A Commonsense Approach to Internet Behavior in the Workplace

By Christiana Christofides

Internet usage in the workplace is a common and unavoidable practice by company employees. Answering email, surfing the web, checking Facebook, playing fantasy football, or even updating a web page or blog all seem like harmless acts.

As the gap between how public and private information is defined shrinks with every technological advance, self-responsibility and awareness education on safe Internet use will become increasingly important.

The current information available on Internet usage in the workplace is laden with legal concepts, such as privacy rights and employee/employer rights. Based on all of the information available, it seems that employees would be more savvy and aware of the consequences of Internet use in the workplace. You don’t have to be a lawyer or a computer expert to protect yourself from the watchful eye of the information technology (IT) department, Internet service provider (ISP), or your employer. Yet employees still use the Internet in an inappropriate manner and on company time, risking their jobs, social embarrassment, and future potential. This article will inform you of some of the potential pitfalls of using the Internet for personal reasons at the workplace and provide a helpful, commonsense approach to avoiding these dangers.

There is no expectation of privacy at work, so be careful where you surf

Internet users feel safe, masked under their username and passwords. They believe the Internet doesn’t have any windows and no one can see what they are doing. Who can possibly tell that “sexygurl666” just hopped on eBay to check the status of a few items in her watch list? She didn’t place a bid; she just wanted to see how many hours were left in the auction. The relative harm in this action seems low. For example, you visit the South Park website to buy your husband an Eric Cartman doll that spews inappropriate remarks. The doll is meant to be a joke.

The head of IT at your company comes across your Internet activity during a routine check of your system. He is patently offended by the Cartman doll, assumes you must be a bigot, and reports his findings to your boss. At this point, it is difficult to predict what might happen next, but it is safe to assume that you will be asked questions. Your relationship with the head of IT may be strained for some time, and you will have to endure the whispers and stares from people who know what happened. You may or may not lose your job for using the workplace to do your Internet shopping, but you will likely be embarrassed, and you may be monitored more closely for future perceived indiscretions.

Employers have the right to monitor your Internet activities in the workplace. Your computer and your ISP connection are owned and controlled by that company. There are no expectations of privacy for the employee, and he or she may be liable to the employer for any online activity that violates the company’s policies. It is very easy to explain this concept to employees, yet this doesn’t seem to curb the amount of non-work-related Internet activity occurring in the workplace. Nevertheless, employees should not engage in online activity during office hours on office equipment. This is the only fail-safe option in avoiding out-of-context mishaps such as the Cartman doll example and protecting your own personal activities on the Internet.

The Internet will not hide your true identity

The Internet creates a fascinating dichotomy in user behavior. On the one hand, Internet users post information, chat, and surf the web from the comfort of their homes or offices in total privacy. On the other hand, the information is sent to a highly public domain which can be accessed by anyone at anytime. There are some web pages such as Facebook and blogs that restrict access to only a few individuals, but for the purpose of this article, we will assume that most employees visit public Internet sites.

Internet users are not cloaked in anonymity. Each computer in your office can be monitored by several entities. A company’s IT department can monitor incoming and outgoing Internet traffic for each user. In addition, an ISP also logs Internet traffic and can provide those records as well, usually pursuant to a court order or subpoena. This also holds true for your personal ISP provider that services your home computer. How do you think they catch Internet child pornography violators? Some companies use web filtering software to block employees’ access to unsavory websites, but one can still get caught sending personal email and shopping online.

Little text files, called “cookies,” hold information on the times and dates you have visited websites. Other information can also be saved to your hard drive in these text files, including information about online purchases and validation information about you for members-only websites. Since the cookies are saved on your computer, the IT department or your employer can access these sweet morsels at any time.

Imagine your computer is a telephone line, which is one of many in your office, and the IT department is the switchboard that can pick up any line at any time and listen in on your conversation. At the office, this conversation is your Internet surfing activity. As you click seamlessly from one page to the next, your entire activity can be watched by your employer. Your username and computer password will only protect you from other users of the same public domain sites, but not from the “mother ship.”

A commonsense approach to employee Internet use at the workplace

Don’t use the Internet during office hours for anything other than emergencies.

Personal emergencies are almost never transmitted over the Internet, so it is an unlikely excuse for Internet searching. If your child is ill, or your bank account is overdrawn, you are more likely to get a phone call than an email. However, if you must conduct personal business during the workday, don’t make a habit of it. Random emergencies every now and then are more reasonable that an activity that happens every week.

Use your lunch hour and breaks to surf the web or conduct personal business.

Office computers may record the Internet activities of employees, but they will also record the time in which employees conducted non-work-related Internet activity. It is reasonable to assume that employees can use their lunch hour and breaks to conduct personal business on the Internet. An employee has the freedom to run to the mall or the bank during lunch, whether it is in a car or with the click of the mouse. However, companies are addressing Internet usage more and more, and this still may run afoul of employee conduct guidelines. Check your employee handbook or consult with a supervisor about proper use of the Internet at work for personal needs.

Use your own personal Internet-ready devices at work.

If you must check your friends’ Facebook status updates every couple of hours or engage in any other unnecessary Internet behavior during office hours, then use your own personal Internet-ready mobile phone or similar device to do so. You will always have a higher expectation of privacy using your own personal device than your office computer or work phone. Your employer will also have no way to monitor or track the activity on your personal phone. However, if your employer provided you with the phone and pays the monthly bill, then that phone does not belong to you and you should be careful how much personal activity you engage in and the information you store on it. It is always best to carry an additional phone for personal use only and keep your work phone dedicated to work-related activities. Your supervisor or manager cannot seize your personal phone, but he or she may be able to access the phone if it is owned by the company.

Your identity can be tracked by your employer during work hours.

Assume that your Internet activities are monitored and that your identity can be revealed. The IT department may not know who “sexygurl666” is, but they know which computer that username logged in to. It may be overly simplistic advice, but never visit Internet sites that you would not want your boss to see. Visiting pornography, politically charged, or radically alternative websites (such as How to Make a Bomb Using Simple Office Supplies) are never justified and are the easiest to avoid. But what if you work for the Heritage Foundation, a conservative think-tank, and you often peruse liberal websites for your own personal pleasure that hold political ideologies in direct conflict with your employer? Unless you are willing to risk that your employer may take your Internet browsing out of context, don’t visit any websites that may be questionable. Wait until you are in private to locate the information on a personal computer or on an Internet-ready mobile device.

Don’t visit personal web pages or sites during work.

Avoid visiting personal web pages, such as blogs, during office hours. Employers may find the name of your blog and decide to visit. Most blogs are maintained for personal use and bloggers often write about their thoughts and feelings. Your blog may contain some unsavory comments concerning a boss or coworker, or opinions that they would find objectionable. Accessing your blog from the office may provide fodder for an inquisitive employer or curious coworker. Several unintended consequences may result: an employee could lose her job, or worse, be sued for defamation if the comments attacked the employer’s business reputation or inaccurately portrayed an employer or a coworker. Your blog comments may also be taken out of context or misconstrued, which can lead to unsavory office gossip or unfair attacks on your character. Be sure to filter whatever you might post to a blog or comment page, and try to mask your identity using an avatar or alias. However, keep in mind that an old-fashioned paper diary, tucked safely under your bed at home, is the only choice for writing down really heated feelings or opinions.

Disable automatic logons.

If you set a computer to allow automatic logon or enable “remember me” functions, the username and password information is stored within the computer’s registry and anyone who can physically gain access to the computer at work will be able to see your personal information. The specific registry key that stores your logon information is also remotely readable by authenticated users, so anyone in the office who has this security clearance can access your information. For example, you might be automatically logged into Facebook at work because you clicked on the “remember me” automatic logon option on Facebook’s homepage. You should disable this function immediately unless you want to make your Facebook page available to everyone with access to your computer. You should only use automatic logon settings if the computer is physically secured in a locked office and the authenticated users are people you trust.

Christiana Christofides (christiana.christofides@ttu.edu) is a PhD student in the technical communication and rhetoric program at Texas Tech University. Christiana received a JD from Indiana University School of Law in 2002 and briefly practiced law prior to pursuing a career in academia.