Instead of the traditional polarised approach of either banning internet access completely or allowing unrestricted usage, the study shows that many British businesses are opting for a selective ban. According to Dimension Data, this indicates that organisations are waking up to the reality of their employees’ internet usage and that IT security can be maintained – and worker morale and even productivity enhanced - by embracing this.
The study shows that the internet is enmeshed in people’s working lives, with almost half (46 per cent) of British workers that have internet access at work conducting online banking at work, and nearly one in five (19 per cent) using social networking sites such as MySpace and Facebook. Instant messaging (18 per cent), file sharing (13 per cent) and downloading of media files such as MP3s (10 per cent) are also popular.
These activities are not risk-free in IT security terms, however, and businesses need to respond in some way to the potential threats arising from them. For example, instant messaging programs such as MSN and Yahoo Messenger are an unregulated, untraceable and un-logged mode of communication. And peer-to-peer file sharing, typically of copyrighted material such as music and films, is in many cases illegal under copyright law and any business that enables it is potentially liable to prosecution.
The research shows that British employers are responding very differently to security issues and other issues raised by employee internet usage, with the level of internet access employees are allowed split as follows: 14 per cent have no access at work at all, 38 per cent have unrestricted access and 46 per cent are not allowed access to certain websites. According to Dimension Data, the latter approach is more sophisticated and the way of the future for most organisations.
Alastair Broom, Line of Business Director – Security, Dimension Data, says: “For many people in a wide range of industries the internet is essential to getting their job done. More than this, it is often a vital tool in maintaining their productivity and work/life balance. Online banking at work, for example, can mean less time wasted in queues and more time for work or a proper, relaxing lunch break. And younger workers, who have grown up with the internet, are accustomed to using it at home and expect to use it at work. In their case especially, draconian measures such as an outright ban may have a profound negative impact on the perception of the organisation as an employer, and they may find a way around it anyway.”
“Our research indicates that British businesses are coming to terms with the fact that the internet and related applications such as instant messaging are sometimes used by employees for personal purposes. By accepting this and working towards a compromise with employees, be it monitoring web usage, a ban of certain websites or open access only at certain times, they can mitigate risks associated with internet use while maintaining a happier, productive workforce.”
Dimension Data’s top five tips for best practice internet security are as follows:
1. Accept that employees sometimes access the internet for personal use - Many companies bury their heads in the sand and act as though it isn’t happening, but ignoring the issue may lead to network outages and performance issues, brand damage and even prosecution as a result of inappropriate or illegal web usage by employees.
2. Introduce an ‘Acceptable Use Policy’ for internet access – And ensure all employees are made aware of it.
3. Implement internet security technology – In doing so you can a) control which web sites employees have access to and b) protect against malicious code that may be inadvertently downloaded by employees.
4. Control Instant Messaging (IM) - IM is a useful business tool if used in the right way, but uncontrolled it can be a serious security risk. Implement technology to control and monitor the usage of IM and ensure acceptable use of it is defined in the Acceptable Use Policy.
5. Control peer-to-peer (P2P) application usage - As with IM, P2P applications can pose a serious security risk if left uncontrolled.