It’s almost an accepted fact of life that employees will use their office computers for some personal Internet surfing – checking sports sites, logging onto home e-mails and shopping – but supervisors must still try to minimize this drain on productivity. Now a government report about an employee’s computer abuse at Florida’s child welfare department shows just how difficult this task is, and the damage that can be done when an agency doesn’t watch carefully enough.
The report released last month was prompted by the case of Al Zimmerman, press secretary for the Florida Department of Children and Families, who was arrested in February and fired for allegedly using department computers to traffic in child pornography.
The agency’s inspector general (IG) reviewed the department’s technology policies and found what might be true at a lot of public and private youth-serving agencies: The department didn’t enforce its own rules on monitoring employees’ computer use and didn’t conduct criminal history checks on some workers.
Here’s one reason that agencies might be reluctant to do everything they can: According to the report, installing better monitoring equipment for department computers could cost from $106,000 to $1.8 million, with another $50,000 to $100,000 each year to run and maintain the systems.
Is this what it takes to monitor employees now? What about the kids, for whom Internet use is a cornerstone of participation in many programs?
We asked some youth-serving agencies how they try to control Internet use, and got a variety of answers. We got many useful responses that we couldn’t fit here. To see some, or to share your own ideas, go to the comment section.
Bonnie Brae, a Liberty Corner, N.J., nonprofit that provides residential services for about 100 troubled boys, monitors electronic communications by employees and youths, in part to help it comply with government regulations. Bill Wraight, information technology manager at the 200-employee organization, uses SurfControl Web Filtering, a product by Websense that costs $771 a year for a 50-user license subscription.
The software, which resides on the server, filters all Web and e-mail data and allows Wraight to globally block Web sites according to Bonnie Brae’s “disallow” rules. Workers and kids can’t get to sites with sexually explicit, violent or otherwise inappropriate content.
At the same time, up to 50 employees at any given time are monitored, with Internet/e-mail usage reports generated for supervisors, who can take disciplinary action against violators.
“We don’t monitor all 200 employees at the same time; we only can monitor up to 50,” Wraight said. No one knows if he is being watched, although certain employees under suspicion are monitored all the time. All new hires sign a detailed document that outlines usage rules, he said.
But Wraight knows the system isn’t foolproof. “For example,” he said in an e-mail after an interview, “a pornographic Web site released today that has not been categorized would be accessible and, if done so by a user who is not monitored, a record of that bad behavior is not recorded.”
One problem in the Florida case, according to the IG report, was that some department sites used a variety of monitoring tools, including Bluecoat, one of the more well-known systems, but global solutions were unevenly deployed.
Youth Beat the System
Even agencies that control online behavior by staffers are less successful with tech-savvy youth who can get around some filters. That’s what sometimes happens at Children’s Village, which provides multiple services for at-risk youth, including for some 300 residents at its campus in Dobbs Ferry, N.Y.
If it didn’t control the youths’ Web activity, noted Information Technology Director Jeffrey L. Tischler, Children’s Village “might get sued. We don’t have a choice.”
At the same time, he said, “we’re in a combined business environment and social welfare environment, and we try to give the kids Internet access.” The agency tries “to apply the same content-filtering standards to them as we do to us [employees].”
Tischler said he’s become increasingly frustrated with the SonicWALL filtering system used by Children’s Village. “We’re finding that the kids can get around it better than our staff can,” he said.
The agency is searching for a more robust solution, looking at iPrism, made by a company called St. Bernard. Even if iPrism is nearly double the $1,200 annual cost of SonicWALL – Tischler estimated the cost at around $2,000 a year, plus a one-time $1,000 hardware charge – he said it would be “worth it to us.”
He said his understaffed work force wastes time tracking down Internet abusers and often just shuts down access for all the kids – an unfair universal punishment for the bad actions of a few.
Trust, but Verify
Others can’t justify the expense of high-tech monitoring gizmos that are inherently fallible. Kelly Shifflett, director of public relations and prevention at Rockbridge Area Community Services, which employs 140 workers and counsels some 1,600 youth and adult clients in four Virginia communities, said her agency takes a “trust and verify” approach. Rockbridge tries to control online mischief with extensive written electronic communications policies.
The technology staff can check who has logged onto computers and can see what workers are viewing online. In addition, Shifflett said, supervisors can undertake “security inspections” of workers’ property, including computers, at any time.
Shifflett said workers must sign off on the work rules annually and are notified of any changes. “No one can assume that any electronic communication [at work] is private,” she said.
One problem in Florida, according to the IG report, was different interpretations of department policy language on whether staff could access personal Web e-mail accounts during non-work hours.
Clear policies and careful management are the best solutions, said Christina Hemmer, the employee learning, development and safety coordinator for Dakota Boys and Girls Ranch, a faith-based program for at-risk youth in Minot, N.D. “The best and most useful thing a company can have is a detailed Internet and e-mail usage policy, and to include this in new employee orientation,” Hemmer said via e-mail.
Technology is not a substitute for oversight, she added. Agencies may be unable or unwilling to restrict the use of personal Web-based e-mail accounts – the very way Zimmerman allegedly perpetrated his activities in Florida.
“Managers need to know what their employees are doing,” Hemmer said. “While computer monitoring seems like a cure, it misses the opportunity for managers to be responsible to manage the work of their employees.”
But Shifflett at Rockbridge noted that as younger generations move into the workplace, having been raised on text messaging and social networking websites like Facebook – which bypass internal controls – neither software nor strict rules may be enough to control inappropriate use of technology.
There is “a looseness in how we handle ourselves that we may have to address a little bit more firmly, just as this generational thing moves through,” she said.