American firms have stepped up surveillance on employee e-mail traffic, Web-surfing and blogging activities on company networks as workers’ online conduct take a hefty toll on U.S. employers.
E-mail mismanagement has resulted in costly lawsuits against corporations, and businesses are responding by firing more workers who violate corporate computer policies, according to the ePolicy Institute, a Columbus, Ohio-based online risk consultancy organization.
“Companies are realizing that unfettered online activity can cost them big bucks. They are fighting back with better monitoring technology and tougher policies,” said Nancy Flynn, executive director, founder, ePolicy Institute.
She said more than 26 per cent of the 400 American companies surveyed by the institute and the American Management Association (AMA) last year terminated employees for e-mail misuse. Another two per cent dismissed workers for inappropriate instant messaging (IM) chat and two per cent fired workers for creating offensive blog content.
ePolicy did not have any figures on how much Internet misuse is costing companies but Flynn said, “the financial liability can run up to the millions, not to mention the PR nightmare it can cause.”
The ePolicy/AMA survey showed that 24 per cent of U.S. companies have been ordered by a court or regulatory body to produce employee e-mail. Fifteen per cent of the companies said they fought a workplace lawsuit triggered by a sexual or racial harassment claim involving employee e-mail.
Blogging, however, “dwarfs” those risks that e-mail and IM pose, according to Flynn.
Corporate risks associated with worker blogging activities, Flynn said, include: trade secret theft; unauthorized data disclosure; copyright infringement; invasion of privacy; defamation; sexual harassment; and other legal claims.
ePolicy said eight per cent of the companies surveyed operate business blogs. However, only nine per cent have a policy governing the operation of personal blogs on company time. Seven per cent have policy governing employee use and content; while seven per cent have rules concerning content employees may post on their personal home-based blogs.
The survey also revealed, six per cent use policy to control personal postings on corporate blogs, five per cent have policy prohibiting the use of company time for blogging, and three per cent have blog record retention policies.
“With more than 55 per cent of blogs aimed out at customers and third parties, the lack of written blog rules is a potentially costly oversight,” said Flynn.
She, however, has this warning to workplace bloggers: “Employee bloggers mistakenly believe the First Amendment gives them the right to say whatever they want on their personal blogs. In fact, the First Amendment only restricts government control of speech, it does not protect jobs.”
Companies are also increasingly turning to technology to monitor and curtail what they view as inappropriate online activities, according to the ePolicy chief.
Seventeen per cent of companies use technology to block employee access to external blog URLs, another 12 per cent regularly monitor the blogosphere, 76 per cent monitor worker Website connections, 65 per cent block banned Websites and 55 per cent monitor e-mails.
Internet filtering tools are indispensable weapons against incoming and outgoing online threats according to one Canadian analyst.
“Filtering is something that should not be taken lightly,” says James Quinn, senior research analyst, Info-Tech research Group Inc., in London, Ont.
He said an unguarded network gateway lays open a company to a multitude of virus attacks from the outside and data leakage from the inside.
Filters generally operate using either a “black list” or “white list” system to help corporate e-mail servers decide which traffic to allow in or out, said Quinn.
A black list-based system, allows all traffic into the system except for data coming from banned sources specified by filter or the IT administrator.
White list-based systems basically ban all messages except for those specified as acceptable.
“Majority of businesses opt for the blacklist model because it gives them more flexibility in accepting unknown but desirable messages,” said Quinn.
Incoming or outgoing messages are screened based on text or image content as well as the Internet Protocol (IP) or URL addresses they are coming from. For instances, some messages are blocked if they are coming addresses tagged as known sources of spam.
The best security systems, Quinn said, employ a combination of address and content filters.
He said the best place to deploy filters is at the gateway level to prevent unauthorized entry to and exit from the network. Installing filters on all devices will be costly and could tax the meager computing power of desktops.
Companies, however, have to first develop a security policy before deciding what filtering product to deploy, according to a top executive of a security software firm.
“The organization has to determine what it wants to protect and why, before shopping for technology,” said Steve Yin, vice-president, sales and marketing, St. Bernard Software, San Diego, Calif.
He said businesses usually consider Internet filtering based on four main reasons: intellectual property protection, regulatory compliance, avoidance of legal liability, and employee productivity.
Yin said filters were historically deployed to prevent unwanted traffic that might contain spam or viruses from getting into the network. “But now, companies are increasingly turning to filtering products to prevent data from getting out.”
He said IP and URL monitoring systems that prevent the entry of messages from certain incoming traffic can also prevent the escape of data from certain addresses within a company.
Filters can also be configured, Yin said, to prevent the exchange of messages between certain company departments.
“Large enterprises have deployed filters in past but SMBs (small a medium scale businesses) are aggressively adopting the technology,” he said.
As more mobile devices are connected to the corporate network, Yin also foresees a growth in the demand for wireless filtering products.