by Mimi Ho, Robert Frances Group

Internet Surfing at the Workplace

Jun 12, 20005 mins
InternetIT LeadershipSecurity

Every enterprise CIO should have policies governing Web activity in the office.

RFG believes that enterprise Internet access has given businesses the abilities to be more competitive and improve business partner relationships, customer care and service. However, the Internet has also increased personal Web surfing at the workplace, saddling corporations with unproductive workers and potentially resulting in a decrease in corporate revenues.

In some cases, employee use of the Internet has raised legal issues that put businesses at risk. CIOs should assess working environments to determine if monitoring tools should be employed. Such tools can oversee employee Internet use and protect the company from inefficient workers and various legal concerns, without disturbing employee morale or corporate culture.

Business Imperatives:

  • Allowing employees to surf freely on the Internet can lead to damaging consequences. In some cases, companies have been hit with sexual harassment lawsuits because of Internet viewing of sexually explicit material. CIOs should determine if violations of corporate policy are occurring, and if so, decide whether Internet filtering software is needed and deemed appropriate for the company and employee environment.

  • Distinguishing between personal and work-related websites is a difficult task as some sites are used for both purposes. Internet filtering software enables companies to block selected websites and monitor employee Internet surfing activity. CIOs should assess the site-blocking and site-tracking features of such tools, and determine which sites, if any, should be blocked in the best interest of the company and employees.

  • Many Internet filtering products provide daily updates to keep blocking lists current. However, filtering products are known to filter out legitimate content and to miss bad content. When evaluating the appropriate Internet filtering and blocking applications, CIOs should ensure that an application is sufficiently flexible and configurable to meet company-specific requirements, and that vendors offer solid support including regular updates.

Corporate executives and managers understand that employees will conduct personal activities at work on the Internet, whether taking a few minutes to check personal stock portfolios or booking plane tickets during lunch hour. Some companies concerned with employee productivity, clogged bandwidth and sexual harassment suits potentially leading to hostile work environments have implemented Internet filtering tools to address these and similar issues.

Internet filtering, originally used for parental control over Internet surfing by their children, has reached the corporate world. Companies are blocking access to sites related to auctions, drug and alcohol use, gambling and pornography. In many cases, Internet filtering applications are being used in companies that want to ensure that employees do not view pornographic or hate sites. Although this type of active viewing of pornography is not widespread throughout the enterprise, companies must act to ensure a good working environment is maintained.

At enterprises where “cyberslacking” is seen as a threat to network bandwidth, IT managers have also blocked sites related to sports and shopping. This has in some cases caused employees to view such actions as tantamount to creating a hostile work environment and led to many staff resignations.

An example of problems at the other end of the spectrum includes the arrest of Infoseek’s executive vice-president, Patrick Naughton, for soliciting sex from a minor via the Web. Clearly, CIOs should work with human resources personnel and legal counsel to develop corporate policies and then evaluate and enforce them with Internet filtering software. The software should monitor, block or be a combination of both, whichever best fits the business situation.

Corporate policies should also include procedures for handling infractions of those policies within the organization. Both policies and infraction consequences should be clearly written and conveyed to all employees to avoid any future misunderstanding. However, companies should be sure the consequences fit the offense. For example, one should not be fired for checking a sports score. The appropriate filtering application should complement outlined policies. CIOs and their teams should carefully evaluate vendor offerings in order to determine which features are best suited for the enterprise.

In general, Internet filtering software combats the surfing issues either by using packet-sniffing technology to track employee surfing or works as an Internet gateway router (IGR) to triage Web traffic. Packet-sniffing technology inspects each request for access and ensures authorization or denies access. However, such software lacks the ability to recognize a re-sent packet, uses network resources before the packet is dropped and then consumes more resources as the packet is resent. In comparison, an Internet gateway router controls user access to and from the gateway but does not examine each request.

Many programs differentiate themselves by adding features such as on-demand Web activity reports and estimates of Internet surfing costs based on data such as employee salaries. Other features include daily updates of lists of sites to be blocked, filtering of both international and domestic sites, assignment of restrictions by department or workgroup and monitoring of bandwidth usage. Additionally, some programs can generate automatic e-mails to be sent to managers informing them of selected surfing activities that occur during off-hours.

CIOs should carefully evaluate software for features that combat specific problems from all sides. For example, blocking lists should include both domain names and IP addresses. Also, each software vendor should provide a starter list and the ability to add additional listings, to speed creation of lists of banned sites. In addition, vendors of filtering and blocking software should offer frequent updates of blocking lists. The chart below lists example solutions for enterprise-class filtering and blocking.

RFG believes that every enterprise CIO should develop a comprehensive policy and set of procedures for Internet surfing at work, to protect the company from legal battles, unwanted publicity and loss of productivity. Once the guidelines are in place CIOs should evaluate Internet filtering products for those that can best satisfy corporate requirements. CIOs should also work with human resource personnel to select sites that should be barred and to ensure that policies are made part of official corporate statements and continually conveyed to employees.

2000 Robert Frances Group. All rights reserved. Mimi Ho is the Robert Frances Group’s research analyst. She can be reached at