Organizational Aspects of Cyberloafing

Organizational Aspects of Cyberloafing

Elisa Bortolani (University of Verona, Italy) and Giuseppe Favretto (University of Verona, Italy)
DOI: 10.4018/978-1-60566-026-4.ch467
OnDemand PDF Download:
$37.50

Abstract

The introduction of new technologies at workplaces causes the emergence of new organizational productivity threats. These threats are both inside and outside the organizations themselves. More often, organizations regret1 programming and administrative errors; system and technical failures; sabotages; unauthorized accesses; disruption, manipulation, or loss of data and programs, not due to cyber-criminality (intrusions, employees’ disloyalty, etc.); widespread virus; and issues caused by wireless devices. External threats, on the other hand, are more related to natural catastrophes (flooding, earthquakes, etc.), fires, industrial espionage, cyber-criminality, viruses, unfair competition, and physical damages to structures. It is necessary for organizations to protect themselves from both intrusion attempts and employees’ technology misuse. A United States survey2 revealed that 35% of companies interviewed about suffered attacks in 2004 said that the prevalence was from insiders; on the other hand, only 26% revealed a prevalence of outsider attacks. Compared to the previous year, the trend was inverted. In 2003, in fact, insider attacks were around 14% and outsider attacks were about 23%. This, it is possible to think that insider threats will become more and more frequent and dangerous. According to Radcliff (2004), internal data thefts are estimated to be 75% of total data thefts. An employee, for example, can copy and misappropriate a customer’s database before passing it to the competitors. Another possible scenario is referred to as waste of efficiency caused by business e-mail abuse or Internet access misuse. The FBI’s Computer Crime Squad affirms that it is not necessary to blame corrupt or vindictive employees for all intrusion issues. Many problems, in fact, can be traced back to an improper use of IT business resources. Actually, for example, many companies that had put up with employees surfing the Internet for non-work-related activities for years now regretted Internet misuse, characterized by pornography, mp3, and illegal software downloading. More than this, illicit software downloading and surfing insecure sites allow virus and malware introduction. This software, if installed on strategic machines, can make the company vulnerable. And so, costs are not limited to loss of business resources (e.g., working time), but are also related to damages caused by illicit and careless online employees’ activities. If, on one hand, the opportunity to work online helps in increasing several organizations’ productivity (Anandarajan, Simmers, & Igbaria, 2000), on the other hand it causes an addition in number and level of risks. So, a lot of Internet access issues are related to information download (copyrighted software, offensive material, infected files, etc.), but the loss of productivity related to this habit does not seem secondary. In other words, without leaving their desks and without social control risk, the employees may, more easily than in the past, give themselves up to surfing the Net for non-work-related purposes.
Chapter Preview
Top

Introduction

The introduction of new technologies at workplaces causes the emergence of new organizational productivity threats. These threats are both inside and outside the organizations themselves. More often, organizations regret1 programming and administrative errors; system and technical failures; sabotages; unauthorized accesses; disruption, manipulation, or loss of data and programs, not due to cyber-criminality (intrusions, employees’ disloyalty, etc.); widespread virus; and issues caused by wireless devices. External threats, on the other hand, are more related to natural catastrophes (flooding, earthquakes, etc.), fires, industrial espionage, cyber-criminality, viruses, unfair competition, and physical damages to structures.

It is necessary for organizations to protect themselves from both intrusion attempts and employees’ technology misuse. A United States survey2 revealed that 35% of companies interviewed about suffered attacks in 2004 said that the prevalence was from insiders; on the other hand, only 26% revealed a prevalence of outsider attacks. Compared to the previous year, the trend was inverted. In 2003, in fact, insider attacks were around 14% and outsider attacks were about 23%. This, it is possible to think that insider threats will become more and more frequent and dangerous.

According to Radcliff (2004), internal data thefts are estimated to be 75% of total data thefts. An employee, for example, can copy and misappropriate a customer’s database before passing it to the competitors. Another possible scenario is referred to as waste of efficiency caused by business e-mail abuse or Internet access misuse.

The FBI’s Computer Crime Squad affirms that it is not necessary to blame corrupt or vindictive employees for all intrusion issues. Many problems, in fact, can be traced back to an improper use of IT business resources. Actually, for example, many companies that had put up with employees surfing the Internet for non-work-related activities for years now regretted Internet misuse, characterized by pornography, mp3, and illegal software downloading.

More than this, illicit software downloading and surfing insecure sites allow virus and malware introduction. This software, if installed on strategic machines, can make the company vulnerable. And so, costs are not limited to loss of business resources (e.g., working time), but are also related to damages caused by illicit and careless online employees’ activities.

If, on one hand, the opportunity to work online helps in increasing several organizations’ productivity (Anandarajan, Simmers, & Igbaria, 2000), on the other hand it causes an addition in number and level of risks. So, a lot of Internet access issues are related to information download (copyrighted software, offensive material, infected files, etc.), but the loss of productivity related to this habit does not seem secondary. In other words, without leaving their desks and without social control risk, the employees may, more easily than in the past, give themselves up to surfing the Net for non-work-related purposes.

Some years ago, a U.S. survey affirmed that 30-40% of daily business Internet traffic was attributed to surfing the Net for personal purposes.3 In another research, carried out in 2001,4 51% of Italian employees affirmed access to non-work-related sites — more than English (44%), German (41%), and French (29%). And finally, another U.S. survey5 shows that the average time spent online by respondents who admitted to using the Internet for personal purposes (58%) is about three-and-a-half hours per week.

Despite many people already having Internet access at home, about half of all online shopping and 70% of the global pornographic traffic6 are registered during working time.7 The favorite activities for surfing the Net are: holiday booking (52%), culture (42%), hobbies (41%), shopping (28%), sports (30%), and job searching.

The average user spends about two hours per day online, and 31% is for non-work-related surfing.8 Seventy percent of employees admit either visiting “for adult” sites or sending personal e-mails during work time, 64% also send offensive or politically incorrect messages, and 57% admit surfing online decreases their own productivity.

Key Terms in this Chapter

Social Control: Mechanism, present in all societies, that regulates individual behavior to lead to conformity with social rules. This mechanism — including the influence of family, moral values, beliefs, and so forth — aims to guarantee social order.

Theory of Reasoned Action (TRA): Model theorized by Fishbein and Ajzen (1975) that says human behavior springs from intensions and that these intensions are shaped by positive or negative attitudes towards something. This theory focuses on three components: individual attitude, reference group influence, and subjective propensity to allow that external influences may affect one’s own choices.

Policy: A set of behavioral and procedural written rules that a company drafts as guidelines for its employees.

Netiquette: A set of non-written behavioral rules developed by the Internet community to facilitate social interactions and avoid reproaches.

Monitoring Software: Software used by employers to record computer activities of their employees; examples include e-mail, chat, instant messaging, and visited Web sites.

Job Satisfaction: The pleasure feeling derived from one’s own job and from the fact that the job meets some personal needs.

Job Redesign: Process that aims to reorganize the elements of work to enrich the job and to allow an employee to best match with the job.

Complete Chapter List

Search this Book:
Reset