If you Monitor Your Employees, You should read this

Employers find all kinds of reason to monitor their employees. Wen and Gershuny (2001) state, “Every minute spent booking a flight or checking a stock price is a minute not spent increasing revenue. The computer has usurped gossiping in the coffee room or talking on the telephone as the leading waste of corporate time.” While there is no way to pin point the exact amount of lost revenue from the personal use of computers, many companies currently err on the side of caution by monitoring their employees. The American Management Association completed a survey in 2005 that concluded 76% of surveyed companies actively monitor Internet activity for misuse. From those companies, 61% said they have disciplined employees and 26% have terminated employees for policy violations relating to personal use of Internet resources (AMA, 2005).

These numbers suggest that employees are, in fact, abusing company resources for personal use and in some cases, so severe that termination was required. Because employers have invested time and money through training and benefits, it is important to understand that employers do not want to terminate their employees for any small infraction. The employees terminated in the study above were obviously up to no good. It is plain to see that employers should be watching for the misuse of their systems for personal use.

Through monitoring, employers are also protecting themselves from attacks by computer hackers. Computer attacks happen when employees visit an inappropriate site, download a program, or get an email that houses a virus, trojan, or worm that infects their computer. The infection can attempt several attacks such as running a denial of service attack to shut down company servers. They can also steal company information, passwords, and personal information about employees and send all that information to millions of criminals just waiting for the opportunity to wreak havoc. The commonality in all attacks is that they all start from employees, whether they know it or not. The company has a vested interest in preventing these attacks by monitoring the computer activities of their employees. Employees may wonder who is responsible for protecting the employees’ private information. Luckily for employees, as the company protects their own assets they are also protecting the employees as well.

In 2002, the Computer Security Institute completed a survey showing $455,848,000 in lost revenue from companies attacked by computer hackers. The survey also reported that “seventy-eight percent detected employee abuse of Internet [sic] access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems)” (CSI, 2002). The monetary loss mentioned in the survey is the amount that was reported in 2002. There certainly are more companies that have lost revenue but have not reported it. With more than 450 million dollars of losses, one can certainly understand why companies monitor their employees to prevent them from visiting sites that could cause an attack on company servers or send emails that disclose proprietary information about the company and its employees.

Monetary losses and corporate liability are not the typical concerns for average employees. Opponents of monitoring cite many reasons to maintain complete privacy in the workplace such as employee morale. Echols (2003) refers to several factors such as “stress, depression, and anxiety” as well as trust and “mutual respect between employer and employee”. To some, these reasons could be considered problems of the individuals themselves. Nevertheless, employers should still consider them when creating polices and procedures for their work environment. There are options available to employers to alleviate these issues while still maintaining a protected environment.

Two options for employers to consider include a clearly defined privacy policy and separate areas for non-work related activities. A clearly defined policy is perhaps the easiest option available to implement. The policy should define what the company monitors, why they monitor them, and how this affects the employee. Employees should read this privacy policy and acknowledge that they understand it fully before accepting a position within the company. The second option, separate areas for non-work related activities, provides an opportunity for employees to conduct private matters such as banking and medical research without fear of intrusion into their personal lives. Separate non-work areas should include computers with minimal supervision with exception for illegal activities. These computers should also be separated from the main company network to prevent a possible denial of service attack against company servers and employees should only be allowed to use them when they are on their own personal time such as breaks, lunches, and coming in early. Each of these options will help educate employees on what is acceptable and allow them an outlet for personal privacy therefore reducing stress, anxiety, and depression in the workplace. If employees and employers alike will fully utilize these options, issues related to privacy in the workplace can usually be resolved.

In the ever-changing world today, reduced productivity levels, and computer hacking, the need for monitoring employee communications in the workplace has never been greater.

Without employee monitoring in the workplace, the public can never fully expect the government to fight terrorism to the best of its ability. Furthermore, employees cannot expect corporations to ignore any capabilities that could undermine their systems. There is no doubt; employees should expect no right to complete privacy in the workplace.

References

American Management Association (2005). 2005 Electronic Monitoring & Surveillance Survey. Retrieved November 7, 2005, from http://www.amanet.org/research/pdfs/EMS_summary05.pdf.

Computer Security Institute (2002). Cyber crime bleeds U.S. corporations, survey shows Financial losses from attacks climb for third year in a row. Retrieved November 10, 2005, from http://www.gocsi.com/press/20020407.html.

Echols, M. (2003). Striking a Balance Employer Business Interests and Employee Privacy: Using Respondeant Superior to Justify the Monitoring of Web-Based, Personal Electronic Mail Accounts of Employees in the Workplace. Computer Law Review and Technology Journal, 7, 273-300. Retrieved November 1, 2005, from http://www.smu.edu/csr/articles/2003/Spring/Echols.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *