If your employees are violating copyright laws, your company is in danger. Did someone in accounting download Eminem’s “Without Me”? Illegal. Has one of your own IT guys copied and pasted the New York Times article about last night’s Lakers game and sent it to his college roommate? Illegal. If either is found on company computers, your boss could get slapped with a giant fine. Even worse, under federal law, the government can seize the entire computer system if office computers were used in the commission of a crime. How long would your company last without its infrastructure?

Here’s a look at the dangerous Internet and e-mail use that could be going on at your company, and what you can do to prevent it from happening.

The liability is yours
“If you have more than one employee, you need to create a policy to prevent potential problems with their e-mail and Internet use,” says Michael R. Overly, a partner in the e-business and information technology group at the Los Angeles law offices of Foley & Lardner.

Liability, says Overly, is twofold: Companies are liable to their own employees. If, for example, an employee uses corporate e-mail to send out an offensive joke or even just to ask a coworker out on a date, your company can be sued for creating a hostile work environment. In addition, companies are liable to third parties, which is where you can really run into problems.

Maybe you have truly dedicated employees who would never dream of listening to music at work. They certainly don’t have time to read the sports pages, let alone send out copies of game write-ups. They’re far too busy e-mailing the company’s new product release to the list of people whose business cards you collected at your last industry conference. Guess what? Unless you have those people’s explicit written permission to send that promotional e-mail to them, your company is now guilty of sending spam in violation of state laws. And once again, the company is liable—even if “the company” as a whole has no idea what Tom, ruler of his own cubicle, is doing.

And the fun continues: The average company pays $1 per employee per day to delete unwanted spam, says Overly. The cost of lost employee productivity skyrockets if employees actually open the unsolicited e-mail, and you should just pray to the tech gods that everyone in your employ knows better than to open unsolicited attachments.

It’s also crucial to protect your proprietary intellectual property from falling into the public domain—something that can quickly happen if employees inadvertently disclose confidential information via e-mail.

The best solution
All of these are excellent reasons to put a no-tolerance policy into place, right? Well, no, not really, says Overly. In fact, the police-state policies that say employees may not, under any circumstances, use company Internet or e-mail resources for personal use are probably the least effective way to go. It’s unreasonable to expect that no one will use a few minutes of a lunch break to pay some bills online or book a vacation or dash off an e-mail to Mom. Any employee who works eight hours a day will eventually need to take care of something online on company time.

The answer, then, is to integrate a proper e-mail/Internet use policy as part of an overall risk mitigation system. Make sure your written employee policy states that incidental use of Internet resources is okay—provided that it falls within legal boundaries (e.g., downloading MP3s is grounds for dismissal)—but that employees relinquish any right to privacy when they choose to use the Internet at work.

Remember that knowledge is power in so many ways. Teach your employees why the policy is necessary. Help them understand what’s acceptable and what’s not—and the reasons why. Explain that you’re not trying to catch anyone doing something wrong; you’re trying to prevent misuse. Then follow through with monitoring software that will keep you aware of what’s passing through your network.