Employee Internet Management—How to Manage Workplace Internet Abuse

Searching for employee internet management solutions? The internet is a powerful tool for improving employee productivity when it’s used for work-related purposes. Unfortunately, workplace internet abuse is a very real problem that contributes to a variety of productivity and security concerns. In this article, you will learn how to monitor and prevent the inappropriate use of the internet in the workplace. 

Table of Contents

What Are the Risks of Poor Employee Internet Management?

When employee internet use is left unmanaged it provides opportunities for a variety of counterproductive work behaviors (CWB) such as cyberbullying, cyberloafing, sexual harassment, and data theft. Employers need to be conscious of these risks when they provide their employees with internet access in the workplace.

This next section will overview the top risks that need to be addressed as part of your employee internet management strategy. I will cover strategies for addressing these risks later in this article.

Reduced Productivity in the Workplace

A woman in professional attire stares off-screen, distracted

There is no doubt that the internet is an extremely valuable tool for improving the productivity and capability of your organization. That said, without an employee internet management framework an employee’s productivity can rapidly decline. Social media, forums, gambling sites, and gaming sites are all incredibly tempting distractions during a stressful work day.

Internet abuse in the workplace is devastating for employee productivity. Actively disengaged employees will participate in a form of time theft known as goldbricking. Employees that goldbrick will invent excuses to avoid their tasks, shirk their responsibilities, and engage in unproductive or harmful activities in the workplace.

What is goldbricking?

Goldbricking is the practice of doing less work than one is able to while maintaining the appearance of working.  The term originates from the confidence trick of applying a gold coating to a brick of worthless metal—while the worker may appear industrious on the surface, in reality they are less valuable. – Wikipedia

There’s another employee internet use phenomenon known as cyberloafing that you should be aware of as well. While not as serious as goldbricking, cyberloafing—the act of browsing non-work websites during work hours— is incredibly common. 

In fact, a Salary.com survey found that 64% of employees engage in cyberloafing every day at work. Out of those employees, 39% said they wasted up to an hour on the Internet at work, 29% wasted 1-2 hours, and 32% wasted more than 2 hours per day.

Employees aren’t exactly feeling like they’re engaging in anything nefarious when they cyberloaf, either. A report from the Lee Kong Chian School of Business states that 97% of male survey participants and 85% of female participants believed cyberloafing was acceptable in the workplace

What is cyberloafing?

Cyberloafing—also known as cyberslacking— describes when an employee surfs the web for reasons that are not related to their job. This includes using workplace internet for personal use, playing computer games, and browsing social networking sites.

Why do employees cyberloaf in the workplace? 

  • 34% of employees say they are not challenged enough
  • 34% say they work long hours
  • 32% say there are no incentives to work harder
  • 30% are unsatisfied with their employment
  • 23% say they’re bored at work
  • 18% say it’s due to low wages
    Salary.com: Wasting Time at Work Survey 2013

It’s not all bad, though. 

According to a publication from Brent Coker of the University of Melbourne so-called “cyberloafing” can have a positive impact on employee productivity; so long as non-work internet browsing does not consume more than 12% of an employee’s work time.

As an employer it’s important that you trust your employees to limit their personal use of the internet to reasonable levels, however you should still have systems in place for identifying and addressing excessive cyberloafing. I will cover strategies for addressing employee internet misuse later in this article.

Network Bottlenecks from Bandwidth Hogs

Ethernet cords going into a network hub

The abuse of bandwidth hogs such as YouTube, Twitch, and Netflix drastically impact network performance. Employees that frequently use the internet for these non-work purposes dramatically affect the productivity of their coworkers by contributing to network latency. 

If bandwidth hogs are left unmanaged they can lead to network crashes, dropped VoIP/video conferencing connections, and limitations to other business processes that rely on internet connectivity.

As part of your employee internet management strategy you should search for a computer monitoring solution that monitors employee bandwidth usage. This allows you to diagnose whether network latency is as a result of a genuine increase in demand or if bandwidth availability can be optimized by limiting the use of bandwidth hogs.

Data Loss & Malware Infections

Personal data phishing concept background. Cartoon illustration of personal data phishing vector

Providing employees with unrestricted internet access is a cybersecurity nightmare. The internet is rife with security threats like phishing emails, malware, and threat actors that would love nothing more than to compromise your organization’s network.

Employees that browse the internet at work risk unknowingly infecting company endpoints with malicious computer spy software that transmits keystrokes, files, and other sensitive information to threat actors.

That’s only that start of it; what about insider threats?

Insider threat management is top-of-mind for industries that handle electronic health records and financial data, but it needs to be included as a part of any organization’s security strategy. 

Consider this: With unrestricted access to the internet an insider data theft incident can be as simple as a disgruntled (or negligent) employee logging in to a personal cloud storage website and transmitting sensitive data to an external server. 

Legal Liability

California Consumer Privacy Act

As an employer you are responsible for ensuring that your employees use company-provided resources appropriately; workplace internet misuse is no exception. 

If your employees use the company internet for illicit purposes such as piracy, data theft, harassment, hacking, and related activities there is a significant risk that your company will be held liable for any associated damages.

Piracy in the Workplace

Piracy refers to the unlawful download of intellectual property and other copyrighted works such as movies, video games, music, and software. Pirating is often done with the aid of dedicated peer-to-peer (P2P) software programs, torrents, and websites that are dedicated to hosting pirated files.

Why Piracy In The Workplace Is Dangerous:
  • Hefty Fines: Organizations such as The Federation Against Software Theft (FAST) and The Software & Information Industry Association (SIIA) work with software companies to prosecute companies that have been found to be using unlicensed software.
  • Data Exfiltration: Warez and P2P platforms can lead to incredibly damaging data breaches. These platforms can be used to transmit corporate data to unauthorized parties that may use the data for identity theft or for learning trade secrets.
  • Malware Attacks: Piracy in the workplace may lead to the installation of Trojans, a type of malware that disguises itself as legitimate software.

Hostile Work Environment

Workplace internet abuse affects more than just a few individual employees. Unmanaged internet use risks creating a hostile work environment when employees browse the web for material that is not safe for work such as pornography, violence, hate speech, or otherwise inappropriate. 

How common is browsing porn at work? 60% of respondents in a Sugarcookie survey admitted to watching porn at work at least once. They’re not always as discrete as they think they are, either; nearly 20% of them have been caught in the act. Why do employees watch porn at work? 58% said they were bored and 20% who watched said it was because they were stressed.

It’s bad enough that this is even happening at all, let alone the implications of an employee being unwillingly exposed to inappropriate content as a result of their coworker’s workplace internet abuse. CNBC previously reported that half of all workers in a survey said they’d been exposed to sexually explicit material by co-workers

As an employer, you cannot afford to avoid addressing these risks proactively. If you allow inappropriate web browsing to occur in your company you risk severely impacting employee morale and facing a lawsuit for sexual harassment or a hostile work environment claim.

Can Employees Be Fired for Surfing the Internet?

It depends. As with all things related to the law, there are some grey areas, differences in laws between jurisdictions, and competing precedents. That said, firing an employee for surfing the internet is not completely unprecedented: In 2009 alone 26% of organizations terminated workers for internet misuse.

Employees have been fired for:

  • Violating company policies related to internet use (e.g. risking sexual harassment by visiting sexually explicit websites at work.)
  • Using inappropriate or offensive language in electronic communications
  • Engaging in excessive personal use of the internet
  • Breaching company confidentiality rules in electronic communications

When considering whether to fire an employee for internet abuse as part of your employee internet management strategy, it’s important that there is a precedent set for how your company defines acceptable vs inappropriate use of the internet.

Guidelines for terminating employees for internet abuse*

  • Make your expectations clear from the beginning
    Ensure that your company has a written acceptable use policy that dictates how employees are expected to use the internet and other technology while at work. Your employees must acknowledge their understanding of the policy with a suitable signature and your company must regularly and fairly enforce the policy.
  • Ensure that corrective actions are fair
    The level of corrective action that you take should be in proportion to the severity of the event. After all, an employee that browses Reddit during a slow period and an employee that watches pornography at work are two entirely different extremes. 
  • Make a termination the last resort
    Unless the employee has engaged in outright unlawful activity you should do all you can to correct the unwanted behavior before resorting to a termination. Work directly with employees that are not meeting expectations to develop a plan that gets them back on track. Consider using progressive discipline such a verbal warning, a written warning and a probationary period to correct unwanted behavior first.
  • Keep detailed records of incidents
    If an employee is using the internet in a way that violates company expectations, there needs to be a clear record showing that they are aware of the company’s expectations and that they have gone against them. In addition to a signed internet use policy you should maintain records of employee web browsing history for further review. These records will prove to be incredibly valuable when investigating a complaint from another employee.

*This is not legal advice. Please seek legal counsel and consult your HR department regarding employment law in your jurisdiction.

Consistency is key. This segment from Guillaumes LLP contrasts two similar cases related to employee internet management with two very different outcomes.

In the case of Scarlett and another v Gloucester City Council ET/1401395/12, two employees dismissed for excessive personal internet use brought a successful unfair dismissal claim due to the informal nature of the employer’s internet policy and the prior provision of less serious sanctions for other members of staff who had done the same. 

In other cases, employers have been found to have acted lawfully in dismissing staff for excessive personal internet use.  In McKinley v Secretary of State for Defence ET/2302411/04, an employment tribunal agreed with the employer that a senior member of staff spending 10% to 15% of his working time surfing the internet for personal use was excessive.”

Guillaumes.com: Using the Internet at Work – What’s The Law?

Employee Internet Management Best Practices

Now that you know the risks of workplace internet abuse, it’s time to focus on solutions for managing employee internet use at work. 

In this last section I will guide you through the use cases for employee internet management software, provide you with an internet use policy for communicating expectations to your employees, and go over the best practices for controlling internet access at work.

Deploy Employee Internet Management Software

A majority of companies use some form of Employee Internet Management (EIM) software such as computer monitoring or web filtering software. The visibility and control these technologies provide make them the ideal solution for preventing workplace internet abuse.

Employee Internet Management Software to Monitor Employee Computer Activity

“Employers that don’t monitor [their employees] will become fewer and fewer, not to nail employees, but because monitoring increasingly makes business sense.”

Manny Avramidis, president and CEO, the American Management Association

Employee monitoring is incredibly common. 94% of organizations surveyed in the 2018 Insider Threat Report said that they deploy some method of monitoring users. Monitoring employees in the workplace provides employers with the data they need to identify workplace internet abuse before it escalates.

Best practices for using software to monitor employee computer activity
  1. Be Transparent
    Employees that are not aware that they are being monitored, why they are being monitored, and how they are being monitored are less likely to find employee monitoring acceptable. Being transparent about your use of employee internet management software greatly reduces the potential for the solutions to be considered invasive. 
  • Have your employees sign an acceptable use policy that states your intent to monitor employee computer activity.
  • Disclose the scope of employee monitoring during onboarding and within employee handbooks.
  • Periodically remind employees of your company’s policies surrounding employee internet monitoring.
  1. Avoid Monitoring More Than Necessary
    Ensure that the employee internet management software you use to monitor employee computer activity does not capture more data than necessary. For example, you can enforce internet use policies by tracking URLs visited by employees; there is no need for invasive functions such as keystroke logging.
  1. Only Use Employee Internet Activity Data for its Intended Purpose
    Before you start monitoring the internet browsing history of your employees, you must first understand how the data collected will align with your company’s goals.

    If employees are told that the data is being collected for the purpose of enforcing acceptable use policies it is critical that it is not reappropriated for another purpose without their explicit and informed consent.

    Using employee data for purposes other than those previously agreed to may lead to severe penalties depending on the jurisdictions that pertain to your company. For more information see the Purpose Limitation principle in Europe’s General Data Protection Regulation (GDPR)
  1. Protect Employee Monitoring Data From Misuse
    Employee browsing history can be incredibly sensitive. Consider what type of information could be revealed from your search history: personally identifiable information, discretionary medical details, and information regarding protected classes, for example.

    Organizations need to ensure that adequate security measures are in place to prevent their employee’s data from being misused or leaked to unauthorized parties.

    This includes password protecting employee monitoring dashboards, reducing the amount of people with authorized access to the data, and limiting access to specific datasets based on the legitimate interests of the individual (e.g. only allowing a manager to review the data of their direct reports or only allowing human resources staff to access employee data)

Employee Internet Management Software to Block Websites

Deciding whether to block a website outright or simply monitor for excessive use is a unique employee internet management challenge for organizations. 

Companies that block access to certain websites at work are most often concerned about employees visiting sites with content that is related to pornography, gaming, social networking, entertainment, shopping, and sports.

To manage employee internet access more efficiently you can use web filtering software with a category filtering database. These convenient databases contain millions of websites that have been catalogued based on the content of the website. This allows you to effortlessly block inappropriate content without manually researching and entering individual URLs for each site.

How common is web filtering software? 89% of organizations limit employee internet access. 90% restrict web access to protect against malware/ransomware infections, 84% want to keep users from visiting inappropriate sites at work, and 83% aim to prevent unacceptable user behavior – Spiceworks

Avoid overblocking, though. If your company’s internet restriction policy is too severe you risk employees becoming frustrated and attempting to bypass your network’s web filter. Start by blocking websites that are always inappropriate such as pornography and hate sites. As you continue to monitor employee internet use you will discover whether or not other categories of websites are being abused in the workplace.

Concerned about cyberloafing? Rather than blocking unproductive websites outright, consider using employee internet monitoring software to ensure that unproductive browsing is within reasonable limits. This empowers employees to manage their own productivity while also providing you with the ability to address egregious misuse of the internet. Besides, 71% of employees in a Salary.com survey said they believe short breaks throughout the day are beneficial for their productivity.

Create a Satisfactory Work Environment

If you are concerned about employees wasting time online, it’s important to realize that excessive cyberloafing is likely to be a symptom of a larger problem. 

Employees that are engaged, sufficiently challenged without being overworked, and content with their work environment are not going to become actively disengaged and spend the majority of their day browsing social media.

As a part of your employee internet management strategy, you need to be prepared to address factors that contribute to internet abuse such as a lack of clear direction, employee burnout, dissatisfaction, and management practices that are incompatible with the employee’s needs.

Write and Enforce Internet Use Policies

To ensure that the internet is used appropriately by employees you need to provide them with clear internet usage guidelines. These guidelines will help to prevent employees from excessively surfing the internet and provide human resources staff and/or management with a precedent for correcting inappropriate browsing behavior.

An internet use policy is an excellent tool for providing your employees with an understanding of how they are expected to use technology in your organization. To get the most out of your internet use policy it is critical that it is consistently enforced.

What is an Internet Use Policy?

An internet use policy is a document that provides users with rules and guidelines regarding the appropriate use of equipment, network and internet access. These policies cover topics such as the type of content users may access, whether or not personal use of the internet is permitted, and whether or not the internet use is monitored.

Need an internet use policy for your business? Download our free template.

How to Write the Perfect Internet Use Policy

  1. Avoid being too detailed
    When it comes to defining standards of behavior in your Acceptable Use Policy, you can simply address important high-level scenarios rather than listing out every single individual action that would be considered “inappropriate”.

    Outline the most common misuses you are guarding against such as illegal activity, workplace harassment, and other related actions that would be harmful to your business. 

    You don’t want to be too broad though. A vague phrase like “Inappropriate use is prohibited” isn’t going to cut it – be sure to provide enough detail to limit ambiguity without going overboard.

    You must also write your internet use policy for a general audience. Minimize the use of jargon and make sure that any acronyms are adequately explained.
  1. Use strong, active words
    When outlining explicit employee expectations in your policy you must use strong words such as must rather than should. This makes it clear that what is being asked of them is a rule rather than a general guideline.
  2. Test your employee’s knowledge
    After your employees read the policy you should ask them pointed questions to ensure they have truly read and understood the policy rather than simply signing it blindly.
  3. Keep the policy in an accessible location
    After they’ve read and signed the policy, show your employees where they can go if they need to access it again. Keep copies of the policy in a convenient location such as the company intranet and the employee handbook. After all, the intent of the policy is to communicate expectations; it’s not simply a piece of paper that’s intended to be buried in a file somewhere out of reach.
  4. Use text formatting and organization to your advantage.
    Break large blocks of text into smaller sections, use headers to separate key sections, and use typefaces that are easy to read. Making the policy skimmable will help greatly when employees need to refer back to it to remind themselves of specific stipulations.

Tips for Enforcing an Internet Use Policy

  1. Monitor web browsing for internet usage that falls outside of expectations.
  2. Use web filtering software to block access to undesirable websites.
  3. Ensure that your policy is clearly understood by your end-users.
  4. Periodically remind your end-users about the policy.
  5. Have a plan for correcting undesirable web browsing. 

Want to learn more? Check out our article 5 Ways to Enforce Your Acceptable Use Policy.

Should You Let Employees Use the Internet for Personal Tasks?

Deciding whether or not to allow your employees to use the internet for personal tasks is not as clear-cut as it may seem. There are a number of privacy and security concerns associated with personal internet usage. 

For example, personal email accounts are more vulnerable than those protected by corporate email gateways. Employees that are being monitored on corporate systems may have sensitive information captured by the employee internet management software.

On the other hand, zero-tolerance policies for personal web browsing are likely to frustrate employees and negatively impact morale. When developing your internet use policy you must consider how you will balance network security, productivity, and employee satisfaction.

What’s Next?

An employee internet management strategy is critical for ensuring that your employees use the internet responsibly and safely. A combination of employee internet management software, a satisfactory work environment, and a solid internet use policy will provide you with the tools you need to manage workplace internet abuse.

Need to manage employee internet use in your company? Get started with a free trial of CurrentWare’s employee internet management software solutions.

Dale Strickland
Dale Strickland
Dale Strickland is a Marketing Coordinator for CurrentWare, a global provider of endpoint security and employee monitoring software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.