By JONATHAN HUSNI
July 11, 2011
Original Article at Crain’s Cleveland Business
Workplace managers today know that social media, other online distractions and outright Internet misuse are depriving businesses of productive hours, draining bandwidth and jeopardizing company networks and reputations.
But what can they do about it?
First, how bad is the situation? Studies show that the average employee spends between one and two hours a day using the Internet for personal reasons, indulging in activities such as accessing social networks, playing games, answering email, sending instant messages and even watching pornography and gambling.
According to uSamp, an online survey company, this translates into about $10,000 lost each year per employee.
What’s more, unauthorized web surfing uses up precious bandwidth and illicit downloading can both imperil a company’s computer network and tarnish its good name.
There are several ways to address the problem. Here are three basic solutions that can be applied separately or in combination: Internet usage policy agreement; software-based content filtering; and appliance-based controls.
Internet usage policy
I always recommend to my clients that their first order of business should be for human resources to institute an Internet usage policy agreement to be signed as a condition of employment by all staff members with web access. (There are several templates available on the Internet.)
By signing the agreement, employees promise that they will not use the Internet in an unacceptable way or create unnecessary risks to the company’s computer network or reputation.
Violations of the agreement would include unreasonable personal use of a computer, visiting websites containing obscene or hateful content, emailing offensive or harassing material, or downloading unauthorized software.
Employees failing to comply would face disciplinary action, including dismissal.
Managing a business would be easier if signing an agreement was by itself a sufficient deterrent to Internet misuse. Unfortunately, human nature being what it is, sterner measures often are called for.
The next step I recommend is the installation of a filtering application, such as artificial content recognition (ACR) software.
ACR analyzes the context of a Web page, automatically classifies it into categories such as shopping, sports, sex, gambling, violence, etc. and compares it to a company’s usage policy.
Settings are flexible and can be adjusted as needed. The technology can cover the entire Internet in real-time with reasonable accuracy, categorizing content the way a human being would.
Also available are applications that enable managers to make specific websites off limits or enforce strict limits on what subjects search engines may seek out.
A web filter appliance is a device that enables companies to filter online content, blocking or removing links, downloads and email that may contain offensive or dangerous content.
Ideally, Web filtering hardware should support a unified threat management architecture that transforms the firewall into an all-inclusive security product that can perform multiple security functions.
These protections should include, in addition to firewalling, network intrusion prevention, gateway anti-virus and anti-spam, content filtering, load balancing and on-appliance reporting.
Load balancing refers to the ability of a network edge appliance to handle two or more connections to the Internet simultaneously. On-appliance reporting refers to the ability of the filtering appliance to furnish reports of activity directly to the managing user.
Each company has its own corporate culture that determines what online behavior is acceptable. Situations vary but my experience shows that some level of Internet behavior modification usually is needed.
When I am consulted by clients concerned about their vulnerability to Internet misuse, I will perform a full network audit to reveal who is doing what online.
Depending on the seriousness of the situation, I will recommend some combination of the above remedies; I am so confident of their effectiveness that in every case I guarantee results.
Jonathan Husni is president of Acendex, an information technology services firm in Beachwood. Acendex is a consultancy that advises small and medium organizations on how to achieve and maintain vital IT functionality. www.acendex.com.