Good Net Policy Includes Worker Input, Is Flexible

While there is no one-size-fits-all policy for all companies, a good Internet policy should be developed with input from a wide range of employees, experts say. It should spell out activities that are strictly forbidden, but still remain flexible enough to accommodate a variety of circumstances. The consequences for violating a policy--which can range from a warning to immediate dismissal--should be clear.

Consulting firm Arthur Andersen suggests that companies install software that can monitor which employees are using the Internet and how often they are logged on. Then managers can identify workers who are at risk of wasting too much time online.

But companies should also devise ways to measure job productivity independent of Internet use, said Mark Estep, senior manager of Andersen’s Computer Risk Management practice in Portland, Ore. If workers know they are being judged based on performance, they will realize they don’t have time to goof off on the Internet, he said.

The use of filtering software is rising as an element--sometimes the only element--of corporate Internet policies. Some programs, such as CyberSitter from Solid Oak Software in Santa Barbara and X-Stop from Anaheim-based Log-On Data Corp., include a list of thousands of specific Web site addresses that can be made off-limits to employees. Other programs, like Net Nanny from Net Nanny Software International of Vancouver, Canada, block access to sites that contain certain key words. Depending on a company’s policy, off-limit sites can range from those with sexual content to ones with sports scores to places to see stock price updates.

A more dramatic solution would be to install “network computers” instead of PCs on employees’ desktops. Network computers, or NCs, store software and files on a central server instead of on hard drives and are ideal for surfing the World Wide Web. The configuration makes it easier for companies to control how workers can use their computers, said Scott McNealy, chairman and chief executive of Sun Microsystems, the Mountain View company that is pushing NCs as a cheaper alternative to traditional PCs.

The price tag on these measures depends on how extensive the approach a company takes. Filtering programs typically cost between $29.95 and $49.95 per computer. Site licenses, which allow businesses to install programs on multiple computers, can run into the hundreds--even thousands--of dollars, depending on the number of PCs involved.

For about $425, firms like Quality Media Resources of Bellevue, Wash., provide videotapes and handouts that walk companies through the process of writing their own policies, taking into account legal and social issues.

On the other end of the spectrum would be a comprehensive technology risk assessment, which could cost several thousand dollars. Network computers cost a few hundred dollars apiece--far cheaper than PCs--but the price tag for outfitting an entire company could be steep.

No matter how a company decides to regulate employee use of the Internet, Nathan Ainspan, who studies privacy in the workplace at Cornell University’s School for Industrial Labor Relations, recommends soliciting input from employees to increase the likelihood that a policy will be respected.

“It’s like taxation without representation,” he said. “Even if one person is representing employees--like a union--they’re more likely to buy into it.”