Bugwatch: Watch where you're snooping

This week Ian Kilpatrick, chairman of the Wick Hill Group, offers advice on finding effective solutions to deal with the management of staff email and web use.

Nobody likes to feel they're being watched or that their employer doesn't trust them. But, in some workplaces, every email written is scrutinised and employers check out every website visited.

Apart from the detrimental effect this has on employees, it is hugely expensive and a complete waste of time.

At the other end of the scale, some companies have no rules over email and take a similar attitude when it comes to the web. This puts both the company and its employees at risk.

The 'burying your head in the sand' approach is just as inappropriate as the 'big brother' approach, because there are effective solutions to deal with the management of email and web use. There is a happy medium between the two extremes.

We need to monitor email and web use for a number of legal, moral and business reasons.

Morally, companies should protect their employees from racism, sexism and pornography because they can be prosecuted if they don't. Failure to do this has been shown repeatedly in court to be expensive in terms of fines, legal costs and, perhaps worst of all, reputation.

Ambitious, mischievous or disgruntled staff members can also email confidential material out of the workplace.

No sales manager in their right mind would let a sales person walk out of the workplace with the customer database tucked under their arm. But the same sales person could email the list out even more easily, if there is no email management system in place.

There are also major productivity implications if email isn't managed properly. Research from IDC and Gartner Group suggests that 30 to 40 per cent of all email in organisations is personal.

Apart from the loss of productivity this entails, personal email traffic, and its associated attachments, significantly increases network traffic and can adversely affect systems performance.

But when there is too much monitoring of email and the web, problems also arise. Firstly, it is a waste of time and money.

Secondly, it is not consistent with other company policies, as most businesses don't read every letter into and out of the building, nor do they listen to every telephone call.

Thirdly, it is an activity with which companies will eventually be unable to keep up, because email and web use is growing at such an enormous rate.

There is also the undeniable fact that people don't like to feel that their every move is being watched, their every word scrutinised. The 'big brother' approach can leave staff feeling inhibited and hostile towards management and the company.

Additionally, businesses have to formally declare that that they are monitoring web and email use, or they could find themselves legally liable for snooping on staff.

So how do you find the right balance that will keep staff happy, keep the board happy and fulfil all your legal, moral and business obligations? Firstly, you need a policy. You need to clearly decide and record what will be allowed and what will not.

Once you have decided on the rules, the most important thing is to make them crystal clear to staff, as well as making the consequences for transgression similarly clear. This could be verbal warnings, instant dismissal, or some other reprimand.

Fundamental to the effective implementation and management of email and web access is staff buy-in.

Managers should explain, for example, why it is crucial that the customer database is not emailed out, and how it could adversely affect the company's profitability and employees' own job security if it is.

Then, if someone is disciplined, the reaction is more likely to be relief that they have been stopped, rather than sympathy for the staff member and resentment against the company.

Education and training are key aspects of the strategy. Policies should be explained and staff given any training needed. The next step is to monitor staff in a workable way.

There is a range of email management solutions available today which will do this efficiently.

Similarly, there are effective products that manage web use, barring access to selected categories of websites and constantly monitoring for inappropriate activity, and informing management of any problems.

With rapidly growing email and web use, it is increasingly necessary to set and enforce security policies to manage these areas.

Email and web monitoring can be dealt with perfectly sensibly using solutions which monitor automatically and by exception. That way, companies can fulfil their legal, moral and business obligations without being accused of snooping.