Although it might seem that blocking anything and everything is the best move for companies, it really isn’t. Frustrated employees aren’t doing companies any good. Whether employees admit it or not, they aren’t spending eight hours of their day working. At points throughout the day, they’re trying to find sites to get away from work. If every site they would want to browse are blocked, they might engage in dangerous practices if they find a way around the blockade. Believe it or not, giving users access to Twitter really is a good idea.
Companies must always remember security when creating Web policies. Yes, the main reason for establishing a Web policy is to maintain security, but some policies are so draconian in nature that they actually do more to hurt the company than help it stay secure. That’s important to remember. Security does not mean that ever conceivable issue is accounted for. Instead, security must include a common-sense approach that examines what employees are doing, evaluates the impact those actions are having on the network, and proactively addresses issues. Security is not about throwing everything against the wall and hoping something sticks.
Social networks might put a drain on the amount of time employees are working each day, but it doesn’t mean that they should be blocked. As mentioned, employees don’t like being held back from the things they want do. And one of the main things they want to do on a daily basis is head to Facebook and check out what their friends are doing. It might seem counter-intuitive, but allowing employees access to a social network is much easier than watching them waste twice the time trying to find away around the filters. Social networks can be dangerous, but in most cases, they aren’t. It’s important to remember that.
Web policies can be insulting. If an employee feels as though their employer doesn’t trust them to make the right decisions, it could significantly hurt morale. The Internet is a big and scary place. And there’s little debating that there are some folks that constantly engage in dangerous behaviors, like visiting unknown sites. But education is starting to improve, and more employees than ever know what they should and shouldn’t do when surfing the Web. If companies can force themselves to trust employees, they will save the IT staff all kinds of time and money. Trust goes a long way in a Web policy.
Following that, it’s important for companies to realize that trusting employees can be much easier when they know that their workers are properly educated. Rather than waste time sending out a new Web policy and never saying anything about it, companies need to be more proactive. They should sit down with employees and explain to them how the Web policy works, what kind of actions are riskier than others when surfing the Web, and how they can safeguard themselves from potentially malicious users. It’s a few hours of education that can go a long way in the security of a network.
Web policies must clearly state what’s expected of an employee. If that means that they shouldn’t be surfing the Web for content other than that which is related to work, then it needs to be clearly stipulated. Employees cannot be expected to be safe when surfing the Internet if they don’t have a proper understanding of what’s expected of them. Once a Web policy is instituted, it must make it clear to everyone what is allowed and what isn’t. If employees understand that, the security of the network is much improved.
Sometimes Web policies lose sight of reality. Unfortunately, there is little to no chance of any company maintaining air-tight security. Even with the best Web policy in place, malicious hackers can find their way into a network, malware will make its way onto employee computers, and all kinds of bad things will happen. Once companies acknowledge that, they can move on and set out to find the right security solutions that will safeguard them from catastrophic issues. The Web policy is designed to keep most of the bad stuff out, but it won’t catch it all. That is where the security software comes in.
Productivity should play a key role in the style and scope of a Web policy. It might seem better to block Amazon, so employees don’t try to shop while at the office, but such a strategy works against the company. If an online retail site is accessible, employees can order items from work. But if it isn’t, employees could be more likely to take a day off to cross off all the items on their list. In one scenario, a company loses an hour of productivity. In another, it’s losing a full day. Productivity should play an integral role in Web policies.
Companies must have faith in employees to follow the rules. A Web policy is only as good as the attitudes of the employees that are subject to it. If they decide that it’s too draconian and it flies in the face of reality, they will try to book flights on Expedia when they know they shouldn’t. But if they believe that what the Web policy is fair and they can understand where their employer is coming from, all that would change.
Web policies don’t need to be long, convoluted documents that detail every last responsibility of employees. Instead, Web policies can be very simple, straightforward documents that clearly stipulate that a user can, say, visit Google, but shouldn’t be trying their luck on sites that they don’t recognize. It should also include some element of requiring employees to above all, use common sense when viewing Web sites or e-mails that may or may not be suitable for a work environment. But that’s about it. Why get bogged down in details? The filters can handle that.