All HowTo's

Why & How To Manage Staff Internet Usage

You’ll be wishing you did this before something went wrong. My hope is that the storm hasn’t arrived and you still have time to implement a proper system to track, control and report on staff Internet use.

The fact is that staff will use the Internet for whatever they can, whenever they can and for as long as they can. “But as long as i get my work done it’s fine, right?” Sure provided that it’s in compliance with the IT policy. This article explains how to enforce the IT policy in terms of staff Internet use.

Assuming you actually have an IT policy, it would imply something like this “Staff may use the Internet for work related activities, lawful activities and with privacy in mind”. The only way you would know that these guidelines are met is to check. To check you need a system that is logging activity. To log activity you need to something between the staff workstation (or any Internet capable device) and the Internet. The device you need is a “proxy”. A staff member will open their web browser, enter a URL (such as www.google.com) and then press the Enter key. The web browser would normally go directly to the web server and ask for the page known as “www.google.com”. If we use a proxy server it will look like this: A staff member will open their web browser, enter a URL (such as www.google.com) and then press the Enter key. The web browser connects to the proxy and asks the proxy if it will go and get the web page on the browsers behalf. The proxy then goes directly to the web server and ask for the page known as “www.google.com”. The proxy then returns the web page to the staff member.

The above is a massively simplified version of what really happens but the idea is easy enough. The proxy server has the job of logging which website each staff member is asking for. It then display a report to the IT manager who would then check if staff Internet usage is in compliance with the IT policy.

The proxy server can also control who can do what and when. For example, you might want upper management to be able to do anything they like except downloading executable files (a big virus risk). While general staff can only go to work related websites during work time and any website out of work time. Proxy servers have “access controls” or ACLs that determine the rules about staff Internet use. These can be combinations of the following rule types:

  • IT managed list of permitted and denied websites.
  • Subscribed back and white lists.

Access lists are read from top to bottom. So if rule 1 is to allow Sally to visit “www.google.com” and then rule 2 is to deny Sally from accessing “www.google.com”, the result will be that Sally “can” access “www.google.com”.

The IT managed list is one where the IT staff specify (under direction of management) which websites should be permitted and which should be denied. The subscribed black and white lists are downloadable lists of millions of websites organised into categories such as News, Search, Porn, Social, etc. The proxy might be configured to allow specific websites to all staff but “not” anything listed within the “porn” and “social” categories. Or the reverse might be true that all staff can do nothing except visit websites listed in the “news” and “search” categories. The combinations are whatever the business needs.

There are proxy appliances a business can purchase that come with maintenance (support) contracts or you can install and configure it yourself. The range from free to expensive, although even free systems need someone to install and configure that which comes with a cost. Also consider the ongoing costs of keeping the proxy server up to date.

AGIX can help your business build a proxy or install a proxy appliance. Contact us to fine out how.

Remember that for someone to be fired or questioned about their Internet usage, the business needs to know what has actually happened and use that information to make a sensible decision. having a will designed proxy server will assist with this greatly.

Leave a Reply

Your email address will not be published. Required fields are marked *