From the Sept. 2006 Issue
An interesting recent conversation with the principal of a small accounting
firm has driven me to address the personal use of the Internet by employees
at work. The question he had regarded how to address his staff’s personal
use of the Internet. Should it be banned or regulated? How could he develop
a policy to address it? So here is a general overview of the situation, with
a few recommendations for those who might want to try to implement a written
policy for their practice.
Ever since the professional workplace became infested with mice in the late
1980s and early 1990s, (computer mice, of course), businesses have been developing
policies to deal with proper and improper use of the systems by their employees.
The Internet, now about 12 years old, compounded the perceived problem: While
it certainly was a revolution in communication and work processes, it also provided
nearly untethered recreational opportunities for employees to pursue in lieu
of work. While similar in some aspects to personal use of other company resources,
the potential loss is that of time and productivity, as opposed to the financial
costs resulting from personal phone calls, faxes, paper or photocopies.
So for larger businesses, the era of policy building began, with many employers
banning their staffs from any personal use of the Internet. This was, in retrospect,
a wholly unenforceable ideal. As a result, over time, most companies have developed
more moderate policies that allow for moderate use of the Internet for personal
issues. But most small professional firms still have yet to develop a written
guideline for use of the Internet.
Effects on Productivity
First of all, it should go without saying (but apparently doesn’t) that
Internet access is an absolute necessity for any professional practice, and
especially so for accounting firms that require access to up-to-date tax research,
remote data backup and hosted solutions. The foremost concern for the principals
of these firms about employee Internet use is usually loss of productivity.
Over the past decade, several studies have provided varying findings, but
most tend toward the notion that total segregation of work and personal activities
can result in a decline in productivity, as well as lower workplace morale,
according to Roland Rust, director of the Center for e-Service at the University
of Maryland’s Robert H. Smith School of Business. “Businesses should
accept some personal use of the Internet by employees at work as not only inevitable,
but as positive to the organization,” he said, noting that since the proliferation
of the Internet and e-mail, workers also are more likely to check work e-mail
from home and, depending upon the nature of their profession, to do work from
home. The telecommuting option has also been borne of technology and has been
a boon to many firms.
Policy Recommendation: Aside from banning personal
usage, it is hard to offer a finite amount of time that might be appropriate.
However, employees should be reminded that, while occasional personal use
of the Internet is acceptable, it should be limited and only involve workplace-appropriate
activities that are neither disruptive nor offensive to others.
Keep in mind that the above notations on the effects on productivity assume
a moderate use of the Internet by employees who are already working on their
PCs. There are, of course, some people whose compulsive behaviors drive them
to spend an inordinate amount of time in chat rooms, gambling sites, gaming,
lewd sites or other areas. This behavior is obviously unacceptable, resulting
in lost productivity and, in the case of downloading music or pornography, may
have legal repercussions on the firm. Internet Explorer and other browsers can
easily be set to disallow pages based on content, and more powerful filtering
tools are also available, but may hinder employees with a need to conduct broad
Policy Recommendation: Here is where to make the
“hard and fast” rules. It should be very clear that it is not
permissible to visit pornographic or gambling websites, or those advocating
violence or illegal activities. Employees should also be notified that job
hunting is not a permissible use of the company’s technology resources.
So if the effects of moderate personal use of the Internet is a draw at worst
(and a slight morale boost or stress reliever at best), then the more real threats
need to be addressed. Viruses and worms cause much more financial damage each
year, inflicting damage on software and operating systems, and compromising
sensitive data. That’s why it’s imperative for any business, especially
professional accounting firms, to have modern (and frequently updated) utility
programs that scan all e-mail and prevent inadvertent downloading of unsafe
materials. These can be purchased online or from any computer retailer, but
it is imperative that they be kept up to date. A little common sense also goes
a long way: Don’t open attachments from people you don’t know, especially
zipped files or *.EXE files. E-mail filtering and spam blocking tools must be
employed by the company. Also, for most workers, it is beneficial to not provide
them with Admin rights to their workstation and to restrict them from being
able to download programs. Even innocuous little things like the Weather Bug
can have malicious intent.
Policy Recommendation: In addition to codifying
the “don’t open these kinds of files” rule in the firm’s
resources policy, occasional reminders also serve to keep workers vigilant.
Deny program download rights to all but Admin users.
Misuse of E-Mail
Virtually everyone receives some form of personal e-mail at work, but e-mail
that contains inappropriate content carries the potential for legal liability
(as well as not being proper at work), and there is the risk of sensitive data
being transferred in an insecure manner.
Policy Recommendation: “Inappropriate content”
is in the eye of the business owner or manager, so define this as you see
fit, but also reinforce the knowledge that any information transmitted by
regular e-mail is inherently at risk of being observed by outside people,
so absolutely no confidential or identifying client or business information
should be relayed via that method. Also, whether the principals/partners decide
to implement the tactic, employees should be reminded that all e-mail sent
to and from the company’s e-mail servers are their property and can
be examined. (This is permitted in most states, but please seek legal counsel
prior to do doing so.)
Most practicing public accountants work for small firms where real relationships
develop between the principals/partners and the general staff, so hiring and
firing decisions are not easy to make. There must be consequences, however,
to violations of the workplace Internet policy, but they must be made by the
superior with respect to the severity of the offense. Almost all U.S. states
(43) recognize “at-will” employment relationships, so dismissing
an employee for serious or continued abuse of Internet usage is generally acceptable,
but once again, this is not a legal advice column.
While there certainly can be negative potential effects from the misuse of the
Internet and e-mail, there is similar potential for the misuse of telephones
and other office equipment. But businesses can also benefit from allowing their
staff responsible personal use of the Internet. Employees usually cite higher
morale, but it can also provide a wind-down from stress. As well, frequent Internet
users are more likely to be caught up on current events, including those that
could affect the firm or its clients. Additionally, the ability to manage their
banking online, in conjunction with the direct deposit you surely provide them,
helps them spend less work time in line at their financial institution. In short,
an Internet use policy that permits responsible limited personal use can benefit
both worker and employer, providing a knowledgeable, competent staff that enjoys
their work environment.
Mr. O’Bannon is the technology editor for The CPA Technology Advisor.