Bug Watch: the dangers of surfing at work

Bug Watch: Each week vnunet.com asks a different expert from the IT security world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats.

This week, following the recent mass dismissals at Orange for inappropriate use of company emails, Matt Tomlinson, business development director at MIS Corporate Defence Solutions, highlights the legal implications and costs your business could suffer through a lack of correct email and internet policies.

Would you or your employer think it acceptable to photocopy and post your CVs, call a chatline, play cards with colleagues, read a top-shelf magazine or copy sensitive company literature to distribute to anyone you choose inside of work hours?

Of course not, yet this happens all the time through the internet during office hours. Each day at work thousands of people are surfing cyberspace, downloading inappropriate images, sending joke emails and checking the latest sporting results.

This leads to low productivity, expensive internet access bills, network degradation and in some cases legal liabilities, all of which costs your company money. The question is: can employees be dismissed for this? The answer is yes, if a correct e-policy has been enforced.

The latest case of workplace email and internet misuse hit the news when Orange dismissed nearly 40 staff last week for downloading pornographic material from the internet. Had Orange not had an e-policy in place the actions of its employees could have placed it in direct breach of the 1984 Telecommunications Act and the 1959 Obscene Publications Act. Under the conditions of its e-policy, Orange had every right to sack these employees.

As use of the internet and email increases in the workplace, companies need to protect against the possibility of breaking legislation and the ensuing legal costs that can follow. Many are unaware that the Data Protection Act and Computer Misuse Act are relevant to businesses.

Libel, sexual and racial harassment are as applicable to email as to any other means of communication or written document, and stand as admissible evidence in a court of law, meaning that appropriate care should be taken when sending any messages via the internet.

By creating, implementing and enforcing an e-policy, companies can place the responsibility of staying within the parameters of the legislation with the individual thereby reducing the threat of court action against themselves. Seen as an enabling business tool an e-policy can also help to reduce the amount of time employees waste sending joke emails and so-called leisure surfing.

As with any company policy, employees need to be educated about its content regularly. It's all very well adding a policy on to the terms and conditions of employment, but how often is this seen after the initial signing? Refreshers about the policy should take place frequently, perhaps once a quarter or through blanket emails.

Disciplinary procedures should also be made clear so that 'unfair dismissal' is not an option. A clear set of guidelines such as a verbal followed by written warning followed by dismissal leave employees in no doubt about where they stand. Policies also need to be updated regularly, for example, a policy from two years ago may not include a section on MP3.

In follow up to Orange, are there to be more dismissals on the horizon? There is no doubt that as more companies begin to enforce their correct usage policies, employees that fail to adhere to them will certainly be legally dismissed through gross misconduct of company rules.

Next edition: 15 September