Educational Edge logo Internet policies: Your company can protect itself from employees' misuse, potential intruders

Return Home  //  Table of Contents

Forget a break for Starbucks during the workday, more employees prefer to logon to the Internet for personal surfing.

That's the result of the 2004 Web@Work study conducted by Harris Interactive. Forty-nine percent of the 500 U.S. employees polled said they would rather give up their morning coffee than Internet use for personal reasons at work.

The United States is not alone. A recent survey by PriceWaterhouseCoopers reported about one in five U.K. companies suffered staff abuse of the Internet in the last year—both small and large businesses.

Personal Internet use at work isn't a secret, though its impact may be less recognized. In the Web@Work study, 51 percent of employees estimated spending one to five hours a week surfing for personal reasons. IT managers in that same study estimated that employees really spend six hours a week accessing non-work-related Web sites.

Then there are the security concerns that exist any time your company's computers are open to the Internet world.

Many companies allow employees to use the Internet for personal objectives as long as it does not interfere with their work responsibilities or the company's policies.

Charles Wilson, IT director at Leading Edge firm Beach Fleischman, says his firm addresses Internet use from Day One, including it in the employee handbook and discussing it during orientation.

"Our policy clearly indicates what type of content is allowed or prohibited. In granular fashion we cover many examples so that employees fully understand our policy," he says.

Specific statements include wording such as, "No firm technology asset may be used to save, view, transmit, forward or otherwise distribute: material that is suggestive or has sexual content or material that is demeaning to any race, ethnic group, religion, gender or political affiliation."

Beach Fleischman is on the right track by adopting and implementing an Internet acceptable use policy. Its creation can thwart a number of pitfalls that come when you open the Internet to your employees.

"Providing access to the Internet carries with it the same potential for productivity drain as placing a television on every employee's desk," reports the National Legal Research Group, which recently published a newsletter on Internet use. "It is not surprising, then, that loss of productivity is the No. 1 reason for drafting an Internet acceptable use policy."

Just consider the IT help desk support alone. In the Web@Work survey, IT managers estimated that 10 percent of help calls deal with non-work-related applications or protocols. In addition, at least one-third of companies surveyed reported that non-work use has strained their bandwidth so much that the network was slowed significantly during critical projects.

Perhaps one of the biggest factors in creating an Internet use policy and updating it is the potential legal implication. For example, the Internet hosts pictures, video, sound and text that are sexually oriented. Its presence in the workplace can create a hostile environment, creating the risk of lawsuits filed under sex discrimination laws.

"We see a lot of various Internet use policies at companies. Sometimes there are none," says Debbie Sasso, a principal at Competitive Edge Services, LTD, an affiliate within the CCR Advisory Group, a Leading Edge firm.

The National Legal Research Group suggests implementing an Internet policy that:
  • Establishes prohibited uses, rules of online behavior and access privileges.
  • Issues directives against downloading non-work-related files and games that can consume valuable bandwidth and slow down the company's access and storage space.
  • Describes the need for the company's sensitive data to be encrypted if it must travel the Internet.
  • Details penalties for violations, whether they be vandalism or security related.

The research group also encourages companies to have employees sign the agreement so that everyone is on the same written page. e
She says most companies who seek Competitive Edge's consulting services put security as their top concern, over employees using the Internet for personal reasons.

"Most employees are aware that when you're surfing the Web, you're leaving a trail," Sasso says. "If you suspect an employee is abusing (personal use on the Internet), it's fairly easily tracked."

Each time, though, an employee is on the Web, the company is opened up to security threats, Sasso notes. Just like your home computer, cookies and spyware can be added without your knowledge and allow the nefarious intruders to track and infiltrate your company's system.

If a business allows employees to go on the Internet—for work or for personal reasons—the proper security precautions, such as firewalls, virus protection, etc. need to be in place, Sasso says.

Beach Fleischman revisits its Internet use policy annually because of improved enforcement and security tools, Wilson says. The firm monitors all sites visited on its firewall, which has an advanced filtering capability.

Access is blocked to many potentially troublesome Internet destinations. Trends, number of visits and times also are logged. "Those logs are routinely reviewed," he explains. "When certain events occur, warnings are triggered." e