Five reasons to implement Internet monitoring in your organization
I recently had an interesting conversation with the editor of a non-profit business publication in the US. We were talking about the results of a recent survey that GFI had commissioned and the editor seemed somewhat surprised that so many security threats existed.
I wasn’t in the least surprised and I’m sure a lot of her readers are in the same boat. Mention internet monitoring, web security and filtering to a cross-section of SMBs and non-profits and you might get a gentle nod of the head but not necessarily understanding.
Survey after survey, report after report and yet businesses fail to grasp the impact of uncontrolled Internet use. Those that do have a higher level of awareness are still too concerned that any attempt to monitor what employees are doing could lead to privacy rights issues and a plethora of complaints from employees.
Tough! A business has every right to know what is happening within the organization, who is wasting time or watching totally inappropriate material on the Internet. Not all employees like the idea that their activity online is being monitored, but more often than not, the complainants are those who have something to hide. Employees who do their job well do not need monitoring but those who abuse the system need to be controlled.
At the end of the day, if the business’s reputation is at stake, then the organization has every right to do something about it.
There are five reasons why Internet access and use in an organization needs to be monitored and I’ve listed them below.
1. Misuse
Many employees consider Internet access at the office to be a sacred right and therefore how they use the Internet at home is often extended to the workplace. Downloading illegal or pirated software, visiting sites with illicit or adult material, shopping online and online gambling are examples of how employees misuse Internet access. Some employees also spend excessive time browsing non-work related websites such as news and social networking sites. The result is a considerable impact on productivity levels and resources, such as waste of expensive bandwidth.
2. Malware infection
There is a growing risk of malware and spyware infection when employees do not pay attention to the type of websites that they visit. Innocuous-looking websites may have been hijacked and are simply a smokescreen for malware, such as targeted Trojans, to gain access to the network, often bypassing signature-based anti-virus programs. One infected workstation is all it takes. Clicking on links and downloading software (often ridden with malicious code) pose a serious security risk.
3. Misuse of email access
Web mail access can be a backdoor through which employees can trade company information, download or exchange inappropriate material or used to contact friends on company time. Email can contain libelous content that could seriously damage a company’s reputation. There are few business-related reasons to allow web mail access but a good number of reasons why it should be blocked.
4. Negligence
There are many employees who do not appreciate the security risks involved. Even those with good intentions can click on links in phishing emails, open websites that are not genuine, provide their personal details and email address online without good reason, open suspicious files and so on. If proper user training or security policies do not exist, monitoring and managing Internet by an IT manager may be the only option.
5. Legal liability
The presence of illegal, illicit and inappropriate material on users’ workstations creates legal liabilities for the company. True that businesses are sued for even the most absurd of reasons, but they cannot afford to be caught napping. Internet monitoring and web filtering give business owners the ammunition they need to counter any claims from clients or employees. In an employment dispute, for example, a company may need web browsing reports on an employee who is suing for unfair dismissal. If they can prove that he or she spent excessive time on the Internet or accessed inappropriate sites instead of working, they have won the case. Without that evidence, a company has a very weak hand. It is also management’s fiduciary responsibility to have the data for when it is needed.
A number of businesses may consider the risks above to be acceptable. Good luck to them.
Somehow, if I were a business owner, I’d feel more comfortable with a report in front of me listing those employees has been busy gambling online or watching porn at the office and then be in a position to take action.
About the Author: David Kelleher
David Kelleher is Director of Public Relations at GFI Software. With over 20 years’ experience in media and communications, he has written extensively for business and tech publications and is an editor and regular contributor to Talk Tech to Me.
It’s a fact that we need to restrict access so that we can avoid corporate resources misuse. But, we also know that the users always find creative ways to access these resources bypassing our protections. So really the best way to protect our company is through education. The users need to understand these threats and the related dangers so that they really understand the reason for the IT guys to block access to this kind of resources. If they don’t really get this point, we as administrators always are the “bad guys”, having fun of user’s restrictions.
By this I don’t mean that we should not use content protection systems as GFI, because there are many scams that even the trained user cannot detect, and there is where technology really helps.
Even in a low budget environment we can implement a good security perimeter using free monitoring products as GFI freeware monitoring, which can help us audit our internet activity and users trends and take corrective actions with them.
They go hand in hand. I agree with Leandro in that monitoring by itself will create friction with the employees and can in some cases not be good enough. Some people will find a way to circumvent the system in place and if they don’t know that what they’re doing is wrong they will keep doing it.
Same thing goes for education, even knowing why something is bad some users will still keep doing it, either out of habit or maybe they think that their company is being too paranoid.
Monitoring and Education form a net. Some fish might get through the net but at least it will be a lot less than if you remove 50% of the net itself.
I can’t emphasize how much I agree on these points. I’ve recently been bringing up the idea of monitored internet access within the company, but a lot of the managers are too backward to think that “self-policing” doesn’t cut it anymore.
I’ve actually been criticized (though jokingly, I hope) that I’ve turned into some internet communist. It’s easy to let that kind of humor go, but if the company is at stake, it’s a lot to simply gamble on the staff’s “good will”.