Many business owners find themselves in the position to
confront employees about their Internet use.
Non-work-related activities including online games, Internet shopping,
stock trading, Internet radio, streaming media and MP3 downloads represent the
new temptations in the workplace.
When an employee connects to the Internet, your company is
exposed to these four threats:
• Productivity Threats: Just 20 minutes of
recreational surfing a day can cost a company with 30 employees over $1000 per
week (At $25/hr per employee)
• Legal Threats: Employees can sue if you don't
provide a work environment free of gender and minority harassment. This means
taking reasonable care to block offensive Internet content.
• Network Threats: An employee can crash your network
just by logging into the wrong website. Other activity like recreational
surfing and downloading MP3 files can divert valuable bandwidth from critical
business needs.
• Security Threats: Viruses enter networks through a
variety of sources, such as web-based email, Instant Messenger file transfer,
email attachments or through other files directly downloaded from a website.
Companies of all sizes must effectively incorporate email,
Instant Messages and web traffic logs into their overall records management
strategy. Some companies must do this to
comply with industry regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley and
HIPAA.
The first step is to choose the types of Internet content
that will not be allowed in the workplace.
Keep in mind that not all employees will have the same privileges, so it
is important the network management solution you choose provides a flexible configuration
to suit your needs.
There are two basic types of Internet monitoring
solutions: Gateway and desktop
solutions. Gateway solutions are
software or hardware that act as a checkpoint for all Internet traffic on the
network. Desktop solutions are installed
on the local machine to enforce Internet policies before the request leaves
the machine. Desktop solutions work well
on smaller networks and gateway solutions work well on both.
The next step is to create an official company policy
specifically for Internet use. It should
include all Internet activities and not just those you wish to manage. Keep in mind the document cannot account for
every possible scenario on the Internet, so it is important to use broad terms
with specific examples. For example,
instead of stating “Political opinions are not to be posted on newsgroups,” you
may wish to use “Messages originating from the company network or other
company-owned assets may not contain political opinions.” The second clause is much stronger because it
doesn’t specify a message type or delivery system. If you have liability insurance, then be sure
to get their approval on all documents.
In some cases, they will have additional provisions that directly relate
to your industry.
The most difficult step will be implementing new
policies. In most cases, some or all
users will experience a reduction in Internet privileges. Prepare for a
temporary increase in support requests as some users will be prevented from
accessing some work-related content. Internet policy configuration is an
on-going process that must be routinely maintained.
Comments