Connecticut's IT Blog for Growing Businesses | NSI

Should Your Small Business Block Certain Websites From Employees?

Written by Tom McDonald | Aug 16, 2016 2:33:55 PM

How much time do your employees waste surfing the web? Workstations have become an essential tool in the workplace and while computers promote new levels of productivity, they also can be a source of endless distraction for employees. While workers need to use computers to enter data, generate reports, create invoices, and for a host of other functions, employees also use their workstations for online shopping, checking their personal email and looking at Facebook. With the benefits of internet access, there is also the downside of employees wasting company time online. Your challenge is to find the best way to police employee web access without undermining productivity.

Research shows that the internet is the biggest time waster at work, hands down. A survey of office workers conducted by Biz 3.0 and Time Doctor revealed that 48 percent of workers surveyed ranked time spent online as their biggest distraction, followed by socializing in the office (33 percent), taking care of personal business (30 percent), making personal calls (19 percent) and taking long lunch breaks (15 percent). Facebook is the top illicit online destination and people spend an hour on average on Facebook at work. More than 50 percent of companies surveyed block access to Facebook and Twitter, and a similar number use software to track employees’ online activities. About half of the companies surveyed also monitor email, since 15 percent of workers admitted sending confidential information via email, including 6 percent who confessed to sending confidential customer data.

So clearly there is a problem with providing open internet access at the office. The question is what’s the best way to address the problem?

Controlling Web Traffic

One strategy is to strictly control web access from the company network. There are a number of technologies available to filter and monitor enterprise web access. It’s all a matter of choosing the approach(es) that best suit your organization.

Web control software that allows you to block specific websites, such as Facebook, and control which specific users have access to various web sites and when they are available. The same software can deny network access by unwanted devices, such as personal laptops and handhelds. The challenge with this strategy, however, is management. New time-wasting websites will continue to appear and the list of IP addresses that need to be blocked will continually change.

Products like OpenDNS are available to filter web traffic, which can be useful for network security as well as website management. OpenDNS allows you to prevent phishing attacks, block page bypasses, protect against malware, and do much more. It also uses content filtering, which can be useful for limiting access to unwanted web sites and controlling leaks of confidential information. This is one way to incorporate web control into a larger enterprise security strategy.

If you want to apply a lighter hand, you might consider monitoring web access rather than controlling it. There are a number of enterprise software tools available for monitoring user activity. Rather than actually controlling network access, you can use random monitoring or perform spot checks to watch for policy violations. Some employees see this approach as less onerous than blocking web access, while others see this kind of monitoring as a violation of their privacy, even when they are using company computers and network assets on company time.

The Exceptions That Make it Harder to Impose the Rule

Unfortunately, it can be counterproductive to impose universal web control policies for most organizations. For example, the executive team may need unlimited network access to conduct market research and monitor industry events. Some departments, such as marketing, are using social media sites such as Facebook, Twitter, and LinkedIn for promotional purposes so they will need unrestricted access.

Of course, in such cases it’s more difficult to differentiate between legitimate web use and abuse of web access privileges. The HR department could be using LinkedIn for recruiting, for example, or one of the department employees could be looking for a new job at the same time.

As with trying to maintain an ever-growing list of websites that need to be blocked, keeping up with the changing business needs for web access by various users and departments can be time consuming, and ultimately, inefficient.

Set the Rules, Explain the Consequences

Almost all companies establish clearly defined policies regarding internet use at the office, including disciplinary measures for those who violate those policies. Those policies are clearly outlined in the employee handbook. This approach gives employees a sense of empowerment and assurance that they have the trust of the company, until they violate that trust. As part of security policies, be sure to explain that network monitoring and other tools are in place, and those who violate the security policies will be reprimanded or even fired.

There will be certain businesses that need to restrict unauthorized web access. Financial services and healthcare providers, for example, are highly regulated and need to ensure a level of security that satisfies various government agencies. Hospitals and doctors’ offices need to ensure patient privacy under HIPAA, the Health Insurance Portability and Accountability Act. In such cases web security software may be required.

No matter how you choose to address web access in the workplace, you don’t have to manage it yourself. IT support consultants can help enforce web security policies and provide remote monitoring services and security services. An enterprise IT consulting firm can provide expert guidance on security policies and procedures and help implement the right technology.

So what’s your best strategy to control employee web access to reduce security risks? For most companies, the best approach is to trust and train employees, apply the right technology and services to enforce company policies, and be prepared to block access and punish violations when it’s necessary.