In a San Francisco research department, 10 people are spending another eight-hour day looking at violent, illegal, sexually explicit and just plain frivolous internet pages.

The researchers in question aren't hackers, slackers or criminals - they work for a company called WebSense, which supplies internet filtering software. The results of their work - a list of 500,000 web addresses - are sold to scores of corporate customers across the globe who want to keep their internal networks safe. From their own employees.

It's a safeguard that seems to be genuinely required, if recent figures from media researcher Nielsen are anything to go by. It found that the online edition of Penthouse magazine was recently called up more than 5000 times by employees at IBM, AT&T and Hewlett Packard.

Personal surfing - whether it's just for a holiday, or for more venal purposes - costs US companies as much as $200m a year, according to the American Management Association. It can also clog networks, and increase the risk of private information sneaking out through the firewall or potentially actionable material sneaking in.

Non-business surfing
When internet stockbroker Charles Schwab first launched its web services, the company chose not to implement employee monitoring, wishing to treat its workers as adults. That ideal lasted as long as the pilot project - during which the company noticed that a significant proportion of network traffic was for non-business surfing.

"Given the potential bandwidth risks and the growing number of people in the company with web access, we needed more structure," says Dawn Lepore, the company's chief information officer.

The company bought the Smartfilter proxy server software, which not only monitors the volume of network traffic but can also identify the internal internet protocol address from which traffic originates, the web addresses accessed from there, and the time spent browsing. This allows managers to identify abusers of the system, notify them and, if necessary, alert their managers.

As soon as employees heard of the new measures, the US firm achieved its desired result. "We have yielded a substantial decrease in the volume of non-business browsing on the system," says Lepore.

The percentage of UK companies monitoring employee internet activity has jumped from 17 per cent to more than 45 per cent in the past three years, according to the Institute of Personnel.

Thomas Cook Holidays is one recent convert. Last month it rolled out Surfcontrol, which allows it to pull up weekly reports detailing every site visited by each employee in the company.

Salacious content is actively blocked, but most content is merely monitored, with information then passed on to department managers. "We don't want to be too Draconian," says Russell Goodman, the company's network service engineer. "It's up to the individual manager to decide how lenient to be."

But even blocking technology can make a mistake, as Goodman discovered. "This morning we found a hotel website that was flagged as pornography by the software," he says. If actively blocked, that kind of mistake could cause real problems for the company.

Although Thomas Cook has not experienced major problems with downloaded porn, there have been instances of time-wasting. "We did see one of the managers looking at the S Club 7 website this morning," he says.

Other companies have had more serious problems than staff with a penchant for teen band websites.

US-based Citibank was sued for $2m over employees downloading pornography from the internet, while three other major US companies have faced lawsuits for racial harassment in similar circumstances.

It's not just internet surfing that needs monitoring. Email can also be a real headache for businesses. At UK supermarket chain Asda, an internal email suggesting that a policeman who complained about a faulty product was lying resulted in court action.

In the US, petrol company Chevron paid out £1.3m after being sued for sexual harassment by a female employee who found sexist jokes on the company email system.

How to avoid such problems
Discovering such material in your organisation is possible through the use of internet access control systems. These tools can be installed on individual desktops, monitoring every keystroke, or on a server, where they track network usage, searching for traffic that meets pre-defined conditions - including forbidden web addresses, a file type or specific text within an email.

Spending on such software is growing by 53 per cent annually, according to researcher IDC. It predicts that corporate spending on internet access control technology will reach $260m in 2003, compared with $31m in 1998.

"Corporations will increasingly use these products to block and filter access to improve productivity, conserve network bandwidth, and limit legal liability," says analyst Chris Christiansen.

Most corporate lawyers believe the trend is a good one, because employers can be held liable both for the emails employees send to one another and for their outbound messages.

"Companies are daft if they give someone an expensive piece of equipment and then don't monitor what it's used for," says Heather Rowe, a partner with law firm Lovell White Durrant.

"Where an employee carries out illegal activity on a company network, the company is equally liable. Employers must take reasonable steps to prevent such activity to limit their own liability."

Companies should begin by drawing up a code of practice covering internet and email communications. "If companies have any sense, they will make the code part of the contract of employment," she says.

This does not remove the need for active monitoring, however, which Rowe believes should be a given in today's business world. "I cannot believe that any employee would be cretinous enough to think that they're not being monitored," she adds.

Monitoring internet use
Many companies, however, are still unsure about exactly which product to use or its potential. "Clients are all talking about wanting and needing to monitor internet use," says Bruce Guptill, ecommerce research director at analyst Gartner. "But too many companies still don't know how to deal with it."

Using surveillance software has other benefits, especially as a support tool when files inexplicably disappear. "If support staff can see exactly what was done, it removes the need for the user to understand that level of technology and the problem can be solved more quickly," says Andy Mulholland, technology markets director with consultant Cap Gemini Ernst & Young, a firm which has been using surveillance software for three years.

"With more people working remotely, it is important that the company can see when tasks are not being completed on time, so that it can help," he adds.

Employee monitoring doesn't always require companies to buy new products. Some common Lan applications such as Novell's Netware or Microsoft's Lan can easily be converted into desktop monitoring tools.

In addition, Winwatch Professional incorporates functionality that allows network administrators to view an employee's screen in real time, scan data files, analyse keystroke performance and overwrite passwords.