How to Control Cyber Slacking
Cyber slacking is a term used when employees use their work internet connection for personal reasons for excessive amounts of time. Cyber slacking can cause a number of problems, from the obvious loss of productivity to legal liability as well as virus infection.
Employees browsing the web during working hours are not just a productivity issue; such employees might download illegal music and/or software or visit disreputable sites which will try to infect their visitors with Trojans.
However, there are a variety of ways to handle cyber slacking within an organization:
Passive Monitoring
Tools can be employed to monitor the internet activity of users. Reports can then give an accurate picture of what sites an employee has visited and how much time the employee spent browsing. This method is not really ideal because while it is adequate to tackle an employee’s time wasting it can be too late for other security related issues, such as a malicious site infecting the victim’s computer with malware. By the time the administrator gets to review the report and discovers one of the employees has been visiting sites known to infect visitors with malware, the infection would likely have already happened and had ample time to spread.
Active Monitoring
More advanced tools will not only monitor and record user activity but take action depending on the monitored data. Some advanced tools also allow for classification of web sites as this would allow an administrator to really tweak the system for optimum effect. Website Classification coupled with scheduling can also help maintain employee morale which could be negatively affected when implementing such measures.
Setting up policies that would always block malicious sites but allow access to news, social networking and gaming sites during the employees’ break would secure the business against security threats, prevent cyber slacking yet still allow employees to access work unrelated sites during their free time.
Proactive Monitoring
Proactive monitoring would be the next step after active monitoring. Such a system would not only monitor but also take action depending on what it encounters. The system would scan downloaded files for any viruses, block certain types of files as well as drop connections that are not allowed – for example, instant messaging with people outside the company. Advanced systems can also detect attacks being transmitted through the networks and proactively stop them.
One thing to always keep in mind is that even when using advanced systems such as proactive monitoring it is still important to keep an eye on reports. No system is infallible and users are generally resourceful and sometimes manage to find workarounds or visit sites that are not yet correctly categorized. Keeping an eye on the logs would make sure the Administrator identifies these instances and takes prompt corrective action.
Social networking is definitely a productivity killer-you say you’re just going to update your status and an hour later you’re still there. It must be a double edged sword for companies with a Facebook presence-they want their employees to be focused on work and keep your network secure (FB has many with phishing scams and malicious apps) yet at the same time Facebook has become a marketing tool!
Indeed it’s always tricky to find a middle ground. Ideally employees should realize that if their employer is not restricting their Internet access it doesn’t mean they can waste time on it. Like you say there is a difference between spending 5 minutes every now and then to spending hours.
From an employer perspective if an employer wishes to allow free access to the Internet I would still recommend they at least keep an eye on their employees’ Internet usage and take corrective measures when this goes beyond a certain acceptable threshold. It doesn’t have to be black and white either, there are other possibilities to allowing access and restricting access such as allowing access to certain sites only at certain times such as during break.
I actually just flew in from a productivity seminar over the weekend, and ironically this is one of the top talking points of the seminar. However, there are a good number of key points here that weren’t highlighted in the seminar. But despite that, how does one draw the line between professional monitoring and invasion of privacy? That was one of the questions brought up over the seminar actually. Thanks for the post!
Despite the fact that “cyber slacking”, by its sheer definition, is counter productive in a work environment, it’s effect on productivity may not be as serious as one may be led to believe. I’ve read published reports where employees who have access to “leisure sites” are able to work harder and more efficiently during the times that count. Access to these sites allow employees a small window to catch their breath and unwind before going into crunch time.
@Diane
I’m not sure if you meant “scrutiny” when you said “security”. But I agree with you in any case. As part of an online marketing firm, I’ve done extensive research on online consumer behavior. I’ve discovered that although users are now more aware than ever about the security threats of social networking, they now spend more time online than ever before. They don’t even adopt new practices to protect themselves against online threats. Apparently, knowing about security concerns is different from acting on them.
@andrew walsh
That’s actually a very interesting thought, and a mighty scary one indeed. It reminds me of studies done on cigarette smokers in search for possible ways to have them quit smoking.
It turns out that the reason why anti-smoking health campaigns never work is that cigarette smokers are already aware of the health hazards of smoking. They just choose to disregard them for the sake of their own addiction.
@Amber – Indeed it’s hard to draw a line. I will go a step further in that I don’t even think the risk is invasion of privacy, in that, if implemented correctly it just cannot be an invasion of privacy (employees should be advised of any monitoring). There is still an issue in that people don’t like being monitored and will not be happy about it. In some extreme cases it could lower morale and impact productivity too. As always there has to be a balance. I would personally suggest a high level monitor of everything (just checking how much volume you get on the different services, web / email etc..) and then low level monitoring of anything which lights red flags.
@Jenna – I have read such reports too and agree with them as well. Cyberslacking is a relative term, in that if employees spend 5-10 minutes a day checking news and such I wouldn’t even define it as Cyberslacking. To be considered Cyberslacking it needs to be disruptive in my opinion. If an employee spends 20% of his time surfing and then is 5% more productive it’s still a problem after all.
@Andrew and Terry – People ignoring security risks is (alas) not something new. It’s why education on its own is never enough to enforce security in an organization. People who know of a risk still take it because they either believe it cannot happen to them or it’s worth the risk in any case.