That’s what researchers at the Florida Institute of Technology say in a recent report. They looked at e-mail records at Enron in the months leading up to the company’s demise. Here’s what they found:

A month before the collapse, the number of “active e-mail cliques” — defined as groups in which every member has had direct e-mail contact with every other member — jump from about 100 to almost 800. Also, messages within those groups became more frequent but were sent to employees outside the group less often, the New Scientist reports.

The researchers say it’s a characteristic behavior in organizations experiencing a crisis — employees speak more often with co-workers they know, and withhold information with those they don’t.

“Human resources folk would probably find this extremely useful,” says Gilbert Peterson of the Air Force Institute of Technology in Dayton, Ohio, who has also studied Enron’s e-mails.

Some problems, though: Enron’s a pretty special case, and what happened there may not be indicative of what would happen at other companies.

And there are probably easier ways to sniff out discontent among employees than a complex analysis of their e-mail habits.

Many companies use “keylogging” software or hardware to monitor employees’ computer use. But they might be in trouble, according to this recent court case.

Keystroke logging (often called “keylogging”) is a process in which everything someone types on a keyboard is recorded, by either a piece of software or a hardware device installed between the keyboard and CPU.

Hackers often spread viruses that install keyloggers on victims’ computers to steal bank passwords, credit card numbers and other sensitive information. But they’re also regularly used by businesses to monitor what employees do on their office computers.

And that might violate the law, according to a recent court decision:

After Metteyya Brahmana was laid off, he had a dispute with his former boss about back wages he claimed he was owed. During the conversation, the supervisor allegedly made reference to an e-mail Brahmana had sent to an attorney with his personal e-mail account.

Brahmana concluded that the boss had accessed his e-mail. He also learned from a former co-worker that the company monitored all employees’ activities with keylogging devices.

He sued his former employer. His claim: The keylogging violated the federal Wiretap Act, which makes it illegal to “intentionally intercept … any wire, oral or electronic communication.”

The company tried to have the case dismissed. But the judge didn’t buy it.

The court ruled that accessing the e-mail didn’t break the law (because the law covers “intercepting” communication, not accessed stored messages), but that the keylogging itself may have been against the law.

The judge let the case move forward to trial, saying more information was needed to decide if the ex-employee has a case. We’ll keep you posted.

Either way, employers should be warned about the potential for keylogging and other monitoring tools to violate laws on privacy and electronic communication.

Cite: Brahmana v. Lembo

It’s no secret: Employees often use their workplace computers for non-work purposes. But when an employee does something illegal, is the company liable because it owns the equipment?

It depends on the company’s knowledge of the illegal acts.

In one court case, a New Jersey man was arrested on child pornography charges after sending pictures of his step-daughter to several Web sites.

The man used his office computer to upload the photos. His wife sued his employer for negligence, claiming the company should’ve known what was going on and notified law enforcement. If it had, the crime could’ve stopped earlier.

According to the court, the company would be liable if it knew about the illegal conduct and didn’t stop it. So the key question was: What did the company know?

For roughly two years, the man’s supervisor and members of the IT department had been checking his Web browsing history and saw the porn sites listed. Yet nothing was reported, the employee wasn’t fired or even disciplined, and no further investigation was conducted.

The court decided in the woman’s favor, ruling that the company had a duty to report the conduct and was liable for negligence (Cite: Doe v. XYC Corp.).

Liable when they don’t know?

In other cases, companies have avoided liability because they weren’t aware of an employee’s illegal activity.

In a recent case, an employee was severely harassing his neighbor. When police investigated, they found he had used his work telephone and computer to make nasty phone calls and post disparaging comments online about the neighbor.

The neighbor sued the employer for not stopping the harassment. But the judge didn’t buy it.

There was no evidence his manager or anyone else at the company knew what was happening. Therefore, there was no reasonable way to expect the company to do anything about it. The case was thrown out (Cite: Sigler v. Kobinsky).

The bottom line: If managers or IT staff are aware of illegal computer activity, the company may be liable if it isn’t reported. But employers likely won’t be on the hook for conduct they couldn’t have foreseen.

Read the facts of this real-life case and decide: Who won?

The facts:

The case involved an employee working under a contract. Before the contract was up, the employee’s boss e-mailed him to discuss a change in his responsibilities. The employee replied via e-mail, saying he accepted the change. Soon after, though, he sued, claiming he should only be held to the original terms of his contract.

The employer said:

The e-mails sent back and forth should be considered official amendments to the contract, which the employee agreed to.

Who won the case?

Answer: The employer.

Why? The court agreed with the company. As the judge said, “The e-mails from plaintiff constitute ‘signed writings’ within the meaning of the statute of frauds, since plaintiff’s name at the end of his e-mail signified his intent to authenticate the contents.”

This case worked out for the benefit of the employer, but it’s also possible for a company to be held to unwanted terms that were discussed over e-mail.

Matters related to contracts should be discussed in person and verified in writing, to avoid any possible confusion about what the “real” terms are.

Cite: Stevens v. Publicis, S.A.

E-mails are never private and always permanent. That’s why it’s critical that HR periodically reminds managers to watch what they write.

E-mail slip-ups can often lead to lawsuits and create damaging evidence against the company. Here are seven big mistakes managers need to watch out for:

1. Venting frustrations about legal issues — It’s common for managers to be annoyed or concerned when they have to deal with employees on medical leave. But if they e-mail statements like, “I can’t believe she’s taking FMLA again,” it’s likely that message will end up as evidence in a courtroom.
2. Over-compensating for lack of documentation — In one recent court case, an employee was fired after he complained about age discrimination. After he filed a lawsuit, his ex-manager wrote an e-mail discussing performance problems and backdated it to look like it was sent before the termination. But the employee’s lawyers found out, and the company was hit with a whopping $46 million verdict for evidence tampering.
3. Discussing performance problems — Negative conversations are best done face-to-face — though about 17% of managers admit to using e-mail to avoid difficult discussions. E-mails can always be misinterpreted, and it’s easy for a manager to write something that may come back to haunt the company.
4. Using red flag keywords — Statements like, “Should we get a legal review?” or “We need an attorney” should never appear in an e-mail. To an employee or jury that ends up reading the message, it’ll look like the manager knew something was wrong and decided to do it anyway. Legal conversations are best held in person.
5. Not punishing employees for their e-mails — A lawsuit filed earlier this year accused the Secret Service of tolerating e-mail forwards with racist jokes. The lesson: Harassment and discrimination should never be condoned, but it’s especially dangerous when there’s a permanent electronic record of bias.
6. Making hasty promises — Managers should never use e-mail to discuss salaries, bonuses or promotions. If those decisions are explained in an e-mail and then later changed, that will cause serious problems.
   
7. Expecting nonexempt workers to check e-mail after hours — Nonexempt employees must be paid for any time they spend working — and that may include little things like catching up on e-mail while they’re away from the office. If managers make a habit of sending critical e-mails at night or on weekends, it might give employees the impression that they’re supposed to be working, too.

One problem IT staffers can have is dealing with people. But let’s face it, for a lot of positions, that’s part of the job. Interview questions should keep that in mind. For example, a good interview question might be: “Tell me about a difficult person you’ve dealt with recently, and how you handled the situation.”

You can keep probing on that question to find out ways the candidate deals with end users, peers, managers, etc. Also, you might ask other general questions about times they’ve run into workplace conflict.

Business skills are becoming more important in IT, too. If that’s something the open position will require, a good question might be: “What would you do if you made financial estimates for a project, and the person approving the funding thought they were inaccurate?”

You might also want to ask what candidates know about your industry. They don’t need to be experts, but they should at least have something to say. That’ll let you know they’re willing to learn more about the general business.

We wrote last week about a new service that allows employees to use a debit card to tap into money set aside by a loan from their 401(k) funds. Most employers oppose the idea on the grounds that it could encourage employees to make impulse purchases with money meant to be saved for retirement.

Looks like some members of Congress agree. Senators Charles Schumer (D-NY) and Herb Kohl (D-Wis) recently introduced a bill to ban the use of the debit cards.

Says Kohl: “These debit cards allow a participant to use his or her retirement savings to make everyday purchases like buying a cup of coffee. Clearly that’s not what the 401(k) is for.”

We’ll keep you posted.

Limit recreational use.

When employees take company-owned laptops and other pieces of equipment home, it’s likely they (or members of their families) will get some personal use out of them.

But that puts the integrity of the company’s data at risk, as the computer could be exposed to viruses or buggy software.

A growing concern for companies that give devices to employees is their children, who are often more tech-savvy than their parents. That means they may know how to work around security controls that IT has set up, or do things like download and install software.

What to do

What’s the best way to handle it? Some companies make employees sign policy that prohibits the device from being used by anyone other than the employee and for any significant non-work purposes. Other employers don’t have a set policy but remind employees that they’re responsible for whatever happens to the device while it’s in their possession.

In many cases, education is the best way to prevent problems. In a recent survey, 31% of employees who work from home said they were unaware of their company’s security policies.

Make sure your managers know about these two pitfalls:

1. Discussing performance problems

It’s hard to get the tone of an e-mail right, and if a manager reprimands an employee through e-mail, it may sound more ominous than was intended.

That can lead to a backlash from the employee and make it harder to change his or her behavior.

2. Discussing possible bonuses and other salary issues

Privacy is never guaranteed in an e-mail, which is always a concern when discussing compensation.

Also, those kinds of things are best finalized in a written, physical document to limit the possibility of confusion.

In a poll by Harris Interactive, 50% of the employees surveyed admitted that they’d forwarded explicit e-mails while at work. That’s a scary statistic for HR, since jokes like that can find their way into court rooms in the form of harassment lawsuits.

What you can do

Here are some steps you can take to limit the risk at your company:

• Include examples of improper e-mail use when you give harassment training. Sounds simple but many companies neglect to mention this in their training and policies.
• Remind supervisors that deleting an e-mail doesn’t mean it’s gone. Besides being backed up on the company’s server, it’s likely that an offended party will print out a copy, anyway.
• If your company monitors e-mail use, don’t forget about internal mail. Many companies use technology to keep an eye on outgoing messages (to prevent the leaking of trade secrets and the like), but don’t do the same for messages employees send to each other.

Like with all methods of harassment, one key to keeping out of court is to promptly deal with complaints as you get them. Also, regularly reminding employees, especially managers, about company policy can go a long way.