Use Monitoring Software to Catch Bad Electronic Behaviour.

As an employer, you are obligated to create a harassment-free, discrimination-free work environment. You must control sexual harassment. You must prohibit the on-the-job collection and distribution of pornography. And you must prevent use of e-mail as a tool to create an intolerable work environment. Many employers find control is best achieved by monitoring employee e-mail and Internet transmissions.

Don't leave e-risk management to chance. Install monitoring software to review and report on employee e-mail use. Software that flags key words, such as the names of supervisors, competitors, products, and trade secrets, will help you stay one step ahead of employees who may be preparing to grab sensitive information and run. When an "alert" word is used in an employee's e-mail message, the document automatically will be transmitted to a supervisor.

Employers who want to know what employees are thinking as well as writing are turning to a new type of surveillance software that covertly monitors and records every keystroke an employee makes. Let's say a disgruntled employee composed a nasty limerick about the boss, or a frustrated sales executive drafted a go-to-hell memo to a customer. Until now, employees could take comfort in knowing that once they regained composure and hit "delete", their ugly messages would disappear. Employees working in offices with keystroke loggers no longer have that safety net.

With keystroke logger software, all employee keystrokes are stored on the company's hard drive or sent via e-mail to a system administrator to retrieve as necessary. Every letter, every sentence, every comma, every typo, every revision is recorded. The employee's thought process and rough drafts are as accessible to the company as the final product is.

Why would you want to monitor every draft, typos and all? As a deterrent. If employees know you really can read every word they write, they most likely will comply with your directives to use the company's e-mail system strictly for business, and in compliance with your content and cyberlanguage guidelines.

Similarly, your employees probably would be less inclined to surf inappropriate Web sites if they knew their workstation computers were data magnets. If you want to know what your employees have been up to on the Internet, all you need to do is look at their hard drives. Review the most obvious spots first. Pull down the list of sites most recently visited and any favourite sites that have been bookmarked.

Most Internet browsers store a list of sites visited, and some even store actual screen images. Employees who think they are visiting adults-only Web sites secretly may be surprised to learn the boss has the ability to call up and view exact replicas of the naughty pictures the cyberslackers have been looking at on company time. On a network level, software is available to enable network administrators to keep tabs on employees' online activity.

Chapter 4 Recap and E-Action Plan: Putting E-Risk Management to Work.

1. Control e-risks by controlling e-content. Establish and enforce policies that govern the creation and content of e-mail and Internet documents.

2. Consult with your cyberlawyer to determine the best e-mail retention and deletion policy for your company; then implement it consistently. Include an empty mailbox policy for employees. Remember, though, it is illegal to begin a document destruction campaign if pending litigation would be affected by it. So put your retention and deletion policies into place before trouble strikes.

3. Educate your employees. Provide managers and staff with e-scenarios that could affect the well-being of the company and the security of employees' jobs. Follow up with actions employees can take to help limit risks.

4. Keep your eyes open to unusual or suspicious behaviour on the part of employees and outsiders. The adage "better safe than sorry" is never more true than when applied to e-risks.

5. Don't leave e-risk management to chance. Install monitoring and filtering software to control employees' e-mail and Internet activity.