By Cheryl Currid

IT'S 10 A.M. DO you know where your users are? The rest of the online world does. Marty in marketing is firing off a barrage of profanity while logged on as martym@yourcompany.com. Over in the next cubicle, alicea@yourcompany.com is transmitting a political hate manifesto that would make the Unabomber cringe. Think Kevin is hard at work on a research project? He's actually perusing X-rated sites and sending sexually explicit e-mail to Alice.

This kind of behavior is going on in even the finest workplaces. A recent Nielsen Media Research survey revealed IBM, AT&T, Apple, NASA and Hewlett-Packard employees visited the online edition of Penthouse magazine thousands of times a month. Compaq Computer recently fired 20 employees for logging more than 1,000 hits apiece on sexually explicit Web sites.

Conduct like this obviously puts a serious crimp in productivity, but there's a potentially more explosive problem: Your company could be held liable for employees" actions. Say a staff member shares pornographic images with a colleague. If that co-worker finds the images offensive, it could result in a sexual harassment suit.

Don't think you're off the hook because this is happening behind your back. If your company provides the Internet access, anything users say or do could be considered company approved. And although federal judges blocked the banning of obscene material from the Internet, child pornography remains a serious crime.

Companies put themselves in jeopardy when they give users Net access. So, at the risk of sounding like a control freak, I'd like to offer a few suggestions.

Distributing a written policy statement specifying that employees should not use company-sponsored e-mail for illegal purposes may provide some legal protection. You don't have to spell out all the possible illegal practices in the statement. In fact, it may be safer not to get specific-if you don't mention a particular misdeed, the courts may conclude you're condoning it. And any computer used in the commission of a crime is subject to seizure and forfeiture. It may not seem like a big deal to lose one computer-but what if it's your server?

You may even want to stipulate that e-mail be used either primarily or exclusively for business. Encourage frequent surfers to get personal accounts. Messages posted as your_name@your_ company.com look more like a company perspective than a personal one, and if anything in the message is deemed libelous, better get your attorney ready.

A firewall is a software/hardware combination that restricts the types of traffic it will allow in or out. You can restrict the type of access (e-mail, telnet, ftp and so on), the data's contents, direction, source or destination, or the time of day data is accessed.

You may even want to take steps to safeguard mail internally. Thanks to a legal tidbit known as negligent waiver of privilege, sending an insecure e-mail within your company can constitute a waiver of attorney/client privilege. Say you send e-mail regarding the pending termination of an employee. If that message is worded unwisely and somehow falls into the wrong hands, it could wind up as evidence in a wrongful termination suit. My advice: Encrypt all sensitive e-mail.

Advise users to assume anything they say or do on the Internet is available to the other 30 million users. Tell them not to transmit information they don't want tracked.

Even Web browsers have eyes. A browser feature called cookies stores your information in a file, which is accessed each time you visit the site. The intention is to improve service by showing you what it knows you want, but combine that with a form that asks for your name, your e-mail address and maybe even your postal address, and you're no longer an anonymous visitor. Now, if an employee logs into a child pornography site or makes some inflammatory comment about a competitor, it can be traced back to someone in your organization.

Pretty scary stuff, huh? Don't leave your company vulnerable. Set some standards for your employees, spell out guidelines and enforce them. Above all, make sure users realize that in cyberspace, wherever they go, they're going to leave an electronic trail that leads right back to your doorstep.