<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=573132769549581&amp;ev=PageView&amp;noscript=1">
Make Personal Browsing Policies Work for Everyone Blog Feature
Courtney Casey

By: Courtney Casey on May 18th, 2020

Print/Save as PDF

Make Personal Browsing Policies Work for Everyone

Cyber Security

Some people live their lives on the internet. When this cuts into work time and creates security risks, employers have to deal with the problem. Depending on what sites employees visit and how much time they spend, browser usage during work time can raise multiple issues. It can impact network bandwidth. Viewing some material where other employees can see could be deemed harassment. Visiting dangerous sites could let malware get into company computers or leak confidential information.

A ban on all personal use is impractical in most places. A company needs to set clear policies and educate its employees, so they know what's allowed and why the restrictions exist.

The Risks of Unrestricted Browser Usage

Some people spend hours on websites without realizing where the time has gone. Frittering away two hours or more a day is common, and that could mean two hours less spent on work.

A lot of people consider the internet essential for staying connected with their families and friends, so prohibiting all personal use is excessive in most cases. If they're stopped too harshly, they'll just use their personal phones. It's necessary to strike a balance between productivity and tolerating of personal usage.

Security risks are the biggest concern. Visiting a dangerous site could put malware onto company machines. Some sites trick people into disclosing login credentials and other confidential information. "Malvertising" in third-party ads can infiltrate legitimate sites and redirect users to dangerous ones.

Browser Extension Hazards

Browser extensions do many useful things, but they have access to everything users do in the browser. Dangerous ones can steal information and alter what users see. Even secure sites aren't safe against them. Employees should never install extensions without specific authorization.

Questionable Content

Viewing some kinds of content, especially anything sexually explicit, is a serious problem if other employees might see it. It could be construed as harassment or creating a hostile work atmosphere. The employer could be held responsible if it doesn't take action.

Personal Opinions Overshared

Using company accounts for personal purposes creates another set of problems. If people use work-related accounts to express their views, they will seem to be the company's opinions. People could take their promises as their employer's commitments.

Confidentiality Concerns

Sharing proprietary information while at work can hurt an employer. People want to talk about what they're doing at work, but if it means disclosing information about upcoming products or the company's financial situation, that could hurt the employer's competitive position.

Bandwidth Theft

Watching streaming video at work uses up bandwidth. If too many employees are spending too much time on it, it could slow down legitimate Internet usage. A teleconference might run less smoothly because other people are watching movies. Some streaming uses, such as training videos, are legitimate, but excessive personal streaming can impact them.

Related: On-demand webinar "How to Close Your Biggest Cyber Security Hole" to learn how cyber criminals use your weakest link to break through security

The Use of Browser Policies

A company has to have a clear, understandable policy for internet use and they need to follow it consistently. Case-by-case decisions will lead to feelings of unfair treatment. Any exceptions should have a clear justification. The level of restrictions should be consistent with the company's needs and culture. For example, a business designing nuclear weapons has different requirements from one that sells furniture.

All employees should get a copy of the policy, and they should be required to acknowledge in writing that they've read it. Someone should be available to answer their questions.

Enforcement has to be even-handed. The level of disciplinary action should depend on the seriousness of the violation and the employee's history.

Employees normally have no reasonable expectation of privacy when using company equipment, but they need to be clear on what this means. If the company monitors internet usage, it should disclose this fact and say what is monitored. They do have an expectation of privacy when using their personal devices outside the company network, but their use on company time can still be restricted.

The Use of Technical Restrictions

Restricting web access by technical means is a difficult matter. The network can block access to certain sites, but that's an all-or-nothing approach. Sometimes there are legitimate reasons for accessing social media or streaming sites for work purposes. Employees can get around burdensome blocks with their smartphones, diminishing confidence in the policy.

Blocking known malicious sites will improve security, but they're a moving target. A firewall that prevents connections to them needs to be updated daily to do an effective job.

In some organizations, security and confidentiality are so important that technical restrictions on access are necessary. If the kind of work employees are doing mandates strictness, they should understand the objective behind the rules.

Set Expectations for Browser Usage with Training

Whatever the organization's situation and requirements, policies and restrictions will work better if its employees understand the reasons for them. They should know the dangers of accessing unfamiliar sites, especially when they get links by email.

They should understand how excessive personal use can impact their performance, sometimes without their noticing how much time they're wasting. Conveying this information requires a well-planned educational program.

Training should strike a positive tone. It should tell employees the company trusts them as long as they deserve trust. They have personal lives, but they're at work to get their jobs done.

A good training program gives concrete examples. It shows the kinds of mistakes that people often make. It might use a bit of humor in demonstrating how people get drawn into internet rabbit holes. The approach should be consistent with the nature of the company and the job.

When employees see that they're treated like responsible adults, they're more likely to cooperate with the policies. People who know the consequences of mistakes will avoid them.

Making Policies and Training Effective

Businesses need to allow employees to use the internet while avoiding misuse. They have to keep inappropriate uses from interfering with productivity and security. At the same time, they need to avoid making employees feel they aren't trusted and will be punished for every wasted second.

The two pillars of effective Internet management are clear, consistent policies and training that works. When employees understand that the restrictions are fair and reasonable, they're more likely to abide by them.

IT Guidance for Technical and Non-Technical Security

Managing a company's network requires sound planning and decision-making at both the technical and human levels. We can help in managing your IT needs, so your business makes the most productive and problem-free use of technology.

If you're not getting the IT guidance you need to be confident in your security, contact us for a FREE Security and Risk Assessment. 

 

About Courtney Casey

In an industry dominated by men, Courtney Casey, Director of Marketing for Accent Computer Solutions, Inc., is making her mark on the world of information technology. Courtney has been immersed in the IT field most of her life and has been molded into the tech savvy expert she is today. She began working for Accent while earning her Bachelor's degree from California State University, Long Beach. Known in the Inland Empire as the "Tech Girl," Courtney is a regular columnist for the region's newspaper of record, The Press-Enterprise. Her columns address topical news trends, new technology products, and offer advice on how to embrace technology or avoid common IT pitfalls.