Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

4 Reasons to monitor Internet usage within your organization

on June 23, 2011

If you look at the range of activities that companies undertake to monitor Internet access, it can run the gamut from the extreme to the apathetic. Companies who want to maintain absolute control over their employee’s Internet usage may take measures that include recording and reviewing everything that users do on the web. They might even use a proxy server that only permits access for a subset of users and to only a list of business approved websites. On the other side of the spectrum you may find companies that don’t want to create a feeling of mistrust and, as a result, don’t monitor anything their users do online. Internet monitoring is still a critical part of maintaining the security of your organization. It doesn’t have to be the totalitarian approach of the first extreme above, but it needs to take an active role in protecting your users and your data resources from the murkier parts of the web.

There are four critical reasons to monitor Internet usage within your organization. Without having to single out any one user or play Internet Cop, these four reasons should be more than enough to convince you that at the very least, some aggregate reporting and proactive defense measures are essential to protect the organization and the employees themselves. Together with each reason, I will share my own first-hand experience that made me appreciate the use of Internet monitoring.

Malware
Viruses don’t just spontaneously come into existence on your network. They get in through user actions; the majority of which include downloads of infected files or accessing compromised sites. These actions are often the results of perfectly innocent and well-meaning actions, since the site you trust completely today, might find itself hacked tomorrow. By monitoring users’ Internet activities, proactively scanning downloads (executable files, documents and scripts contained within web pages), and checking for things like cross-site scripting attacks and obfuscated URLs, an Internet monitoring system helps to protect your users from threats outside your control, like a vendor website that has been compromised. The last virus incident I was involved in occurred because a user accessed a file sharing site with the computer set aside for shipping. Because this was a standalone machine in an unsupervised area, it was easy for a user to surf the web, and the antivirus software had stopped working but was not being properly monitored. Internet monitoring caught the infected file before it got to the desktop, and that alert let us know we had a machine requiring attention.

Compliance
Compliance issues can come up when users access personal webmail sites, file sharing sites, or attempt to download copyrighted materials. By establishing a policy that prohibits these actions, and then implementing a technology that enforces this policy, a company can show good faith in meeting the requirements of any legislation or contractual obligations. A couple of years ago, a competitor filed a lawsuit against my employer. Part of the complaint alleged that users accessed this competitor’s website to download software using a third party’s credentials, which violated licensing agreements. Having logs to show that this did not occur proved very useful in court.

Productivity
There are perfectly legitimate reasons for users to access websites during work hours. There are also plenty of distractions that can lead a user to accidentally burn through an hour of their day, even though they might have started out with the intention to just check something quickly. While I am completely in favor of allowing users some recreational access to the Internet, it is easily something that can be misused. By monitoring the sites responsible for the largest amount of time spent online by employees, a company can bring up the subject in team or company meetings, without singling out any individual. A few years ago, a supervisor whose department was chronically behind schedule was found to be spending most of his day on gaming sites, instead of seeing to his team’s needs. HR addressed this with the supervisor, and the team immediately started meeting their goals.

Costs
One of the largest expenses for many IT groups is their monthly bandwidth bill. If anything seems slow, users are bound to complain, so it is a constant effort to stay on top of bandwidth utilization reports, and to buy bigger pipes as usage climbs. Of course, sometimes the top bandwidth consumers are not what the business had in mind when it allowed Internet access to everyone. Being able to tell just what is using up all the bandwidth,and to then decide whether a larger circuit or a conversation with a user is the proper course of action, can save hundreds to thousands of dollars a month. In this case, a remote site with a pair of bonded DS1s complained regularly that they needed a bigger pipe; applications timed out regularly and response was unacceptable. In reviewing the logs of the Internet Monitoring, we determined that some user was streaming movies all day, every day. By blocking that category of site without having to identify the user, the problems with application timeouts were eliminated, and we avoided spending thousands more to get a larger circuit into this (very) remote office.

In each case above, Internet monitoring directly contributed to solving a problem, without requiring the security team to spend all day watching what others were doing. In all four reasons, I personally found that the Internet monitoring solution we implemented paid for itself in the costs saved or avoided. By adding an Internet monitoring solution to your environment, you can add another layer of protection to your defense for both your business and your employees.

About the Author:

Ed Fisher is an information systems manager and blogger at several sites including his own site, http://retrohack.com. An InfoTech professional, aficionado of capsaicin, and Coffea canephora (but not together,) he has been getting my geek on full-time since 1993, and has worked with information technology in some capacity since 1986. Stated simply, if you need to get information securely from point A to B, he’s your guy. He is like "The Transporter," but for data, and without the car; and with a little more hair.

 
Comments
Anonymouse_Cat June 23, 20114:52 pm

There’s really a great need to monitor Internet usage within an organization especially if you have a large enterprise and with what is happening right now (increase rate of security threats). The Internet is limitless and bottomless. It can’t be lost. However we should cap its usage for productivity and security’s sakes.

Also, SMEs should implement some sort of Internet monitoring system – just the right type for their business.

Robert Boyd June 23, 20117:09 pm

It’s important that users feel like they’re not on total lockdown while still preserving the security of the company and the productivity of the work day. Regular communication about the purposes of internet monitoring and what changes are being made to it to keep bandwidth low and risks down help your employees realize that they are not being singled out and shut out while others still have access, but rather that perhaps the sites they are using pose a significant risk.

I think too often the reluctance to adopt monitoring come from situations where inter-office communication is less than ideal.

Rita June 27, 201111:29 am

If you want to keep the trust of your employees, you should always openly disclose to them, even if you are not legally bound to, that they are being monitored and explain to them that you are doing it not for voyeurism but to protect them and the company. And NEVER misuse, or allow others to, the information you are getting about your users’ net activity. If Internet monitoring doesn’t feel like an attempt to backstab your own personal or like a weapon in inter-company intrigue, it shouldn’t be a problem. Or as Robert put it, “I think too often the reluctance to adopt monitoring come from situations where inter-office communication is less than ideal.”, this reluctance is a symptom of fishy atmosphere in the company itself and fears that it will be used not to protect them but against them.

Carter Rubens July 11, 20118:46 pm

Thanks for the concise classification of the reasons to use Internet monitoring. A man needs to protect his business and without an Internet monitoring tool, the risks are really tangible. It’s good that it also cuts costs because in this economy every penny saved is a penny earned.

ralph July 25, 20112:45 pm

It tells us that most of the employees these days are wasting time through surfing the internet which is not related to work. There is a solution provided- a software for employee monitoring. Thanks for this wonderful post. I hope most companies realize this.