Developer

Five tips for managing employee Internet access

When it comes to Internet usage, you don't want to be too restrictive -- but you may need to exercise some level of control over your users' activities. These suggestions can help you find a balance that suits your organization's needs.

There's a fine line between being Big Brother and keeping employees from wasting too much time on the Internet. And as we all know, there are plenty of ways to waste time on the 'net: Facebook, Twitter, chatting, shopping, scores... you name it. But how do you manage control of your employees -- and what type of control do you extend over them? Everything gets even more complicated if your business also depends upon the type of PR and marketing to be had from the likes of Facebook and Twitter. As more and more companies and businesses resort to these outlets for free advertising, different levels of control must be put into place.

Here are a few suggestions for tools you can use to manage this control, policies to implement, and ways to keep your employees from revolting.

1: Try Packetfence

Packetfence is one of the most powerful network access control tools available. It's an open source tool that can easily be installed and administered on either Red Hat Enterprise Linux or CentOS. You can also install on Ubuntu or Debian, but it's not nearly as easy. With this tool, you can manage who has access to what, what time they have access, and how much they have access to. Packetfence helps keep unwanted users/devices from accessing your network, too. If you are serious about controlling your network, this tool should be at the top of the list of those you want to test.

2: Try OpenDNS

OpenDNS is an industry-leading Web content/security/DNS tool that is completely Web based. With OpenDNS, you can filter content, prevent phishing, block page bypass (Enterprise only), protect against malware (Enterprise only), delegate administration (Enterprise only), and much more. You will have detailed daily reports as well as archived logs and statistics. With content filtering, you can select from more than 50 categories and prevent the use of proxies for bypassing filters. There are different plans, ranging from Free to Enterprise. Pricing can be found on the OpenDNS Web site.

3: Monitor network usage

If you are less inclined to do a catch-all prevention of certain Web traffic, you might want to look into tools that will monitor network usage. With tools of this nature, you can keep tabs on what your users are viewing online and then act accordingly. This is a much less Big Brother approach to managing what your employees are viewing. By handling this task this way, you are more inclined to have a lower attrition rate from employees not wanting to work in a controlling environment. A tool like Net Spy Pro allows you to monitor employee Web usage from a single desktop. This particular tool even allows the administrator to view employee bookmarks and favorites. Although some think this a better approach than implementing policies and preventing access to certain (or all) Web sites, many people view this quite the opposite. As I said earlier, it's a very fine line.

4: Make sure you have a clear access policy

Instead of employing controlling software, it might better suit your environment and employees to have clear policies in place that prevent the usage of certain Web sites during work hours. This method does call upon the honor system (unless you are using a monitoring tool), which gives your work environment a more relaxed feel. The problem with this method arises when you discover an employee abusing the policies and you do not react. If you lay out a clear policy and do not punish those ignoring it, you may as well throw that policy out the door and forget about having any control whatsoever.

5: Give a little now and then

Along with having clear policies, you have to be willing to offer some flexibility. During the holiday season, employees are going to shop online. During March Madness, employees are going to check basketball scores. You must be willing to give or you will find yourself with some upset employees. If you are never willing to bend on your policies, the attrition rate may rise during certain times of the year or with certain cross sections of employees. (Older employees may be less apt to take issue with such policies than younger employees.)

Finding the balance

The saying "Everything is relative" applies here -- as does "Everything in moderation." The real problem with employees surfing the Web happens when it interferes with actual work. This could be too much browsing or browsing to unsafe or inappropriate sites. You, as an employer (or manager) must tread that fine line between too much and too little control over what employees can do with their Web browsing.

Take our poll

What measures does your organization rely on to manage employee Internet activity? If your approach isn't one of the options, explain your strategy in the discussion below.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

36 comments
Markus Peterson
Markus Peterson

Anyone looking for a simple, yet comprehensive way to monitor employee internet activity should give BrowseReporter a try. BrowseReporter not only ensures maximum productivity out of my employees, but also out of myself because the interface is so efficient and easy.
Check it out at: www.browsereporter.com

sandiemill
sandiemill

I was reading through the thread and I could somehow relate with the fact that I also want to monitor my employees who are working from home. That is because the tendency to become more unproductive is high since they are working at their own time and pace. Maybe you also need something like this one mentioned in this review: http://reorg.co/timedoctor-review-2012-04/ I think that was designed for this setup. I think I would also start using it for my remote employees.

cer4
cer4

I heard ActyMac DutyWatch ( www.actymac.com ) is a good monitoring software, anybody used it?

sue
sue

BrowseControl has been very effective for managing Internet access at our workplace. Easy to install, then define the Allowed List (White List). Can also block chat or other applications. Also use BrowseReporter for monitoring Internet browsing on users systems.

chaz15
chaz15

to say older employees will accept control of browsing more than younger employees. I am approaching 60 and I find restrictive Internet access VERY interferential and a most unnecessary restrictive regime. PLEASE avoid further AGIST comments.

cloakedrun2001
cloakedrun2001

A while back we had an "issue" with one employee's accessing the internet. After a little Googling, I found, and downloaded the open source IP Cop, and a few of the add-ins. I built an additional "router" which I configured to work behind our outbound router / firewall. The analogy here is basically that of a railroad siding. I simply modified the users machine's DHCP reservation so that his machine's gateway was the IP Cop box. Voila! Worked like a charm. Now, using DHCP from our Active Directory I can route the traffic of any given machine I want through the "filtering" aforded by IP Cop - all for virtually no cost. It does not interefere with "trusted" users, it does not affect the attack surface privided by our hardware firewall, it was a snap to install and set up, and is totally flexible! I really am warming up to linux / open source these days! (fed up with pouring money into the black hole of ongoing license fees!). :)

pmolina
pmolina

Checking Scores for March Madness might be bad, but.. One of the most addicting events I have found on the internet is the Tour de France. The coverage of it at LeTour.fr is very good. I am not a bike race fan. At all. But I have to tip my hat to these guys, they make the internet work for them. I'll go out on a limb and say that what tv is for football, the internet COULD (note the qualifier please) be for bicycle racing.

ndveitch
ndveitch

I have a different situation to most network admins. When I took over the network where I'm working, I got strict instructions from a few of the Directors that should any employee not be able to get onto facebook or youtube I would have to find myself other work. It sounds great, but here in South Africa where we have limits on our bandwidth usage. It gets kind of tricky trying to explain to the bosses that the more they watch youtube and other online videos, the more bandwidth they use and the more it will cost. The other thing is trying to get them to understand that if everyone is on youtube then the connection is going to be a lot slower than they want it to be. Oh well, just thought I would throw that in.

mail2ri
mail2ri

I have not seen any CIO brave enough to tackle this issue head-on. While most of them are happy policing their own staff in IT Depts, most CIOs develop cold feet when it comes to imposing restrictions on end-users. CIOs only provide lip-service to their carefully drafted corporate Internet Usage Policy, but rarely resort to imposing the sanctions mentioned therein. If a corporate has well-defined Internet access & usage policy, there is no reason why lower-level staff should grapple with such back-room manoeuvres.

chris_thamm
chris_thamm

We've solved our Internet (ab)use problem by blocking all UDP traffic that attempts traverse our firewall. Our firewall forwards DNS requests/responses to/from our ISP's DNS servers. So far, no enmployee has come up with a valid reason for needing UDP for work-related Internet access. If they want to surf, we let them. It will be obvious if they're wasting working hours on the Internet by the amount of work that gets done. Those that waste too many working hours, lose Internet entirely.

paul
paul

In a real world Windows based environment ... right... Someone needs to wake up and smell the roses...

alistair.k
alistair.k

Is to set meaningful goals for the staff who report to you and mange them against those goals and objectives. This has the added benefit of managing their smoke breaks, chats with coworkers, long-lunches, newspaper reading, etc. etc. I'm not advocating giving your staff so much to do they are buckling under with it, but if you have a well managed work force they won't have time to be slacking off. Any downtime they have when meeting expected targets is just part of the natural eb and flow of working patterns. None of us get through the day without chatting to a friendly coworker, checking the scores, whatever it is we are interested in. If you have a company where a significant % of your staff are slacking off routinely then you have a badly managed workforce. The problem is not internet access, facebook, monitoring tools, etc. it is the management of the business. Even if you ban it right off your network people can use smartphones, iPads, whatever to access Facebook, Twitter, LinkedIn, WebMail, IM, etc. without you ever tracking that. other than lead lining the walls of your office you can't stop it either. OK, there is a different take on this if you are talking about the security of your network and risks through malware, data leakage, all that which may be percieved via social networking et al. That is where the IT part of this comes it. Managing workforce productivity is the job of business unit managers.

ElTel
ElTel

..which I implement internally and at one of my customers is Untangle server. It is by far and away the best solution for managing who can do what on the internet. Best of all, it's open source and for the most part free.

Tony Hopkinson
Tony Hopkinson

Don't have a lot of time for it personally, but they seem to think it helps. Sites are blocked on types of content, but the bulk of the "management" is employing responsible professionals... When it gets down to it, particularly if your people ae techs, it's the only viable solution. The policies are clear and strong, but the main thrust is try and shield employees from ending up on a high risk sites through some hidden or misleading link, or javascript twiddle.

Daniel Breslauer
Daniel Breslauer

How would the others here restrict internet access on laptops for home workers? This is my big problem... I support some 35 analysts who are only allowed access to specific sites (that may change infrequently). Previously we used Group Policy (proxy set to 127.0.0.1, Internet Options Connection tab disabled, exceptions listed in GP Proxy Settings). Now I actually use a free software that was made for a quite different public - Windows Live Family Safety. (Together with Windows Live Mesh for remote access.) It allows me to add and remove websites for viewing for all users in two clicks, to make exceptions for specific employees - anything I want, fast and without even needing to remotely access their laptop. Any thoughts?

Editor's Picks