Once regarded as an unparalleled productivity mechanism in the workplace, the Internet is increasingly being seen
not only as a drain on the average employee's output, but also as a legal threat. Between lawsuits involving the recording industry and pornographic Web site surfing, policing Internet usage should figure prominently in enterprises policies.
Employees use company Internet access to visit high-bandwidth streaming video sites or to download large files like MP3s because of the higher Internet access speeds typically available at work. While employees are expected to conduct themselves professionally in the workplace and to refrain from using corporate resources for activities that are inappropriate, reality proves otherwise.
Statistics show that worldwide, corporations lose billions in the resultant reduced productivity. According to the 2003 Computer Crime and Security survey conducted by the Computer Security Institute and FBI, 80% of companies reported that employees had abused Internet privileges, for example by downloading pornography or pirated software. Each year rogue employees search for jobs, make travel arrangements, play games and use office e-mail for personal endeavors. This abuse of Internet privileges is real problem for organizations, with real monetary ramifications and it shows no sign of letting up. More recently, International Data Corp. estimated that 30% to 40% of employee Internet use isn't work related. And according to Nielsen/NetRatings, 92% of online stock trading occurs from the workplace during work hours and 46% of online holiday shopping takes place at work.
Far more frightening than even the loss of productivity and revenue from Internet misuse is the liability placed upon the corporation. In fact, about 70% of all Web traffic to Internet pornography sites occurs between 9 a.m. and 5 p.m., according to SexTracker, a porn industry consultancy. The transfer and/or display of sexually explicit or inappropriate content has been known to create a hostile work environment for employees and has resulted in embarrassing and expensive lawsuits.
Corporate policies help mitigate these risks by documenting exactly what behaviors are and aren't acceptable when personnel use corporate Internet resources. An acceptable-use policy should dictate the appropriate use of the organization's technology including hardware, software, networks and other telecommunication resources. "Once established, policies should be written down and distributed to employees so they are aware of expected Internet behavior. Corporate policies should exist in a living document and should be modified as the needs of the company evolve," said Dave Wreski, CEO of Guardian Digital in Allendale, N.J., an open source security company providing corporate policy enforcement and open source security products.
Wreski further noted that policy enforcement software is an important aspect of any corporate network as it provides administrators with the tools needed to heighten employee compliance with established policies and ensures that corporate resources are being used for legitimate business purposes. While tough to swallow, IT administrators do well to remember that the greatest threats to organization networks stems from employee misuse, rather than from outside sources like hackers.