When E-mail Spells E-Disaster

By Michelle Drolet

The misuse of a company’s e-mail system and inappropriate uses of Internet access by employees can wreak havoc on an organization. They not only decrease productivity, they make companies vulnerable to potential litigation.

How Other Companies Govern E-Mail, Net Use

From the CIN Great Docs archives:
A generic computer and Internet usage policy

A company e-mail policy

Guide to IS Managed Resources I

Guide to IS Managed Resources II

Visit CIN’s Great Docs section to see other examples of key business documents, or submit your own.

As we all know, companies are leveraging the power of the Internet to do business more efficiently, effectively, and globally. But this virtually free public network is not without its costs. The widespread adoption of the Internet presents significant risk, as companies struggle to keep employees productively focused on business.

We have read many reports about “cyber-slacking” and Internet addiction, and we can sympathize: the Internet is a seductive medium, making it just too easy to spend time online with shopping, gaming, banking, or auctioning. Apart from non-work related Internet usage, many employees misuse e-mail and without realizing it may be subjecting their employers to possible litigation.

Companies may face claims of discrimination or sexual harassment arising from their employees’ sexual, racial, or otherwise threatening or harassing e-mails, or sending explicit graphics or messages. Inappropriate e-mail can also expose employers to charges of defamation, copyright infringement, fraud or other claims.

Research reports and articles in the press have shown that as many as 55 percent of workers exchange potentially offensive messages at least once a month, and of 800 workers surveyed, between 20 and 30 percent admitted to e-mailing confidential information to recipients outside the company.

Other studies have reported that 70 percent of electronic porn commerce takes place during the 9 to 5 workday. The research firm Dataquest reported that 82 percent of U.S. business execs surveyed believed Internet use should be monitored at their companies.

These statistics point to one glaring fact: the immense need to install preventative measures by informing all employees about company policies as they apply to computer, Internet, and e-mail usage.

Educating employees is 90 percent of the battle when it comes to policy acceptance. Ideally, what is required is some automated way to frequently remind employees what is acceptable and what is not-acceptable behavior when it involves using the computer, Internet, and e-mail on company time.

Policies generated by human resource departments will vary, since policies ought to take into consideration each corporate culture. Not surprisingly, it is employees themselves who are clamoring for fair policy notification; especially affected are managers who feel uncomfortable about spying on employees. It’s important to make the process of writing policies inclusive, taking it beyond the scope of the H.R. department and bringing all managers to the table for their input.

Because it is so easy to waste time on online activities, businesses need to find a mechanism to communicate corporate beliefs and to send updated policy reminders throughout the year. Educational studies have shown that employees require from five to seven exposures to new policy mandates before policies are put into daily practice.

From a liability standpoint, companies need to protect themselves by tracking employee acceptance of policies in a secure and encrypted database. If a business ever needed to terminate an employee based on a breach in corporate policy, this security would provide a record of that employee’s previous policy acceptance, protecting the company if it takes action against the employee.

Effective risk management mandates a proactive approach. Understanding the threat posed by the misuse of company e-mail and Internet access is important, but knowing what you are up against is not even close to half the battle. You must act on that knowledge quickly and decisively by creating a clear and concise employee e-mail and Internet access policy, disseminating that to employees and creating enforcement standards for those who do not adhere to the rules.

In short, it is an operational imperative that you practice the three Es of e-mail and Internet policy programs:

Establish an official e-mail and Internet usage policy.

Educate employees on company policy and their individual rights and responsibilities under this policy.

Enforce and reinforce this policy using standardized enforcement principles.

If you think the solution sounds too simple when the problem has become so overwhelming, think again. Following common-sense guidelines will help create an effective employee e-mail and Internet access policy, educate employees on their specific responsibilities under the policy, and enforce that policy simply, quickly, and judiciously.

E-mail and the Internet are here to stay; most of us wonder how we ever got along without them. However, even as we marvel at the wonders of modern technology, we must keep our feet planted on the ground and address the real legal, security, and productivity issues that stem from their use.

Michelle Drolet is chief executive officer of Conqwest, an Internet security and policy management firm in Holliston, Mass. This article originally appeared in NewMedia.com, an internet.com Web site.