With one in five men admitting to accessing porn at work, organisations know they are sitting on a potential time bomb. While accessing porn is not illegal – unless it is explicit – the risks associated with brand damage and employee harassment litigation are significant, says Andrew Millington.
No organisation can impose an outright ban on downloading of images or videos in the workplace. Yet without any controls in place, employees will continue to abuse the corporate network, regardless of any acceptable usage policy. Furthermore, no line manager relishes the task of chastising a top sales person for their use of porn; nor does the business want to risk losing a number of valuable employees as a result of their inappropriate behaviour.
It is therefore essential to put in place a tool that not only monitors all email and flags up those containing suspicious images but also automates the organisation's response – such as an email citing the suspected breach of the usage policy.
By automating the process and taking a non-invasive approach, organisations can enforce the acceptable usage policy and drastically reduce the volume of pornographic images and videos in the workplace, safeguarding the brand and ensuring a harmonious workplace.
Escalating pornography risk
For too long the 'porn in the office' issue has been the elephant in the room: a genuine corporate concern but one which organisations had no idea how to address and hence have just ignored. Organisations know it is not feasible to take a draconian approach and block all images – it compromises genuine business activity. But without a viable, cost effective way of checking for image content, organisations have essentially ignored the issue of employee use of the corporate network for the distribution of porn.
However, with the rapid growth in activity, the risk is now simply too great to ignore. A recent survey by The Fawcett Society found that 20% (one fifth) of men questioned admitted to accessing pornographic material within the workplace. And this is an issue that will continue to grow: with today’s high-speed lines, larger hard disk drives, cameras with chip cards and the prevalence of mobile phones with cameras, individuals can now access and store vast quantities of images and videos.
They are also increasingly using a range of legitimate communication tools, including email, to easily propagate this material across both internal and external networks. Yet with each email containing the company name in the sign off, the potential brand damage associated with the dissemination of pornographic material outside the organisation is significant.
As the volume of activity increases, so does the security risk. Certainly the recent investigation of 100 employees at the Environment Agency who were found sending pornographic emails has highlighted the very costly fallout of the problem of inappropriate sexual material in the office. From brand damage to the risk of litigation and the HR cost of handling disciplinary hearings, the implications of employee use of porn are fast taking centre stage.
Duty of care
The issue is a board-level concern. Under the Protection from Harassment Act 1997, employers have a legal obligation to prove they are taking all reasonable practical measures to protect staff from inappropriate material. Companies and individual executives can also face criminal prosecution if employees are found using the company’s IT infrastructure to distribute porn, or they fail to prevent employees from downloading child pornography into the workplace.
If organisations want to reduce the security risk associated with employee access to porn it is essential to be able to identify those images and videos that contain pornographic material. However, given the incidence of pornographic material within the business, organisations also need a way of managing this problem without requiring face-to-face employee confrontation or expensive HR reviews.
And this is key: organisations do not want to lose good, productive employees as a result of their misuse of the corporate network. Instead, they are looking for a solution that reduces the prevalence of porn and reinforces the acceptable usage policy without the need for reviews, punishments or fines.
This non-confrontational approach can be achieved by using an email monitoring tool that will not only monitor activity but can also be set to automatically respond to the activity in a variety of ways. These range from simply blocking the image to automatically informing both sender and recipient(s) that the acceptable usage policy has been breached, with the email including the relevant policy clause.
With this approach, organisations have no need to mention porn or even inappropriate material within the email warning – the users will know what was contained in the image. By demonstrating an awareness of the activity and a willingness to take action, the organisation will rapidly see a reduction in the abuse of the network in this way as employees change behaviour.
Critically, there is no need for uncomfortable discussions or punitive activity. The business has the information required to take the steps it deems appropriate to address this behaviour and, with real-time monitoring in place, can demonstrate it has taken all reasonable steps to create a harmonious workplace and safeguard employees.
The merging of the home/office world is complete. From personal emails to social networking and downloading porn, individuals will continue to exploit the corporate network for personal use if they can. And the problem can only get worse if left unaddressed.
Few organisations would expect to ban porn. Instead, they can leverage technology to ensure that employees recognise the difference between appropriate and inappropriate behaviour in the workplace; and gently enforce the acceptable usage policy to mitigate the business risks associated with the existence of pornographic material on the network. Critically, it is about leveraging a dispassionate technology solution to achieve a non-confrontational approach to imposing control over the corporate environment.
By automating the identification of material and notification of the relevant employees, organisations can take control of this serious security issue. With the right tools in place, organisations can meet the duty of care to employees by taking every possible step to minimise unwanted exposure to this material either through malicious intent or humour, drive down the volume of activity on the corporate network and, critically, safeguard brand value.
Andrew Millington is managing director of Exclaimer Image Analyzer