Yes, I am the Web surfing police

One of the duties that long ago fell upon me as the IT Manager in a small company is the responsibility to monitor and report on the Web surfing activities of my co-workers. Yes, I am the Web surfing police in my company. It is not a job that I relish. It sometimes causes friction between me and the other employees, even if in jest, because they know that I know all about their web surfing habits, at least at work.

My first experience with surf monitoring

When I first was asked by management to report on Web sites that employees were visiting, I evaluated a few choices like SurfControl and WebSense. Of course, WebSense has now acquired SurfControl. Websense was still new so I chose SurfControl in the earlier company, put it on a server and on a hub so I could see all the traffic in the enterprise and began the monitoring process. I loved the awesome reporting features of SurfControl.

My boss, the CFO, did not tell his boss, the CEO that he had asked me to start monitoring and reporting on Web surfing activities of everyone in the company. I was a little shocked one day when summarizing my weekly report to discover visits by the CEO to Web sites that were against the company policy. I discreetly advised my boss. He asked me to print the reports, seal them up, give them to him but continue the monitoring process.

I should not have been, but a few months later, I was surprised when the CEO was removed from his position by the board of directors. I knew the real reason for what had happened. I also knew how it had happened that someone in such a position of power like that could be toppled by a lowly IT Manager and CFO. I did not intend to be the cause his demise and of course, I wasn't. He shot himself in the foot by his indiscriminate Web surfing.

Some Web monitoring software is spyware

When I came to my present company and was again asked to implement employee Web activity monitoring software, I recommended WebSense. The CEO balked at the price so we came up with an alternative from a little company that you have probably never heard of. It is called Track4Win from Sepama Software. It is a great product and has worked well for us. Symantec calls it Spyware, so I had to exclude it from my AV system.

I suppose it can be considered Spyware. In the professional version, the client is installed on each workstation, disguises itself with some innocuous sounding name, and promptly hides itself from the task manager upon startup. It not only tracks every web site visited, but also reports on which programs the employee uses and which files are opened locally or on a server. It has some bugs but for the most part it is a great little product.

Since the request had come directly from the CEO, I did not tell anyone that I had installed the client software, not even my immediate supervisor. He was sharp enough to figure it out and promptly removed it. Nobody else in the company is tech savvy enough to know how to monitor programs in the startup section of the registry let alone know how to remove them. However, everyone in the company knows that it is there.

I have had very few occasions where I have had to advise a supervisor of inappropriate Web surfing by members of their department. I think it has happened once or twice in the past year. The offense is usually committed by a new employee who did not read the employee handbook or believe that anybody could possibly know what web sites they were visiting, especially late at night when nobody else is around.

Monitoring of Web surfing is volatile topic

I know this is a volatile topic which incites strong reactions. Nobody likes to be spied upon and there have been several lawsuits about employer monitoring of Web site visits by employees. The monitoring and enforcement protect the employer from sexual harassment lawsuits. I can't tell you how many times I have gone to work on a user's computer and found porn stashed away or even openly displayed in a minimized browser or history.

This is not a comment about porn. Alright, maybe it is. As an IT Manager I hate porn Web sites because so many of them are filled with malicious Trojans and other nasties. It is such a waste of time for me to have to clean up after my road warriors bring in their laptops and sheepishly say that something has infected it.

I used to tell employees that if they wanted to surf porn to do it on their home computers. I don't say that anymore because so many of them now connect to our network via a VPN and Remote Desktop. I am responsible for the security of my network and I don't want any crap getting in from their home computers.