10 Big Mistakes Companies Make With Web Policies

Security - Channel Insider

Empowering the next generation Channel

Home

Security

10 Big Mistakes Companies Make With Web Policies

By Don Reisinger on 2010-06-14

The Internet can be a dangerous place, full of malicious files and hackers that want to steal sensitive information and turn it into cash. The threat can be a constant concern that doesn't go away. That's precisely why most companies have Web policies in place to give employees a firm understanding of what is allowed and what is not, and in just about every case, Web policies are absolutely necessary. They govern a company's network and ensure that all parties know and understand what their responsibilities are. But that doesn't mean that they're all perfect. In fact, some Web policies fail to make much sense at all. Here are some of the biggest mistakes that companies make when they issue Web policies.

They Block Everything

Although it might seem that blocking anything and everything is the best move for companies, it really isn't. Frustrated employees aren't doing companies any good. Whether employees admit it or not, they aren't spending eight hours of their day working. At points throughout the day, they're trying to find sites to get away from work. If every site they would want to browse are blocked, they might engage in dangerous practices if they find a way around the blockade. Believe it or not, giving users access to Twitter really is a good idea.

10 Big Mistakes Companies Make With Web Policies - Security news from Channel Insider

They Forget Security

Companies must always remember security when creating Web policies. Yes, the main reason for establishing a Web policy is to maintain security, but some policies are so draconian in nature that they actually do more to hurt the company than help it stay secure. That's important to remember. Security does not mean that ever conceivable issue is accounted for. Instead, security must include a common-sense approach that examines what employees are doing, evaluates the impact those actions are having on the network, and proactively addresses issues. Security is not about throwing everything against the wall and hoping something sticks.

They Hate Social Networks

Social networks might put a drain on the amount of time employees are working each day, but it doesn't mean that they should be blocked. As mentioned, employees don't like being held back from the things they want do. And one of the main things they want to do on a daily basis is head to Facebook and check out what their friends are doing. It might seem counter-intuitive, but allowing employees access to a social network is much easier than watching them waste twice the time trying to find away around the filters. Social networks can be dangerous, but in most cases, they aren't. It's important to remember that.

They Don't Trust Employees

Web policies can be insulting. If an employee feels as though their employer doesn't trust them to make the right decisions, it could significantly hurt morale. The Internet is a big and scary place. And there's little debating that there are some folks that constantly engage in dangerous behaviors, like visiting unknown sites. But education is starting to improve, and more employees than ever know what they should and shouldn't do when surfing the Web. If companies can force themselves to trust employees, they will save the IT staff all kinds of time and money. Trust goes a long way in a Web policy.

They Don't Educate

Following that, it's important for companies to realize that trusting employees can be much easier when they know that their workers are properly educated. Rather than waste time sending out a new Web policy and never saying anything about it, companies need to be more proactive. They should sit down with employees and explain to them how the Web policy works, what kind of actions are riskier than others when surfing the Web, and how they can safeguard themselves from potentially malicious users. It's a few hours of education that can go a long way in the security of a network.

They Fail to Make Them Clear

Web policies must clearly state what's expected of an employee. If that means that they shouldn't be surfing the Web for content other than that which is related to work, then it needs to be clearly stipulated. Employees cannot be expected to be safe when surfing the Internet if they don't have a proper understanding of what's expected of them. Once a Web policy is instituted, it must make it clear to everyone what is allowed and what isn't. If employees understand that, the security of the network is much improved.

They Lose Sight of Reality

Sometimes Web policies lose sight of reality. Unfortunately, there is little to no chance of any company maintaining air-tight security. Even with the best Web policy in place, malicious hackers can find their way into a network, malware will make its way onto employee computers, and all kinds of bad things will happen. Once companies acknowledge that, they can move on and set out to find the right security solutions that will safeguard them from catastrophic issues. The Web policy is designed to keep most of the bad stuff out, but it won't catch it all. That is where the security software comes in.

They Don't Consider Productivity

Productivity should play a key role in the style and scope of a Web policy. It might seem better to block Amazon, so employees don't try to shop while at the office, but such a strategy works against the company. If an online retail site is accessible, employees can order items from work. But if it isn't, employees could be more likely to take a day off to cross off all the items on their list. In one scenario, a company loses an hour of productivity. In another, it's losing a full day. Productivity should play an integral role in Web policies.

They Forget Employee Opinion

Companies must have faith in employees to follow the rules. A Web policy is only as good as the attitudes of the employees that are subject to it. If they decide that it's too draconian and it flies in the face of reality, they will try to book flights on Expedia when they know they shouldn't. But if they believe that what the Web policy is fair and they can understand where their employer is coming from, all that would change.

They Forget Simplicity

Web policies don't need to be long, convoluted documents that detail every last responsibility of employees. Instead, Web policies can be very simple, straightforward documents that clearly stipulate that a user can, say, visit Google, but shouldn't be trying their luck on sites that they don't recognize. It should also include some element of requiring employees to above all, use common sense when viewing Web sites or e-mails that may or may not be suitable for a work environment. But that's about it. Why get bogged down in details? The filters can handle that.

Recent Slideshows

See All Slideshows

Sponsored Links

Try Windows Azure free for 90 days

Introducing the world's first family of systems with integrated expertise

FREE Securing Smartphones & Tablets for Dummies Book from Sophos

5 New Technologies That Will Change Enterprise IT

Build an IT Infrastructure That Delivers the Future

CHANNEL RESOURCE CENTER

Intel Technology Provider Program
Intel Technology Provider Program (ITP) helps resellers better understand Intel products which power the technology they sell, and enables value-add services such as remote manageability or anti-theft tracking.
Learn More

WindowsForDevices.com
WindowsForDevices.com is the comprehensive news site covering Windows embedded technologies. Visitors get news, technical white papers, opinion columns and extensive directories covering the products and companies in the marketplace.
Click Here

New Technologies That Will Change Enterprise Computing

Check out our top five picks for technologies that will change the game in enterprise computing.
Learn More

Channel Insider:

Security:
Network Security
Enterprise Networking
Infrastructure Security
How To: Data
IT Security News
Security Watch Blog
Secure Channel Blog

Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog

Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
Computer Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog

Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews

Apps & Development:
Application Development
SAAS
Search Engines
Database Software
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
Value Added Resellers

More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
Complementary Magazine Subscriptions

Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Publish Online
Web Buyers Guide

Developer Websites:
Microsoft DevSource
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware

Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
ZDE Cluster 10