FREDERICK, Md. — The boss is definitely watching, but employees do it anyway: e-mail a friend, snag an Internet bargain, check a team’s Web site.
Sure, it’s against the rules, but everyone seems to do it.
Micheal T. Stratton says it’s because employers haven’t found a balance between computer security and human nature.
Mr. Stratton, an assistant professor of management at Hood College, in Frederick, studied a municipal government in the Northeast where management edicts, electronic monitoring and mandatory training failed to stop workers’ personal Web use. Over the course of 12 months in 2005 and 2006, the workers, who received no punishment for violating the policy, felt less and less guilty about transgressions and increasingly incensed when their access to favorite sites was blocked.
“In this particular organization, it seemed to be this cat-and-mouse game, where the information technology department was chasing users constantly,” said Mr. Stratton, who wrote his doctoral dissertation on the project. He is now polishing a paper about it for publication in an academic journal and writing a chapter about his findings for the scholarly book series “Research on Emotions in Organizations.”
Little research has been conducted on the effectiveness of electronic monitoring in curbing cyber-loafing, though 76 percent of companies monitor workers’ Web use, according to a survey by the American Management Association in New York and the EPolicy Institute in Columbus, Ohio.
During Mr. Stratton’s research, he was told by one of the organization’s information technology workers that managers were the worst abusers of the rule against personal Web use.
Some frustrated employees told him they took work home so they could visit Web sites critical to their projects that had been blocked at work.
Mr. Stratton said these “toxic consequences” stemmed from an overly restrictive policy that deemed any personal Web use improper and yet was not enforced. He also said the organization hadn’t recognized how much its workers depended on computers for communication.
“Once they step in that door at work, they don’t leave their personal lives behind,” Mr. Stratton said. So if workers felt inclined to e-mail a spouse, check out a “Survivor” contestant or pass on a joke electronically, they did — and felt justified.
“The way I look at it, they’re getting their money’s worth out of me,” one employee said. “And if I’m going to spend five minutes doing something that’s not work-related, I’m not going to feel guilty about it.”
One of the 49 employees Mr. Stratton interviewed likened his favorite Web sites to a plate of cookies that management shouldn’t have put in front of him if he wasn’t allowed to eat them. Another said there was such broad, tacit acceptance of personal Web use that “it’s just human nature around here.”
Mr. Stratton acknowledged that employers have sound reasons for trying to limit such activity. Viruses, security breaches and lawsuits are threats that cannot be ignored, and some material on the Internet is illegal or inappropriate for the workplace.
Much personal Web use is unproductive. A 2005 survey by America Online and Salary.com found that 45 percent of workers cited Web surfing as their main time-wasting activity, topping all other ways of goofing off.
Mr. Stratton said employers could safeguard their systems and keep workers happy by enforcing policies that allow for some personal Web use that doesn’t put the organization at risk. For example, companies could install Web-enabled computers separate from their internal network for use during employee breaks.
Training should be geared toward making employees feel like “security stewards,” not like children who cannot be trusted, Mr. Stratton said. The message: “You have a role to play as employees in protecting the data.”
Nancy Flynn, executive director of the EPolicy Institute, agreed that more and better training is needed. The organization’s 2006 survey on workplace e-mail, instant messaging and blogging found that although 76 percent of employers had a written policy regarding e-mail use and content, just 42 percent formally trained workers on the risks of violating it.
“I train all over the United States and the world, and the common reaction from people in my classes is, ‘I had no idea that sending an inappropriate e-mail message could trigger litigation,’ ” Mrs. Flynn said.
She said employers have learned that they cannot enforce a total ban on personal Web use, but they can and should write policies specifying what personal Web use is allowed, then enforce it.
“A policy is a policy and you don’t intentionally violate it,” she said. “What employees need to understand, and this is where employers have dropped the ball, is that a computer system is the property of the employer. Employees have no business transmitting personal e-mail using the company’s computer system unless the company allows it.”