Should I allow personal email at work?

We currently ban staff from accessing external email accounts such as Hotmail and Yahoo for security reasons and fear of virus attacks. Staff would like this ban lifted and I don’t object if it’s safe and in their own time. Is it still a threat or can I safely grant them another privilege?

Free guides

Editor's Choice

A. John Coulthard of Microsoft writes:

You’re right to be cautious about staff using the internet for non-work related activities. Although the leading web-based email accounts have in place safeguards such as anti-virus scanning to protect users, employees’ personal internet use can expose you unnecessarily to a number of risks. For instance, when workers are surfing the web, site operators leave data on their computer and destructive code can enter the system through the web browser.

However, being able to use the internet at work for legitimate personal activities, such as shopping and research, is a genuine benefit and implementing draconian censorship can run contrary to your culture of trust. It is important to find a sensible balance between risk and restriction.

The technical solution is to restrict user access to the internet. For example, it is possible to put a time lock on nonbusiness sites or completely restrict access to pornographic sites. These programs, such as Microsoft’s Internet Security and Acceleration Server or SurfControl, keep track of which websites individual workers are visiting and serves as an effective deterrent against viewing inappropriate web content.

Whether you feel the need to make use of this technology or not, all companies should also have in place a policy to govern internet use. This should cover:

• Whether and when employees are allowed to browse the web for personal use as well as business purposes

• If and how the company monitors web use and what level of privacy employees can expect

• Web-based activity that is not allowed. Spell out unacceptable behaviour in detail. In many companies this includes: downloading offensive content and copyrighted material, threatening or violent behaviour, illegal activities, and online gaming

• The consequences of breaching the policy

Once you’ve agreed on your policy, provide two copies to employees – one for them to keep and another for them to sign and return to you. It goes without saying your systems should also be protected by anti-virus software and a firewall (a secure ring around your IT systems to keep out intruders and malicious code).

Once you have all necessary safeguards in place, I see no real reason to forbid staff from accessing trusted and reputable sites in their own time.