IT Risk #6: Unrestricted Employee Internet Usage

IT Risk #6: Unrestricted Employee Internet Usage 150 150 Shandam Consulting

IT Risk #6: Unrestricted Employee Internet Usage

  • Guardrails
  • Stop signs
  • Traffic signals
  • Speed bumps

Question: What do all these things have in common?

Answer: They are designed to protect us from ourselves.

Organizations that allow their employees to surf the web without restriction place their employees at risk of viruses, other malware, hostile workplace lawsuits, and lost productivity, to name a few. The best way to address this problem is to establish a formal employee Internet use policy. This policy should contain,  at a minimum, the following components:

  • Formal Policy: written internet access policy approved by management, HR and legal. This will protect the organization from legal action if a hostile workplace lawsuit is filed.  There have been cases where an employee sued an organization because the organization facilitated their internet sex/gambling addiction by allowing access to these sites!
  • Enforcement mechanism: systems to allow/deny access to web sites based on the approved web filtering policy.
  • Reporting mechanism: identify high risk activity and discuss this activity with the responsible parties as a way to address employee behavior early.

Failure to implement a formal internet policy will, sooner rather than later, result in legal action, malware infection, and productivity or network performance problems.