Acceptable Use, Part II: Monitoring Use
June 18 2007
Earlier, we discussed the benefits of having an acceptable-use policy to spell out to employees the rules for using your company-owned computers and network. This time, we consider the next logical question: what to do to make sure it’s followed?
Legal decisions over the last five years have granted employers broad rights to monitor use of company-owned IT systems. Jumping in to assist, dozens of software companies now offer the means to spy on your employee’s e-mail, see which websites they've visited, tabulate the minutes they've spent on each document, and see what's on their computer screens any time you want.
A study by the American Management Association found that 80% of companies surveyed now employ some form of monitoring, up from 35% four years ago.
This may be in response to research showing that, for example, 86% of employees use their work account to send personal e-mail, or that 60% of all online purchases are made at work. As one monitoring company asks, "Do your employees SURF AWAY productivity?"
Productivity aside, monitoring helps safeguard the unauthorized spread of proprietary information and shield the company from lawsuits involving inappropriate web use. Monitoring may especially appeal to multi-site businesses, since owners aren't around everyday to see what's going on.
But just because you can play Big Brother, does that mean you should?
Personnel specialists point out that monitoring (especially in its more intrusive forms) can produce a backlash among employees, making them feel distrusted and belittled. Productivity and morale can dip if monitoring creates an us-vs.-them relationship with management, rather than the sense of participation and ownership that most companies strive to create.
Experts suggest several means for staving off that scenario. First, share with employees how monitoring will help the company. If employees see the sense in it, they're less likely to take offense. Get the whole company leadership involved -- it's a company policy, not something the IT department cooked up. Finally, don't let technology and procedures take the place of personal interaction. A good old-fashioned face-to-face may solve a problem far better than pointing to the rules.
If you put a sensible monitoring policy in place and communicate it effectively to employees, you may never end up "using" it. But if trouble arises, you’ll have what you need.
How you create and implement your monitoring plan will make a difference in how employees receive it. Strategies to use (and avoid):
DO involve all parts of company leadership in creating a clear, reasonable acceptable-use policy that's based in your business case for monitoring. Understanding the reasons for the policy helps employees buy in.
DO inform employees early and often about what will be monitored and how.
DO spell out policies for violations: Warnings? Reprimands? etc.
DON’T play "gotcha." Once you set up your new policy, give workers an amnesty period to adapt.
DO enforce the policy fairly, for everyone.
DO follow through so that employees know the policy is not just for show.