Monitoring at Work

If you are considering using Netintelligence software which can be used to monitor employee activity, you must be aware of the legal implications for your business. Some employees will view the implementation of monitoring as invading personal privacy and the arrival of ‘big brother’ and businesses and organisations must be sympathetic to these concerns.

But from a business perspective, the use of the company’s internet and e-mail facilities for purely personal use at work is estimated to cost businesses in the UK nearly £10 billion each year. In reality, the abuse of Internet and company IT systems at work not only costs hard cash but also many hours in lost productivity.

A balance must be drawn up between an obvious business requirement to protect from internet threats/abuse and the rights of the employee. Monitoring your employees' email and internet use is an emotive issue – and one that can damage employee relations even when lawfully carried out.

You must inform your employees if you intend to monitor their internet and email use. Every company should design and implement a written company email and internet-usage policy - usually termed an Acceptable Usage Policy (AUP) - and this should be included within all employment contracts. It is advisable to involve employees in the drafting of this document as their input and ‘buy in’ will be invaluable.

It should always be remembered that this policy will deliver as much benefit for the employees in terms of protecting them from harmful materials, reducing their personal liabilities, and ensuring business continuity as it will in delivering the business’ objectives.

A well considered and written policy will help to protect your business against liability from the actions of your employees. It should explain clearly what is acceptable and what is expressly forbidden and clearly unacceptable - for example the viewing and downloading of pornographic or racist images in the workplace.

Creating an Acceptable Use Policy (AUP)

As a bare minimum, the policy must state that it applies to all employees at all times during the normal working day, and that the business/company monitors email and internet use. It should also state who ‘owns’ the policy for the business, what actions will be taken for breaking the policy and how the policy will be managed and evolved ‘in life.’

The security policy must stack up with the business’ overall objectives e.g. what are the key risks to the organisation - not the imagined, not the nice to have - but the real risks and what tools are available to ensure that end users are reminded of their responsibilities under the terms of the policy. For example a virus is a real risk to an organisation but is the use of the Google tool bar as big a risk? Quite simply, many organisations resort to "management by vulnerability as opposed to management by policy”.

Allied to risk is the issue of trust. A stand alone blanket policy ‘designed to prevent everything and anything’ will fail; it will be circumvented and most harmful of all it will create an environment where employees do not feel trusted. Once an Acceptable Usage policy is in place which is logical, acceptable, easily understood and can be modified effectively, the organisation can then seek to find technical solutions to enforce it.

The selection of the tools to enforce the policy is the final challenge. With the rise in mobile working the perimeter has changed and has become more fluid. Applying and enforcing policy across a wide and disperse user base is causing no end of heartache.

Consideration must now be given to a total security system by realising that end points, laptops, computers etc, are core network components. An end point solution such as Netintelligence, enables the organisation to take the policy and apply it at an individual level whilst focusing and protecting the network as a single unified whole.

Excellent information can be found at: