|
Regulating internet access in the workplace is a delicate balancing act. The web provides employees with valuable information and tools that enhance productivity and competitive advantage, but it can also devastate business productivity with its endless supply of games, downloads, webmail, community sites and online retailers.
The evidence of web abuse is dramatic. Over half of respondents to an America Online and Salary. com survey cited web surfing as their biggest work distraction (Figure 1). While another survey revealed inside abuse of web access as the most prevalent security problem (Figure 2).
The risks
Wasted time and productivity are two obvious risks of web abuse, but they are not the only hazards.
Lawsuits
Employees surfing pornography sites at work can create the perception of sexual harassment and a hostile work environment. In some cases pornography has led to organizations being prosecuted, while the legal implications of viewing child pornography are even more serious. Other legal risks can come from:
Downloading pirated content and using social networking sites
Using web-based email or blogs to reveal sensitive personal or company information or to damage another employee’s reputation.
Resource abuse
Overuse of video feeds, music downloads, gaming, and other high-bandwidth applications can affect organizations in two ways:
Network performance is significantly slower
Desktop and server hard disk space is filled, resulting in unnecessary technology expenditure.
As companies have become more effective at blocking email-borne viruses, hackers have increasingly turned to websites as a vehicle for infecting users with malware that steals confidential information or which builds botnets (networks of hijacked computers used to distribute spyware and viruses). In early 2008 it was estimated that webpages were becoming infected at the rate of 6000 per day, or one every 14 seconds3.
Complex challenges
Internet access at work is both a blessing and a curse, and creating a web usage policy is not straightforward. Employees expect to use the web for personal use, while employers need to enforce some browsing constraints to prevent abuse and ensure productivity. Simply publishing a blanket policy for the entire organization based on generic definitions and lists of banned sites is likely to run into resistance from a disgruntled work staff. Why?
Defining abuse
Many organizations find the line between appropriate and inappropriate web use difficult to define. What is acceptable business use for one employee may be completely unacceptable for another. For example, marketing departments have had great success in harnessing social networking sites such as Facebook and MySpace to monitor markets and build relationships with current and potential customers. Several companies, including IBM and Circuit City, have even established a presence on virtual environments such as Second Life. A blanket ban of such sites could, therefore, be counterproductive to wider business interests, as could granting blanket access to them.
Work/personal life overlap
As work becomes increasingly mobile, the separation between work and personal life is less rigid. Employees expect some personal flexibility at the office in exchange for the expectation that they work longer hours, take work home and stay in touch during weekends and vacations. Indeed, many companies use such flexibility as a hiring incentive. Excessive regulation of personal internet use can become a recruitment barrier, breed low morale, both of which can lead to reduced competitiveness.
Building a workable policy
Technology awareness varies greatly in most organizations, as does understanding the business impact of internet abuse. Most employees know instinctively that watching YouTube during working hours wastes time, but many will not understand its true security, productivity, bandwidth and legal implications.
Communication
The first step in creating an effective web usage policy is educating employees about the effects web abuse can have on an organization. Communication should include HR and senior management in addition to IT. It should also be two way, with staff and business units encouraged to identify applications or websites that assist them achieve their goals.
|
