The Internet is a productive tool for business, and yet it offers so many temptations and distractions. Have you ever had to address an issue with an employee browsing inappropriate content? Have you ever walked into someone’s area and seen the scurry to minimize a movie, shopping site or social media page?
While these things are certainly a concern, you may have decided that trusting people to choose to spend time wisely is how you want to operate, and this may be working for you. The interesting thing is that there is more to consider on this issue than ever before. The risks of the Internet have grown exponentially, and there are other reasons to re-consider your approach.
I see three key factors in considering the issue of filtering and monitoring:
1. Productivity – This is the discussion that has been going on since the arrival of the Internet in the world of business. How much time is my team wasting on non-business browsing and communication over the web? Isn’t it my right and responsibility to help ensure that we are not wasting time? Won’t we know in other ways if people are wasting time? Shouldn’t we trust our team? The right questions to ask, and the resulting answers are different for everyone. This productivity question has been complicated in recent years by mobile devices. Now, most people have access to the web via their phone. If a site is blocked at work, they just use their phone.
2. Loyalty – Are the members of my team using integrity in relation to their position and employer? This issue seems to have become more relevant lately, maybe because of people’s familiarity with commenting and posting freely on social media. Lack of loyalty rears its head in many ways. Is an employee speaking poorly of the company to customers, vendors, or their manager? Could an employee be job searching using company time and resources? Could an employee be stealing information?
3. Security – There are many facets of security, but of highest concern is security from the bad stuff out there on the Internet. Most of us are screening email trying to eliminate advertising, phishing scams, viruses and other potentially harmful emails. Interestingly, much of this same bad stuff is transmitted through web browsing as well. These malicious items can be transmitted via browsing a compromised website. Shouldn’t we screen out the sites that are more obscure and have a higher likelihood of containing malicious code?
Technologically and even conceptually, there are two different levels of protection. The first is filtering or screening what people can do. The second is monitoring what they are doing. Let’s consider both.
Web Filtering has been around for a very long time. The technology has improved greatly. It is simply blocking where people can go based on preset rules and criteria. This filtering is accomplished in many small to mid-sized business environments by the firewall. As long as the firewall has an active subscription and the capability, filtering by category can be enabled and less desirable or unclassified sites can be blocked. For more robust proxy based filtering, there are both on-premise and cloud based options which screen all Internet access through a proxy which can increase the level of security.
Many small and mid-sized organizations have avoided the complexities of web filtering and chosen to trust their team rather than implement such a system. What has changed in recent years is that the Internet risk has gone way up. Due to this heightened risk, we do recommend implementing filtering on your network. It adds one level of protection from accessing a compromised website and contracting dangerous spyware.
Employee monitoring is an entirely different technology from web or Internet filtering. It involves installation of a stealth agent on each employee’s machine. This agent can do a variety of things depending on how it is configured. It can take screen shots of exactly what their screen looks like at regular Intervals. It can track keystrokes and records login/passwords. It can monitor where they are browsing. It can track activity in a variety of instant messaging tools. Many even have special social media capability to track what activity on social media sites.
Using technology to monitor employees is used much less frequently, and my opinion is that it should only be used in special cases. Employee monitoring software creates a lot of overhead on your network and requires extra management from your IT Team. It also creates lots of overhead internally for someone to sift through all of this data. The sifting manager or employee can waste lots of time reviewing information and even become privy to knowledge they don’t want to have. My advice would be to use this type of monitoring with extreme care.
Everyone sees this issue a little differently, and the right answer may depend on your business and the type of workforce you employ. If you haven’t evaluated using web filtering recently, I would strongly recommend considering it. It heightens your safety from a variety of business-crippling, web-based malware and will even stop many phishing attacks from occurring. It may just be time to step up your web security a notch!