Businesses large and small struggle to balance effective internet use by employees with unwanted personal use. A recent report by a Silicon Valley network security company portrays the scene at most large organizations as a free-for-all, with employees doing whatever necessary to use the applications they want and organizations knowing next to nothing about the file sharing applications running rampant on their networks. With increased risk accompanying the increased productivity technology brings, businesses should adopt a network usage policy and take a few key steps to make sure it's effective.
The technology website Ars Tecnica reported that firewall maker Palo Alto Networks recently issued its Spring 2009 Risk and Usage Report. For business owners, it paints a scary portrait. Amongst the conclusions reached:
- Most applications found on business networks are built for accessibility and can bypass network security or allow the user to bypass security controls;
- File sharing applications on business networks are rampant;
- Many applications used for non-work voraciously consume bandwidth (file sharing, video, social networking applications, etc.); and
- Businesses are spending more on their networks, but cannot control the applications living there.
So, what can a small business do? Establish and enforce a network usage policy.
Generally, an employer can monitor employees' use of work computers or the business' network. Monitoring of phone calls and voicemail in many states requires that the employer notify the employee of such monitoring, and stop the moment they realize a call or message is personal. Use of the company's computer network, however, is less protected. Here are some quick tips on establishing and implementing a network usage policy:
- Adopt a policy and make it known. Once you've identified uses of company resources which will not be allowed, distribute the policy (including notice that usage will be monitored) to all employees. It's a good idea to have employees acknowledge and sign the network usage policy when hired.
- Monitor only for legitimate reasons. Keeping track of network resources, employee productivity and customer service are legitimate reasons. Networks, however, generate enormous amounts of data which could be tracked. Unwarranted monitoring will waste resources.
- Be reasonable. Too much monitoring of employees can breed resentment in the workplace, decrease morale and lead to people leaving. Rather than keeping constant tabs on workers, target legitimate risks to the business (network security risks and other risks).
- Facebooking while out sick gets employee fired (CNet News)
- One in four companies report attacks via social networking sites (Help Net Security)
- Managing Employees: Privacy Issues (FindLaw)
- How may an employer monitor employees in the workplace? (provided by Franklin & Greenfield)