Article

Report: Looking for love in all the wrong places

Anne Saita

Despite all the dire warnings about legal liabilities and security risks, a new study indicates one in five workers uses his or her company's Web access for personal use.

Among the industries reporting the highest abuse is the male-dominated manufacturing field, where nearly 13% of users try accessing forbidden pornography, dating and gambling sites. Its workforce also tended to chat longest with friends while at work. Government workers, meantime, were more likely to be lured to a site containing spyware and malicious code, according to a just-released report by content-filtering software provider Burstek, a unit of Burst Technology Inc. based in Bonita Springs, Fla.

The study of 10,688 employees in seven industries reflects the reality of Internet usage in the office. Twenty percent of all Internet access at work was for personal use, accounting for 21% of a company's bandwidth costs. The study included education, engineering, finance, government, healthcare, manufacturing and non-profit organizations -- some of which used content filtering software and others that merely monitored their employees' behavior.

"What this points to is a cultural phenomenon," said David Smith, chief operating officer at Burstek. "I think there is an evolution going on and each firm has to deal with this evolutionary process in their own way, with what their management feels is most appropriate."

Beverly Lambright, the company's director of marketing, said companies should

    Requires Free Membership to View

set up intradepartmental teams to devise or refine -- and then enforce -- enterprise-wide Internet acceptable use policies. It could be a one-size-fits-all plan that blocks certain types of sites using content filters or it could be a multi-tiered approach that allows access based on an employee's rank.

That workers continue to surf suspicious sites or chat and e-mail friends on the company's dime is no surprise, considering that many employees now spend longer hours in the office. They also use Web-enabled mobile devices more frequently, often issued by the company, to continue working off-site. As the definition of work hours blurs, so do the lines that distinguish personal from official use of the Internet.

But from a company's standpoint, such use still is a major drain and poses serious security risks.

Among the Burstek study's findings:

  • More than 8% of all personal use posed a legal liability risk, such as inappropriate behavior and perceived sexual harassment from employees surfing pornographic, hacking, gambling and hate-group sites.
  • Almost 20% of personal use posed a network security threat through unintentionally downloading spyware or other malicious code or participating in illegal file-sharing.
  • Almost three-quarters (72.34%) of personal online habits ate into productivity (versus being done before or after work), with online shopping the No. 1 culprit. Entertainment sites came in second, followed by personal e-mail, sports, chat rooms, job searches and gaming.

With legal liability use:

  • Manufacturing had the highest abuse rate (13%) when it came to accessing inappropriate sites, such as porn and gambling. But another male-dominated industry, engineering, posed one of the lowest rates (less than 1%), suggesting more than gender was responsible.
  • The most frequently accessed sites within this category of risks: personals and online dating sites, with manufacturing again leading the way. It's 6% access rate was 20% higher than all other industries combined.

From a security risk standpoint:

  • Government agencies at the local, state and federal levels had the highest incidence (nearly 23%) of employees accessing sites containing spyware and malicious code. Burstek officials believe most of these visits or downloads are unintentional and that malware writers target those with a .gov in their e-mail address with attractive offers to which employees are tempted to respond.
  • Healthcare workers had the lowest incidence of this type of Web behavior; however, given how heavily regulated that industry now is, the 17.8% rate was still surprisingly high.

As for employee productivity loss: