Why Workplaces Need To Control Employee Internet Access In The Workplace

Various types of web content can be deemed inappropriate. Websites that can harm people and productivity include phishing sites that steal company intellectual property, financial details, login credentials, and sensitive customer data. Other inappropriate websites may contain illegal content. Data protection regulations require businesses to control web access to mitigate the risks posed by malicious or inappropriate content.

This post explores the key benefits of using a web filter to limit internet access in the workplace. The post will also highlight potential problems associated with using content control software.

The Problem of Personal Internet Use at Work

Inappropriate internet activity inevitably interferes with business productivity, but the resulting revenue loss is only one risk. Other risks are insidious and directly harm the company. For example, if no internet restrictions are preventing them, users can download torrent software and use it to host illegal content on the corporate network. This leaves the company at risk of copyright infringement lawsuits, and worse, if the content contains illegal images or videos.

Storage space overuse is another issue caused by unrestricted internet access. Movies and songs require lots of network storage space. Users downloading content to the local network may quickly exhaust terabytes of storage capacity, leading to expensive storage costs for the company. One potential workaround is for administrators to restrict storage capacity based on user permissions. However, this strategy can add unnecessary limitations on users who genuinely require a large storage capacity to carry out work tasks. Also, managing storage usage can be an unnecessary overhead for IT staff.

Games and online gambling are another threat to business productivity. Some employees spend a considerable percentage of their working day on personal internet use, playing games, or accessing social media accounts. If every employee in an organization spent an hour a day on personal internet use, the productivity losses would be considerable. A company with 100 employees would lose 100 hours a day, totaling 26,100 working hours a year. Losses of this magnitude can lead to millions of dollars in productivity losses.

Clearly, inappropriate and untethered internet use at work has multiple negative impacts on a business.

The Danger of Malware and Ransomware Downloads

Malicious websites are designed to steal data and / or initiate a malware infection. If employees access social media websites, download files, or visit unsanctioned websites, the risk of malware or ransomware downloads increases significantly.

Exploit kits: When an employee visits a malicious website, they may become a victim of an “exploit kit.” These kits use software to scan for vulnerabilities in browsers and plugins, which are then automatically exploited to download malware silently; an employee would not be aware of the download.

Malvertising and silent malware downloads: Users may also be directed to dangerous websites via malicious adverts. Hacked websites can also be a source of malware infections. In both cases, employees are unaware of malicious redirects and are unlikely to recognize the red flags that signal they are on a compromised site.

High-risk websites: Certain websites carry a high risk of malware infection. Allowing employees to access these sites, many of which are unsuitable for the workplace, could result in malware or ransomware downloads. Online gambling, piracy sites, and pornography sites are all examples of high-risk malware hosts. Pornographic content is often used as a lure to spread malware, and many adult sites focus on distributing malware to visitors or harvesting credit card information. Blocking these adult sites helps improve productivity, avoid legal issues, and reduce the risk of malware.

File-sharing app risks: Torrent sites and P2P file-sharing networks are high-risk. There are few, if any, controls over the content shared via torrent sites. Pirated music and video files are often seeded with malware, spyware, and adware. Illegal software downloads are hazardous, as malware is frequently bundled in the executable files used to install the software or in the accompanying keygen (software critical registration generation executables) tools that generate product keys to allow the software to be used.

Consequences of a malware infection: A malware or ransomware attack often results in costly consequences. Ransomware attacks, for example, can cost a company many millions of dollars in damage control and other losses. Many ransomware victims experience system compromise, unauthorized access, and inoperable systems. The resulting system downtime may force organizations to close their doors for days, weeks, or even months, causing massive productivity losses as they attempt to mitigate the ransomware's impact. A ransomware attack can take an entire network offline. A recent spate of cyberattacks on UK retailers by the hacking group Scattered Spider led to a 99% drop in profits at Marks and Spencer after it was hit by ransomware. Jaguar Land Rover lost £485m after a similar ransomware attack.

Restricting internet access at work is essential to controlling malware and ransomware infections. Web filters are designed to help prevent employees from navigating to harmful web content. Web filtering solutions can be configured to block the downloading of certain file types and websites known to contain malware or exploit kits. Attempting to access a malicious domain will redirect a user to a block screen. Advanced web filtering solutions now use machine learning to identify new and emerging web-borne threats proactively.

However, a web filter will not prevent all malware and ransomware attacks, but should be seen as part of an overall layered security approach to preventing sophisticated web-borne threats.  For example, many malicious software downloads begin with a phishing email that contains a malicious link. Email filters are another layer of protection that helps to reduce the risk of malware and ransomware infections.

Additional Protection Against Phishing Attacks

Phishing is the number one cyber threat for businesses. According to the annual UK government cyber security breach survey, 85% of companies experience phishing. Phishing prevention is an essential tool for protecting against cyberattacks. One of the best ways to prevent successful phishing is a spam or email filtering solution. Advanced email filters will prevent most spam and phishing from being delivered to users inboxes. Advanced AI-powered email filters are highly effective at identifying and preventing spam and phishing. TitanHQ’s spam filters were awarded a top position by independent analysis company, Virus Bulletin, with an outstanding 100% Phishing Catch Rate.

However, phishing prevention must be viewed as a multi-layered approach, as phishing attacks themselves leverage AI to automate attacks. Employees can be trained to identify phishing emails and follow cybersecurity best practices to reduce interactions with phishing messages. Unfortunately, some employees will click on a malicious link even with the best security training. A layered approach that incorporates email filters and web content filters to block malicious sites from loading, all work together to interrupt the phishing cycle.

How do phishing cycles work?

Phishing emails will trick employees into visiting a malicious website. Here, they will be encouraged to reveal login credentials and other data. Alternatively, malware, such as keyloggers, is downloaded via exploited vulnerabilities. Once an attacker has login credentials, they will use these to gain unauthorized access to email accounts and business apps. Compromised accounts can be used to send further phishing emails to employees, customers, and business contacts, with the attacker impersonating the compromised user. It is common for a single response to a phishing email to compromise several email accounts.

Phishing attacks are some of the costliest cyberattacks. Each email from a compromised account must be checked for personally identifiable information (PII) and other sensitive data. Manually checking thousands of emails can take weeks and cost hundreds of thousands of dollars.

A web filter is an additional layer of security that helps organizations improve their defenses against phishing by providing time-of-click protection and blocking attempts to visit malicious websites. When an employee clicks a link to a website identified in phishing campaigns, the user will be directed to a blocked screen. TitanHQ’s web filtering solution, WebTitan, blocks user attempts to access around 60 million malicious websites weekly. Machine learning is incorporated into advanced web filters and email, such as WebTitan and SpamTitan, to detect emerging threats.

Preventing Inappropriate Web Content from Being Accessed

It only takes a single employee downloading malicious content to compromise a network. One of the main types of content behind malware infection risk is pornography. Accessing adult content at work is a serious issue. Surveys vary between 32% and 60% of adults admitting they view online adult websites while at work. Access to these sites is typically on a work device.

Not only is accessing pornography at work a significant drain on productivity, but it can also lead to the development of a hostile working environment. Pornography can be used to harass and degrade employees, especially women. Employees can take legal action against their employers over the failure to implement content controls in the workplace and prevent pornography from being accessed by coworkers.

Reactive or proactive web content filtering?

Many businesses feel the best way to tackle the problem of pornography access in the workplace is by placing traffic monitoring on the network. When individuals are found to be accessing inappropriate sites, action is taken against them without restricting internet access for everyone at work. However, this reactive policy is not always effective. When pornography use at work is discovered, employees usually face instant dismissal. That carries a cost for the HR department and productivity losses during the hiring and training of new employees.

A proactive approach to restricting internet access at work is to use a web filter. A web filter blocks access to specific websites or categories of website content, such as pornographic sites, and enforces acceptable usage policies. This is one of the most common reasons businesses restrict internet access at work.

Problems with Using a Web Filter to Restrict Internet Access at Work

A web filter may seem like a quick and easy solution to solve inappropriate website access; however, restricting internet access at work with web filters can present challenges.

Restricting internet access at work with an appliance-based web filtering solution can cause latency. Each website must be inspected before it is accessed, which delays page loading. Most websites, even those that are inappropriate or phishing, use internet security protocols (HTTPS). A web filter must decrypt, inspect, and re-encrypt the page during filtering. This places a considerable strain on resources.

Another issue is false positives that prevent access to legitimate websites. Some conventional web filters lack granular controls, leading to blocked legitimate traffic. False positives require the IT support team to spend time unblocking websites.

The solution to false positives and latency is to use a DNS-based filtering solution. DNS filtering occurs in the cloud, reducing latency. A web filter with integrated granular controls allows content to be blocked without blocking websites that need access for work purposes.

Cloud-based DNS filters also offer other benefits: they are flexible and scalable and do not require provisioning. Further, a cloud-based DNS filter does not require additional hardware, making it cost-effective for businesses.

DNS-based content filtering with WebTitan blocks user browsers from loading a malicious page, so that administrators don’t need to rely on antivirus to catch malware downloads.

Book a demo to see WebTitan’s easy-to-use filtering in action.

DNS-based content filtering with WebTitan blocks user browsers from loading a malicious page so that administrators don’t need to rely on antivirus to catch malware downloads

Should Companies Restrict Internet Access?

A balance must be struck between having draconian restrictions on web content and protecting employees and the business. Content control software will prevent employees from being distracted by online content. However, if work internet access restrictions are too strict, employees who only visit the occasional personal site may be unhappy with the new restrictions. Administrators must balance web restrictions with allowable usage, providing carefully collated website access. For example, allowing local restaurant searches is harmless compared to searching for online gambling sites.

How to Control Internet Usage in the Office and Avoid Staff Problems

One of the easiest ways to improve productivity while controlling internet access is to use a web filtering solution that allows time-based filtering controls. Employers can use this feature to restrict internet access at work during busy times and relax controls at other times. For example, lunchtime enables web requests for restaurants and entertainment but throttles access during busier business hours. With WebTitan, administrators can set standard controls during busy times, such as mornings, and relax controls during breaks or outside office hours.

How Can I Block Internet Access on an Employee’s Computer?

Blocking access on a per-computer basis can be achieved in several ways, including by configuring firewalls. Blocking internet access on an employee’s computer. Similarly, blocking internet access for a specific employee, either temporarily or permanently, can be achieved using existing network hardware or a firewall rule to block a particular IP address. However, these controls are hard-wired and global, preventing all internet access.

A web filter provides granular controls, such as blocking specific websites or categories of websites for a particular employee or group of employees. Using a granular approach is simpler and less time-consuming. The granularity allows for blocking all internet access or partial blocks for individuals or groups of employees. With a cloud-based web filter, these controls can be applied quickly and easily via a web portal accessible from any computer. The settings are easily updated.

How to Limit Employee Internet Access Selectively

A business may wish to restrict employees' internet access without completely blocking it. WebTitan allows administrators to limit employee internet access selectively. Controls can be set to reflect individuals or groups of employees who meet business criteria and meet work task requirements. For example, you may need to ensure that sales staff can focus on sales calls by using restrictive measures. At the same time, your marketing department may require more lax controls, as they need to access a broader range of websites for work.

WebTitan web filter integrates with LDAP and Active Directory (AD), making it simple to set controls for different users and user groups. Through LDAP and AD, you can implement organization-wide controls (e.g., adult content), department-level controls (e.g., social media), and individual controls.

How to Manage Employee Internet Usage

Many companies are facing a situation in which employees habitually waste work time online. Distractions, Distractions everywhere!  Not many people can honestly say they work every minute of every workday. We all take coffee breaks, read some online news, or use that spare ’10 minutes’ to check Facebook or Twitter!  Taking regular breaks from work is advised as a good way to recharge the mind.  

Having a break is important and can enhance productivity. Taking a break allows us to get back to the task at hand with renewed energy and a sense of purpose, making us more productive. It’s also been shown that a break can serve as creative fuel. The Harvard Business Review and researchers note this:

“A longer break does not necessarily equate to a better break. Disengaging from work only for a few minutes but on a regular basis (micro-breaks) can be sufficient for preventing exhaustion and boosting performance.”

Habitual time wasting online, however, is something completely different. It’s easy to take a short break from your work and check what’s happening on Facebook or Twitter. Done habitually, though, it can cost a company in lost productivity.

Often, these occasional breaks turn into habitual online time-wasting.  A Forbes survey found that employees can lose 720 hours of productivity each year due to distractions.

This poses the question where are people going when they waste time online and how is it impacting productivity?

• Workers waste up to 2.5 hours on their smartphones accessing digital content that is not job-related.
• Around 14% of digital distractions cause accidents in the workplace.
• 79% of workers get distracted within an hour of starting work.
• 59% of employees cannot remain focused for 30 minutes without getting distracted.

Positive news when using web filters

Pew Research has tracked the phenomenon of digital distractions at work since the early 2000s. A recent survey has found an interesting shift. Previously, Pew Research found that 77% of employees admitted to using social media during work hours. This latest Pew survey shows that internet use is now seen as a positive, but this coincides with employers using web filtering tools to control internet use.

Notably,  20% of employees actively want companies to help them control digital distractions during work.

The conclusion is that enforcing fair and balanced internet use at work will benefit both the employer and the employee.

Internet usage policy

A company's fundamental position is to implement a fair Internet usage policy (IUP) that reduces non-work-related Internet use.  The IUP, often called the AUP (acceptable use policy), is a set of guidelines and instructions for employees on the use of Internet facilities such as the web, email, and chat apps. The AUP stipulates all prohibitions, such as access to pornographic sites, conducting illegal activities, and gambling. The Internet usage policy  clearly establishes rules, such as: 

• What is approved internet usage
• What are the penalties for unapproved Internet use at work.

The Internet usage policy is often used to set the grounds for employee termination. Employee behaviour and internet use will vary by company so the first step is to map out the specifics of a business’s needs. An internet usage policy is effective, allowing employers to establish rules that meet their specific needs and block dangerous or time-wasting sites. 

Be Explicit

The internet usage policy must be clearly set out. The terms of the policy must be articulated clearly to all employees, and the policy must be incorporated into the employee handbook. Notably, an employer may lawfully monitor all activity on its systems provided it has notified employees of the monitoring and that this is clearly communicated through an accessible policy.

The most common approach to web filtering is to obtain employee agreement on the IUP. Set up policies to allow reasonable internet use for some non-work-related personal activity; access can be managed and is good for morale and productivity.

Be Fair – it’s not about blocking internet use

A “middle-of-the-road” internet usage policy that limits Internet access within defined boundaries, without creating privacy issues or requiring onerous management and enforcement, is possible.

The key is to set reasonable restrictions that address a known productivity issue without prohibiting broader Internet use. Let’s not ignore the facts: the use of the Internet and social media in the workplace is a significant productivity issue for many employers, which underscores the importance of web filtering. To manage this, many organisations choose to block specific sites or establish a fair Internet Usage Policy for employees. However, a blackout or overly strict usage policies have disadvantages.

What about logging, but not blocking?

When workers misuse the Internet, employers pay the price in lost productivity, potential malware infections, and regulatory noncompliance. But overly strict blocking policies can detract talent and drive employees to alternative devices during the workday.  Aside from the impact on recruitment, retention, and morale, it is virtually impossible to fully enforce an absolute ban on personal Internet use on company equipment.  The number of employees using work time to surf the Internet is substantial. Faced with this drain on productivity, organizations have clear options.

Logging might be an alternative to blocking sites, but on its own, it is time-consuming and reactive rather than proactive. Instead, organizations should actively block specific domains or IP addresses at the network or at the individual browser level, while continuing to log activity using a ‘log but do not block policy’. An overly restrictive blocking strategy prohibiting employee access to the Internet could have a demoralising effect and make the company a less attractive place to work. Solutions, such as WebTitan are designed for flexible, proactive web blocking that does not impact normal employee working patterns.

Active Steps to Limit Internet-related Productivity Loss

What can a company do? Here are some practical solutions:

1. Internet usage and behavior policies

A lack of awareness of safe internet use must be addressed. A strong employee internet usage policy and open debate on the team's and company's challenges and expectations may be enough to curtail even the most extreme internet misusers. Open discussions facilitate more productive HR discussions when problems occur. Among many workers, a Draconian policy that bans personal devices is likely to be resented or ignored entirely. Better still is the use of behavior-based policies that find a balance between good internet use and security.

1. Flexible working arrangements

Increasingly, companies are placing greater emphasis on the work accomplished rather than the hours served. This approach places trust and accountability on workers while allowing flexibility for non-work activities within specified limits. If a worker can complete a project and go home early, they are much less inclined to waste time at work – the workplace is for work, and then you go.

1. Content filtering

Implementing a content filter is a proven positive action to maintain productivity and security. Blocking social media sites is often an extreme measure; however, every company must protect itself from the potential liability of employees browsing undesirable material while at work, as well as blocking the malware that arrives through illegal, malware laden and inappropriate sites.

1. Education & Deterrents

A holistic approach to managing employees' use of social networks and other inappropriate websites is fundamental. As research has shown, implementing a content filter that blocks dangerous and illegal content, such as porn, gambling, drugs, etc., while allowing employees to surf freely in the knowledge that their activity is being logged, is a highly effective approach. As discussed above, a ‘log but do not block policy can be very effective.

The combination of knowing that all internet activity is being logged and that specific browsing activity is contrary to the company's internet usage policy is an incentive for employees to spend a greater share of their working hours on actual work-related tasks.

What are the best strategies you’ve used in your own organization to defeat the epidemic of wasted hours at work? Would you consider logging internet activity but blocking only dangerous / illegal categories of websites?

WebTitan Cloud provides content filtering for organizations to log or block inappropriate websites, such as social media, betting/gambling, pornographic, or malware-infected sites. Learn how WebTitan Cloud can improve your employees' productivity today while protecting your organization from advanced threats.