IFSECInsider-Logo-Square-23

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
January 28, 2010

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Online porn in the workplace: preventing brand damage and litigation

While accessing pornography is not illegal – unless it’s explicit – the risks associated with brand damage and employee harassment litigation are significant for today’s going business concern.

No organisation can impose an outright ban on the downloading of images or videos in the workplace and yet, without any controls in place, employees will continue to abuse the corporate network, regardless of any acceptable usage policy.

Furthermore, no line manager relishes the task of chastising a top sales person for their accessing of porn, nor does the business want to risk losing a number of valuable employees as a result of their inappropriate behaviour.

It’s therefore essential to put in place a system that not only monitors all e-mail traffic and flags up those containing suspicious images, but also one that automates the organisation’s response – such as an e-mail citing the suspected breach of the usage policy.

By automating the process and taking a non-invasive approach, organisations can enforce the acceptable usage policy and drastically reduce the volume of pornographic images and videos in the workplace. In turn, they’ll safeguard the brand and ensure a harmonious workplace.

Escalating pornography risk

For too long the ‘porn in the office’ issue has been the Elephant in the Room: a genuine corporate concern, but one which organisations had no idea how to address and, hence, it’s an area many hav just ignored.

Organisations know it’s not feasible to adopt a Draconian stance and block all images. That would inevitably compromise genuine business activity. However, without a viable, cost-effective way of checking for image content, organisations have essentially ignored the issue of employee use of the corporate network for the distribution of porn.

Today, the risk is now simply too great to ignore. A recent survey by The Fawcett Society found that 20% (one fifth) of men questioned admitted to accessing pornographic material within the workplace.

This is an issue that will continue to escalate. Given today’s high-speed information lines, burgeoning hard disk drives, cameras with chip cards and the prevalence of mobile phones with cameras, individuals can now access and store vast quantities of images and videos.

What’s more, they’re increasingly using a range of legitimate communication tools, including e-mail, to easily propagate this material across both internal and external networks.

With each email containing the company name in the sign-off, the potential brand damage associated with the dissemination of pornographic material outside the organisation is pretty significant.

As the volume of activity increases, so too does the security risk. Certainly the recent investigation of 100 employees at the Environment Agency who were found sending pornographic e-mails has highlighted the very costly fall out from the problem of inappropriate sexual material in the office.

From brand damage to the risk of litigation and the Human Resources (HR) cost of handling disciplinary hearings, the implications of employee use of porn are fast taking centre stage.

Duty of Care in the workplace

This issue is a Board-level concern. Under the Protection from Harassment Act 1997, employers have a legal obligation to prove they’re taking all reasonable practical measures to protect staff from inappropriate material.

Companies and individual executives can also face criminal prosecution if employees are found using the company’s IT infrastructure to distribute porn, or they fail to prevent employees from downloading child pornography within the workplace.

If organisations want to reduce the security risk associated with employee access to porn it’s essential to be able to identify those images and videos that contain pornographic material.

However, given the incidence of pornographic material within the business, organisations also need a way of managing this problem without requiring face-to-face employee confrontation or expensive HR Department reviews.

This is key: organisations do not want to lose good, productive employees as a result of their misuse of the corporate network. Instead, they are looking for a solution that reduces the prevalence of porn while at the same time reinforcing the acceptable usage policy without the need for reviews, punishments or fines.

Automated solutions: non-confrontational approaches

This non-confrontational approach can be achieved by using an e-mail monitoring tool that will not only monitor activity but can also be set to automatically respond to the activity in a variety of ways.

These range from simply blocking the image to automatically informing both sender and recipient(s) that the acceptable usage policy has been breached, with the e-mail including the relevant policy clause.

Using this approach, organisations have no need to mention porn or even inappropriate material within the e-mail warning – the users will know what was contained in the image.

By demonstrating an awareness of the activity and a willingness to take action, the organisation will rapidly see a reduction in the abuse of the network in this way as employees change behaviour.

Critically, there’s no need for uncomfortable discussions or punitive activity. The business has the information required to take the steps it deems appropriate to address this behaviour and, with real-time monitoring in place, can demonstrate it has taken all reasonable steps to create a harmonious workplace and safeguard employees.

Home and office: merger complete

The merging of the home/office world is complete. From personal e-mails to social networking and downloading porn, individuals will continue to exploit the corporate network for personal use if and when they can. If ignored, the problem can only worsen.

Few organisations would expect to ban porn. Instead, they can leverage technology to ensure that employees recognise the difference between appropriate and inappropriate behaviour in the workplace. They can also gently enforce the acceptable usage policy to mitigate the business risks associated with the existence of pornographic material on the network.

Critically, it’s about leveraging a dispassionate technology solution to achieve a non-confrontational approach to imposing control over the corporate environment.

By automating the identification of material and notification of the relevant employees, organisations can take control of this serious security issue.

With the right tools in place, firms can meet their Duty of Care to employees by taking every possible step to minimise unwanted exposure to this material either through malicious intent or humour, drive down the volume of activity on the corporate network and, critically, safeguard brand value.

Andrew Millington is managing director of Exclaimer Image Analyzer

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments