If you’ve been a regular reader of this column, you’d recollect my diatribe last month warning corporations of the dangers of Internet abuse in the office. In the last couple of weeks I’ve received mail and calls from readers stating that I’m overreacting; that the Net’s benefits far outweigh any downside; that they expected something totally the opposite from someone like me—I should be advocating more Net usage rather than castigating its frequent users, they grumbled.

Well, the feedback set me thinking. Was I making a big deal out of a flyspeck after all? I decided to do a little research and delve deeper. The results were far more frightening than I’d expected.

First up, the figures relating to losses suffered by companies due to non-work-related surfing by employees were understated. Turns out that $85 billion in productivity loss is being suffered annually by American corporations due to Internet misuse at work (“cyberslacking”). No doubt the figures were put out by potentially vested interests—the study was commissioned by Employee Internet Management (EIM) software company Websense. But the logic used to arrive at the loss figure seems to be sound. In a survey, employees admitted spending 1.5 hours per week cyberslacking; HR managers put the employee figure much higher at 8.3 hours per week. Websense took the former figure, multiplied it by the average US salary and workforce, and arrived at its conclusion.

Depending on the extent of Net access provided, estimates for your own company can easily be calculated using similar logic.

But it’s not all about money alone. The last time around, I discussed most of the issues arising out of cyberslacking. But I glossed over one of the more serious ones—instant messaging. Freely downloadable IM software (AOL, MSN, Yahoo) is such a nifty tool, it seems an obvious choice for bringing down communication costs and fostering easy collaboration amongst groups of employees, in the absence of more formal and sophisticated collaborative software like Notes or Exchange. In fact after the September 11 terrorist strikes, IM was widely used by employees in offices around the World Trade Centre area in New York’s financial district, to keep in touch with family and colleagues. But as a normal policy, no brokerage firm on Wall Street could ever permit the use of general IM software, because of the grave security threats it poses, in addition to the unstructured, unencrypted, non-archivable conversations it enables, within the organisation and with the outside world.

You could be having an IM conversation with a colleague in the next room, but the messages, possibly about a forthcoming product launch, could be travelling via servers around the world, and potentially be intercepted through packet sniffing by eavesdroppers from a competitor. Far fetched? Maybe, but corporate espionage these days is not just some grim fairy tale anymore. A CERT security advisory is very direct when it states: “Unless the services provided by IM and chat clients are needed in your environment, CERT encourages disabling of these functions on your network.” Why this extremism? Because the very nature of IM and chat clients enables them to tunnel through firewalls and proxies in order to establish direct connections; any files sent via this channel may not be scanned or blocked at the firewall level and would need to be checked at the desktop level, failing which they could exploit possible security holes in the network.

All this does not detract from the fact that controllable IM is such an awesome tool. That’s why leading financial services firms are pushing for messaging standards and interoperability (they’ve formed FIMA, the Financial Services Instant Messaging Association); and, the Big Three IM firms—AOL, Microsoft and Yahoo—are gunning for the corporate IM market with more robust offerings of Enterprise IM software, with greater security, manageability and tracking features.

But let’s move on from IM and consider other implications of Net abuse at work. A survey in the UK, conducted by law firm Klegal and Personnell Today magazine, found that in the year 2002, the number of disciplinary cases for e-mail and Internet abuse in UK companies—358 cases—exceeded the 326 cases for dishonesty, violence and health and safety breaches all put together. Of the 358 cases, 69 people were disciplined for excessive personal use of the Internet and e-mail (five of them were dismissed); 64 were disciplined and 25 were dismissed for sending pornographic e-mail; 53 were disciplined and nine dismissed for accessing porn sites. There were also 49 cases against employees sending e-mail that could damage the company’s reputation.

Most of us dismiss forwarded e-mail jokes and chain letters as harmless drivel and keep deleting the ever-increasing amount of spam without a second thought. Ferris Research says that we’ll each spend 15 hours this year just on deleting spam, and the Gartner Group says that filtering out unproductive and unwanted e-mail at the server level can save 30 percent of e-mail reading time of employees. At some stage you must have received the joke “25 reasons why beer is better than women.” Someone from Chevron sent it out from a company account in 1995, the recipient sued, and it cost the company $4 million in harassment settlement. So now there’s legal liability to add to the lengthening list of woes like productivity loss, bandwidth hogging and security risks that companies have to suffer due to workplace Internet abuse.

All the above evidence notwithstanding, at no stage am I making a case for cutting back on Internet access for employees. The productivity and quality enhancements that it enables are too significant to ignore. What I’m instead suggesting is that corporate management be aware of the pitfalls and the downsides and plug the loopholes, working together with all employees so that benefits are maximised, yet risks minimised. I’ve prepared a draft of the Internet Access Policy I was talking about last time, and will share it with anyone who’s interested (send me an e-mail request). It’s estimated that 100 million people around the world have workplace Internet/e-mail access; 27 million of them are under routine (and accepted) surveillance of their Net usage while at work.

Let’s voluntarily make it 28.

- Val Souza, Editor
valsouza@expresscomputeronline.com