Communication is now enhanced by means of technology, e.g. by email or by using web pages. In addition to business-oriented communication, it can be used for private communication as well. Do you see a difference between the following situations?
a) An employee is using email and web services from his/her office during working hours for private purposes (dating with a friend, shopping, organizing a holiday trip, etc).
b) He/she is using them for the above purposes from his/her office before or after working hours.
c) He/she is a telecommuter and uses them from his/her home through the computer his/her company has provided to him.
I think that the best way to explain the differences in the following situations is to
perform a rudimentary risk analysis on all three. I think that there are three risks in
situation A, B and C. The first is the risk to productivity. The second is the risk to the
network. The third is the risk to the computer equipment that acts as the communication
Situation A actually contains all three risks. By using email and web services on a
non - work related task the employee's productivity is effectively zero. The employee may
counter this argument (like I do) by insisting that if they are at their desk they are still
working - they can answer the phone, speak to people that approch them. But their extra
curricular activity is affecting the outcome of whatever project they are working on. There
is also the question of what material the employee is looking at. The New York Times website
may be harmless enough, but a recently foiled terrorist plot in the UK meant that "police
seized computers and other material from two hospitals in western Australia in connection
with the failed terrorist plot in Britain" (McConville, 2007).
By shopping or organising online the employee is also presenting a risk to the network;
resources are tied up in whatever he or she is interacting with. Again, an employee could
argue that visiting the easyJet website represents maybe a percentage of one percent of the
total internet bandwidth available to their organisation but it is still an overhead
affecting network performance. An employee could also be unwittingly downloading spyware or
malware while browsing websites. These could have serious network implications in terms of
compromising sensitive data or spreading viruses. These risks also cover the computer
equipment that the employee is using, although in the modern world computer threats are
rarely limited to one machine.
It's interesting to note, I think, that the greatest overall risk is posed in scenario A,
yet only the network and equipment risks are really taken seriously by an organisation.
Internet filters and traffic monitors can stop employees visiting blacklisted sites and flag
up if their non - work related internet use is excessive. But in my experience little is
done to stop employees reading an online newspaper or checking their personal email while
working. One thing that this evolved communication means is that employees abuse their
telephones and the office photocopier / fax machine less (although I'm sure that plenty of
people print off maps, tickets etc.).
Scenario B poses less of a risk. If the employee is trusted then I'm sure that most
organisations are happy for them to use the internet facilities in their own time. Scenario
C is slightly different - I'm assuming that the worker has their own broadband connection at
home and is using their work - provided computer to connect. In this case the organisation
has no idea what websites or material the employee is accessing because this is outside of
their control. A great deal of trust needs to exist between the organisation and the
employee for this to happen. It could be tempting for the employee to download music or
other files for personal consumption; in reality each time this is done it presents a huge
risk to the organisations network. Staff who are experienced in the field of IT should know
enough for this not to be a problem - I am allowed to use my work laptop on my own network
at home to access Embanet, for example, but know full well the consequences of downloading
something 'dodgy'. Staff who are not IT savvy may not fully understand the risks and have a
worryingly blaze attitude.
McConville, B (2007) British look for links in failed plot [Online] San Francisco: Hearst
http://www.sfchroniclemarketplace.com/cgi-bin/article.cgi?file=/n/a/2007/07/05/international/i140152D02.DTL (Accessed 29th Marh 2008)