Access Denied!!! Why can’t I email at work?

Can you imagine a place where you can not talk to your friends without a chaperon or tend to personal matters without permission? I can. I call it Hunters Creek Elementary School, but for many others it is called the Office. It’s sad but true: Millions of employees have had their access to personal email and social networking sites cut off.

Almost all corporations monitor e-mail communications; but did you know that nearly half of these companies completely restrict employee access to popular email and social networking sites like Gmail, Hotmail, Facebook and MySpace? There is a good chance you know this from personal experience…you are not alone. As a former corporate worker bee, I can relate to the frustrations shared by millions of people who have found themselves blocked from their personal email and social networking messages in the workplace.

Not all corporations are evil, so why do so many block employee access to external messaging accounts when it is clearly an unpopular policy? The answer may surprise you because “Productivity” is not the reason. Most corporate e-mail and internet policies are predicated on security, legal liability and regulatory concerns. In truth, the decision to restrict access is a prudent business practice.

Let’s look at the security issues first. Unrestricted access to external messaging accounts exposes company computing systems to the threat of viruses and other unwanted intrusions. It only takes one erroneous download to take down a single computer or even worse, an entire network. Even with the best-in-breed anti-virus applications, protecting computers from web downloads is difficult and breaches occur all the time. The bottom line is the cost, time and lost productivity associated with repairing or replacing an infected computer is high and the ROI on granting employee access to personal messages is low.

So what of the legal liabilities? It’s sad, but we live in a litigious society and an offensive message sent from an employee’s computer can result in the company being sued. Furthermore, because it is difficult and expensive to monitor external messaging accounts in real time, any employee can willingly or inadvertently send confidential or proprietary information without the company finding out. Just think of the scenario where a financial analyst sends a message to a friend about a new deal they are working on. It sounds harmless, but in truth, that employee has just passed on insider information and that can result in investor lawsuits, government fines and even criminal charges. By the time the company finds out, the damage has been done. While instances like this are rare, they do happen and many corporations aren’t willing to take the risk just to keep their employees connected.

This brings us to the next major factor: Government regulation. There are many laws and government organizations regulating corporate email security, privacy and document retention practices. At least eight federal agencies and numerous state agencies have authority to enforce these laws, which include: Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, SEC Rule 17A, NASD Rules 3010 & 3110, the USA Patriot Act and the Cyber Security Enhancement Act of 2002. The legal landscape for online messaging is complicated and unclear; however, the fines for violating these rules can be hefty. In February 2006, Morgan Stanley was fined $15 million by the US Security and Exchange Commission for its failure to properly retain email messages, and there are many similar examples.