16 June 2015   by Riva Richmond (c) Entrepreneur

Employers have a well-established legal right to track Web surfing, emailing and other activities by employees using company computers and mobile devices. But should they do it?

There can be several reasons in favor of monitoring. First, it can helpprotect your company from theft or other harm. Monitoring can also help affirm compliance with regulations, secure evidence in case of lawsuits and ensure the workplace is free of harassment. At least two thirds of companies monitor and half have fired employees for Web and email infractions, according to research by Nancy Flynn, executive director of the ePolicy Institute, a Columbus, Ohio, training and consulting firm.

Take Celeste O’Keefe for instance. The chief executive of DANCEL Multimedia, a Biloxi, Miss., marketing firm that serves lawyers, began monitoring in 2006 after noticing that employees too often hid their screens when she walked by. Her clients pay by the hour, and she wanted to make sure employees were working. O’Keefe asked her staff to sign a technology agreement and told them she would be watching.

Still, she has fired four people for digital infractions since then, including a woman who did school work on the clock and a man who inked side deals with clients that should have been brought into the firm. Worse, O’Keefe says she caught an employee who was downloading pornographic material that appeared to involve minors and gave police evidence collected by her monitoring software, SpectorSoft.

Related: Seven Tech Tools for Fighting Retail Crime

Employers should also be aware of the potential pitfalls of monitoring. You could create a morale problem and hurt employee performance if your workers feel a distrustful Big Brother is lurking over their shoulders. You could inadvertently learn about people’s religion, sexual orientation, political views and medical problems, creating potential privacy dilemmas or even opening your firm up to discrimination lawsuits. And you could run afoul of the National Labor Relations Board if you discipline employees for making negative comments about you online. A year ago, it issued guidelines affirming employees’ right to discuss and seek to improve their working conditions, following a number of cases involving social media.

Mangers should consider the difference between monitoring and surveillance, says Andrew Walls, security and risk analyst at Stamford, Conn.-based research firm Gartner Inc. It isn’t controversial or obtrusive to monitor events on a company’s computer system to ensure proper use and protect the company’s assets and reputation.

But surveillance, defined as tracking an individual’s activities, has “a creepy factor” that can cause pushback from employees, he says. Avoid such trouble by engaging only in focused surveillance of a person if you have well-founded suspicions of policy or legal violations and have the documented agreement of top managers and your attorney.

General monitoring for electronic abuses, with employees’ full knowledge, is a necessary practice, Flynn says. “It’s a fact of business life that legal risks exist, regulatory risks exist,” she says. “Employees will put your business at risk accidentally or intentionally. You need to mitigate those risks” and keep misdeeds from turning into expensive crises or lawsuits.

Here are three tips for an effective and fair approach to electronic monitoring:

Related: How to Protect Your Business from a Rogue Employee

1. Set written policies.
It’s important to create a corporate policy on Internet and device usage that makes rights and responsibilities clear to everyone — and that bolsters your case should you face a legal challenge.

Employers should define their risks and security needs, weigh employees’ expectations and develop a policy that strikes a balance, Walls says. Set rules for acceptable use of email, instant messaging, social networks, blogging and Web surfing, as well as for downloading software and apps. Also, consider establishing an electronic code of conduct for employees to sign.

A policy also should spell out how monitoring will be done and how data will be secured or destroyed, Walls says. Protect your business and your employees by putting a high-level manager in charge and putting checks and balances on his or her power.

2. Inform your workforce.
Explain the risks to the business from improper use of digital assets, the company’s digital policy, the limits on employee privacy in the workplace and the fact that monitoring will occur.

“You need to have the transparency, that fully informed consent, or you run into morale issues or legal issues,” Walls says. Moreover, simply letting people know you’re watching can have an important deterrent effect.

Only Delaware and Connecticut require employers to notify employees about electronic monitoring, but it’s a sound practice wherever you live, Flynn says. Reassure employees by saying: “Listen, we’re not electronic voyeurs. We’re not monitoring because we’re nosy and want to find out all about your divorce. … We are monitoring because we are obligated to maintain a compliant workplace.” Encourage employees to keep private communications to home computers and personal smartphones.

Related: Tech Tools for Keeping a Digital Eye on Employees

3. Use technology tools.
Products abound for monitoring computers, mobile devices and networks. To reduce the potential for office friction, the collection of sensitive personal information and the amount of time you spend on the task, consider using technology that can alert you to potential problems, so you can focus on what matters and pry less.

You may also want to filter or block some Web content, such as porn and hate sites that could create a hostile work environment and spiral into a dangerous problem.


InCyber Comments:

The InCyber PAS Pro-Active and Predicting System has been proven 100% effective against Insider Threats. For additional information write to: info@incyber.co We are now offering a Free Insider Penetration Test for up to 500 Employees using your own historical data.