging into the Web.

“There are usually only a few transgressors,” said Jonathan Penn, an analyst with Giga Information Group. Booking a vacation flight might be OK, but cruising a number of travel sites may not, depending on your company policy for Internet use at work.

“What [employers] don’t want you doing is spending all your time just looking at sports scores, or doing stock lookups, or looking for what’s for sale on eBay.”

While those types of guidelines make sense to most employees on your network, there are other workers who seem to forget where they are. They are forcing IT managers into the uncomfortable role of being the company Internet cop.

Penn recommends that you set up an Internet use policy that makes it clear what is, and what isn’t, acceptable use for the Internet at work. In general, experts suggest you:
  • Develop a policy that transfers the responsibility to employees and their supervisors.
  • Make sure everyone is aware of the policy.

Where do you draw the line?
“I would say about 40 to 50 percent of larger organizations have a policy in place, and I would expect that to double over the next year,” said Penn. “I’m getting a lot of sustained interest from clients who want to develop a policy for both e-mail and the Web.”

Along with creating a policy, companies want technology in place to monitor Internet use, he said.

“Whether or not they ever actually turn on those monitoring or filtering tools varies quite a bit,” Penn said. “But they want to have that capability.”

Managers must make the judgment call on how much recreational usage is acceptable and what the penalty will be when employees exceed the limit. More and more companies are finding a place to draw that line, Penn said.

Most software tools can monitor Internet activity, including what sites were visited and how long employees stayed there.

“If it’s a business site, then fine, but if it isn’t, then it’s time to look at their productivity.”

Even then the issue isn’t black and white; you may need to consider other factors. Is the offender salaried or hourly? At what time of day is this recreational surfing taking place?

“If they are salaried, maybe they just work long hours, and at 6 P.M. they might spend a half hour just doing personal stuff,” Penn said. “If they are hourly, any time they spend is on company time, and that’s more of an issue.”

Penn warns that employee Internet and e-mail use may not be all fun and games.

“There are people running their own businesses from their employer’s office building.”

Where are they going?
Employees are enjoying their employer’s typically higher bandwidth, statistics from Nielsen//NetRatings seem to indicate.

Every month, a division of the company known for rating television programs analyzes Internet site statistics and rates the top 25 properties accessed from home and work. Properties are a collection of Web pages owned by the same site.

The statistics list the property by unique audience and time per person.

“Average time spent per person reflects the average amount of time each unique visitor spends at the listed site for the given reporting period,” said Jerry Hsu of NetRatings.

And the listings show some interesting characteristics. For example, most of the top sites for users at work are also tops for home users. However, people spend about 70 percent more time online at these sites at work than they do at home, based on rough averages for time spent on the top 15 properties on each list.

The big winner in attracting and holding visitors was eBay. The average time for each visitor to eBay at work was 2 hours, 45 minutes, and 12 seconds.

What’s in the policy?
These days, most companies are looking at either Internet use policies or e-mail policies, but Giga analyst Penn is recommending that they look at a combination of both.

“Technologies change too quickly to write a policy for one specific application. This is a guideline on behavior,” he said.

There are three general categories of elements a policy should address, Penn said. The specifics will differ at every company depending on their tolerance level and end purpose. Sensitive issues, such as recent lawsuits and network capacity, may also influence how a policy is drafted.

In general, company policy should address:
  • Information security: Not only on releasing company information, he said, but also accepting viruses and malicious code through the Web.
  • Network resource efficiencies: This addresses both overuse and personal productivity, Penn said, and involves the sending of extremely large files or downloads over the network along with spending inordinate amounts of time on the network.
  • Legal liability: This involves a host of things, such as the content that is sent, if it is sent secured or not, retention and deletion practices, and whether or not every outgoing message carries a disclaimer.

Is everyone aware of your policy?
Having a policy is not enough. To be effective, people have to know you have a written policy and sign off on it when they are hired.

Employees need to be reminded of the policy on a regular basis, he said, by seeing it posted on the bulletin board and company intranet.

“It’s worthless if people don’t understand the policy,” Penn said. “You don’t want to ‘get’ people. You want to avoid [usage problems] because to have people violate the policy and have to fire them is not an efficient use of [a manager’s] time.”

Is a policy right for your business?
Not everyone agrees that a policy is necessary for every business.

Paul G. Seldes is vice president for Strategic Services for Savant LLC, an Internet software company involved in knowledge management, training, and education. Surfing is part of the workload of his employees, he said.

“No ‘formal’ policy exists, and our developers and staff are free to wander the Net, hopefully in search of ‘the next cool thing,’” Seldes said.

Their search sometimes takes his employees to places other employers would frown upon. For example, few e-commerce sites can boast the success that many pornography sites have had on the Internet.

Even though pornography offends some of his employees, some have been assigned to visit pornography sites to conduct research on how these sites track users, he said.

“However, employees who spend time playing with smut [or sports scores!] are not doing their job and would not fare well in their employee review,” Seldes said. “The bottom line is that too much smut-surfing is just a form of general goofing off.

“Too much of that, is just plain bad for one's job health!”
Do you know what Internet sites your employees visit while on the job? What’s the policy at your business? Do you have one? Are you planning to introduce a policy? Post your comments below or send us a note.

Editor's Picks

Free Newsletters, In your Inbox