(Editor's Note: This is a sidebar to Employee Abuse of Internet Rampant.)
Most companies take very few, if any, steps to control or guide their employees' Internet access, according to industry analysts. Here are a few recommendations from corporate users, analysts and security consultants on how to take charge of the situation:
The first thing to do is set policy. That may not be as easy as you think. What isn't allowed? Porn? Gambling? Gaming? Sure, but what about emails to Mom or checking a news site at lunchtime?
Don't forget to consider Instant Messaging. Is it a great communications tool or a time waster that leaves online conversations insecure as they pass through a third-party server?
When setting policy, it may be easier to specify what is allowed than what isn't. Most IT executives could spend all day listing what should be banned. It might be easier to focus on what is allowed.
Once you set policy, make sure every employee knows what the rules are and understands them. Workers can't be expected to follow rules they aren't aware of. And don't forget to educate new employees as they come onboard.
Enforce your policies.
Set up monitoring software so you know where employees are going when they're Web surfing. And once it's set up, make sure you actually put the time in to analyzing the information. It won't do you any good if you're not paying any attention. And that could mean creating a position just for that job.
If you are going to monitor network traffic or employees' desktops, give them the courtesy of letting them know you'll be doing it.
If there are specific Web site you don't want employees visiting, block access to them.
Be granular. If some employee positions don't need Internet access, simply don't give it to them. And remember to give users specific rights about where they can and can't go on the network.