Category Archives: CEO Articles

Harnessing Revolutionary Tools: Lessons from the Internet and the Dawn of AI

Introduction

Thirty years ago, as the CEO of Wavecrest Computing, I witnessed the internet’s emergence as a transformative force, reshaping business operations with a magnitude that arguably surpasses Henry Ford’s assembly line. The introduction of early browsers like Mosaic and Netscape made the internet accessible to all, enabling instant communication, global collaboration, and unprecedented productivity. Today, we stand at the threshold of another revolution: the rise of artificial intelligence (AI) tools. Both the internet and AI are powerful instruments, but their potential is only realized through careful management. At Wavecrest, our products, Cyfin and CyBlock, have helped businesses navigate the internet’s challenges for decades. As AI reshapes the workplace, the lessons we’ve learned underscore the need for oversight, informed decision-making, and tailored strategies to maximize productivity, security, and compliance.

The Internet’s Transformative Impact

The internet’s arrival in the 1990s was a paradigm shift. Much like Ford’s assembly line standardized manufacturing, browsers democratized information, empowering businesses to operate globally and innovate rapidly. However, this power came with challenges. When internet access reached every employee’s desktop, businesses gained a revolutionary tool but often lacked the means to manage it effectively. Wavecrest was among the first to recognize this, developing Cyfin to provide actionable insights into employee web usage, addressing not just security but also productivity and legal concerns.

Ford’s assembly line succeeded because he trained workers, monitored performance, and iterated improvements. In contrast, many businesses deployed the internet without similar rigor. Acceptable use policies, often driven by legal departments, focused on liability but rarely harnessed the internet’s full potential. This gap—between the tool’s power and its management—persists, leaving companies vulnerable to risks and missed opportunities.

Challenges of Internet Access

The internet introduced three key challenges, each requiring careful oversight:

Security Risks: Research shows that 88% of data breaches stem from human error, such as clicking phishing links or mishandling data (Stanford Research: 88% Of Data Breaches Are Caused By Human Error). Employees, not external hackers, are often the weakest link, necessitating robust training and monitoring.

Legal Liabilities: Internet misuse can lead to lawsuits over harassment, copyright infringement, or data privacy violations. For example, inappropriate email use or unauthorized downloads expose companies to significant risks (Employment Liability Laws for Internet Usage). Legal-driven policies address these but often overlook productivity.

Productivity Losses: Studies estimate that 30-40% of workplace internet activity is non-work-related, costing U.S. businesses $63 billion annually (Employee Internet Management: Now an HR Issue). Social media, shopping, and entertainment distract employees, undermining efficiency.

These challenges highlight a critical truth: being informed is essential for effective decision-making. Without visibility into how employees use the internet, businesses cannot optimize its benefits or mitigate its risks.

The AI Revolution: A New Frontier

As we reflect on the internet’s impact, AI tools—large language models, automation platforms, and analytics engines—are ushering in a new era. Like the internet, AI promises to augment human capabilities, streamline tasks, and drive innovation. However, it also amplifies existing challenges and introduces new ones. Dropping AI onto employees’ desktops without oversight risks repeating the internet’s early mistakes, where enthusiasm outpaced management.

Security Risks: AI amplifies human error risks. A 2024 Gartner report notes that 40% of organizations faced AI-related security incidents due to employee misuse, such as inputting sensitive data into unsecured models (Gartner: AI Security Risks). Without monitoring, businesses cannot detect or prevent these vulnerabilities.

Legal Liabilities: AI raises complex legal issues, including data privacy violations and ethical concerns. Processing personal data with AI can violate regulations like GDPR, while AI-generated content may infringe copyrights or produce biased outputs (AI and Data Privacy Risks). Tailored policies are essential but must be grounded in real usage data.

Productivity Concerns: AI’s potential to boost efficiency is immense, but misuse can erode gains. A 2025 McKinsey study estimates that 20% of AI initiatives fail to deliver ROI due to poor integration (McKinsey: AI Productivity Challenges). Employees using AI for personal tasks or inefficient workflows—such as excessive prompt tweaking—can mirror the internet’s productivity losses.

Training Gaps: Effective AI use requires training, but generic programs miss the mark. Without data on how employees interact with AI (e.g., tools used, tasks performed), training cannot address specific needs, reducing its impact.

The Pitfalls of Generic Policies

Both the internet and AI suffer from a common issue: reliance on boilerplate policies. Internet acceptable use policies, often legal-driven, focused on liability but neglected productivity. Similarly, generic AI policies—such as blanket bans on public models or vague usage guidelines—fail to account for organizational nuances. A marketing team may need AI for creative content, while a finance team requires strict data controls. Without understanding actual usage, policies remain disconnected from reality, undermining productivity, security, and compliance.

The Role of Oversight: Lessons from Cyfin

Wavecrest’s experience with the internet offers a blueprint for managing AI. Cyfin addresses the internet’s challenges by transforming complex firewall logs into clear, actionable reports, enabling management and HR to monitor usage, identify risks, and optimize productivity. Unlike built-in firewall tools, which focus on traffic and security, Cyfin excels at reconstructing user actions, providing insights competitors cannot match. This capability is critical, as raw logs are voluminous and difficult to interpret, often leading IT and management to chase inaccurate data (The Significance and Role of Firewall Logs | Exabeam).

Extending this to AI, businesses need tools to track interactions with AI platforms—e.g., which tools are used, how often, and for what purposes. Cyfin’s adaptability positions it to deliver similar visibility, reporting on AI usage to inform policies, training, and security measures. For example, Cyfin could identify employees sharing sensitive data with AI models, spending excessive time on non-work tasks, or struggling with specific tools, enabling targeted interventions.

Best Practices for Harnessing Revolutionary Tools

To maximize the internet and AI’s potential, businesses should adopt these strategies:

  • Implement Comprehensive Monitoring: Use tools like Cyfin to gain visibility into internet and AI usage, providing management with data to make informed decisions.
  • Develop Tailored Policies: Base policies on actual usage patterns, ensuring they address productivity, security, and legal needs specific to your organization.
  • Prioritize Training: Tailor training to usage data, addressing gaps in skills or security awareness to enhance effectiveness.
  • Foster a Culture of Responsibility: Encourage employees to use these tools productively and safely, supported by clear expectations and monitoring.
  • Leverage Specialized Tools: Avoid relying on generic solutions like firewall logs, which lack the granularity needed for user-focused insights.

Conclusion: A Call to Action

The internet transformed business, and AI promises to take this further. However, their power is only realized through proactive management. Ford’s assembly line succeeded because he monitored and optimized it; businesses must do the same with the internet and AI. Security risks, legal liabilities, productivity losses, and training needs demand comprehensive oversight, tailored policies, and actionable data. At Wavecrest, we’ve spent 30 years helping businesses navigate these challenges with tools like Cyfin, which deliver the insights needed to harness revolutionary tools effectively.

As we embrace AI, let us learn from the internet’s history. Being informed is critical—only with the most facts can we make the best decisions. Businesses unaware of tools like Cyfin or struggling to implement oversight risk squandering AI’s potential, just as many did with the internet. By investing in visibility and management, organizations can shape a future where these tools drive productivity, security, and innovation. Join us in harnessing the next revolution.

Finally—Clarity from the Chaos of Firewall Logs

How Cyfin Delivers Actionable Employee Web Activity Reports from Complex, Noisy Firewall Data

Executive Summary

Organizations rely on firewalls to secure their networks, but these tools generate logs that are incredibly complex. Every device, system update, browser tab, and cloud sync creates a connection—and every connection gets logged. For IT, HR, and management teams trying to understand actual employee behavior online, these logs present a mess of indistinguishable data. Cyfin changes that.

Cyfin is a powerful log-parsing and reporting engine that reads raw, connection-based firewall logs and delivers clear, human-readable reports focused on employee-initiated web activity. It cuts through the noise—from Windows updates to endpoint security traffic—and delivers reports designed for both technical and non-technical audiences.

Why Cyfin is Different

Most tools tell you everything that happened on the network. Cyfin tells you what your employees did.

Firewall logs don’t distinguish between a user browsing a news site and their machine syncing with a cloud service. Cyfin’s core strength is its ability to recognize and separate human-initiated actions from the flood of background traffic that is increasingly using the same web protocols and ports.

This distinction is essential. Whether you’re conducting an internal investigation, responding to a compliance request, or simply monitoring productivity, Cyfin gives you the clarity you need to make decisions based on facts, not assumptions.

Key Benefits

  1. Accurate Employee Web Usage Monitoring
    • What It Does: Filters out non-human activity to focus solely on employee-initiated web actions.
    • Why It’s a Game-Changer: Standard firewall reports lump everything together, distorting the picture of employee behavior. Cyfin ensures accuracy by isolating what matters.
    • For IT: Automates log analysis, reducing your workload and delivering precise data.
    • For HR & Management: Delivers a true view of employee web use—perfect for enforcing policies or boosting productivity.
  2. Simplified Compliance and Security
    • What It Does: Produces detailed, auditable reports to meet regulations (e.g., GDPR, HIPAA) and spot security risks.
    • Why It’s a Game-Changer: With remote work and data privacy laws on the rise, Cyfin’s reports provide compliance-ready evidence and threat detection.
    • For IT: Seamlessly integrates with your firewall setup for efficient monitoring.
    • For HR & Legal: Offers easy-to-use reports tailored to your compliance needs, simplifying audits.
  3. No Software on Employee Devices
    • What It Does: Monitors activity directly from firewall logs—no agents needed on individual devices.
    • Why It’s a Game-Changer: Cuts deployment hassle, reduces privacy concerns, and works across all devices.
    • For IT: Eliminates the need to manage software on endpoints, saving time.
    • For HR & Management: Provides monitoring without invasive tools, maintaining employee trust.
  4. Multi-Vendor Firewall Compatibility
    • What It Does: Supports top firewall brands like Palo Alto, Cisco, Fortigate, and SonicWall.
    • Why It’s a Game-Changer: Unifies reporting in mixed IT environments, streamlining management.
    • For IT: Standardizes reporting across vendors, simplifying your workflow.
    • For Management: Ensures consistent, clear reports regardless of firewall setup.
  5. Scalable for Any Organization
    • What It Does: Handles large data volumes effortlessly, growing with your needs.
    • Why It’s a Game-Changer: Keeps performance strong as your workforce expands.
    • For IT: Manages high-throughput environments without slowdowns.
    • For Management: Delivers reliable insights at every stage of growth.

Cyfin in Action

Consider this scenario: A department manager suspects excessive personal web use during work hours. The IT team pulls logs from their firewall, but what they get is a flood of technical entries—tens of thousands of lines including Windows telemetry, antivirus updates, background ad tracking, and cloud syncs.

With Cyfin, that same data is distilled into a clear, chronological report showing actual employee-initiated browsing—highlighting visits to shopping sites, video streaming platforms, and news articles. HR receives a clean PDF report that supports a productive and well-informed conversation with the employee in question.

Conclusion

Cyfin solves a problem that even seasoned IT professionals struggle with: how to turn raw firewall data into meaningful insights about employee web behavior. Its ability to separate human action from machine noise makes it an invaluable tool not just for IT, but for HR, Legal, and Management teams as well.

When accurate visibility into employee online activity matters, Cyfin is the solution that delivers clarity from chaos.

Understanding Employee Internet Monitoring: Insights from Cyfin

In today’s digital workplace, managing how employees use the internet is crucial for several reasons:

Network Security:

  • Why it Matters: Malicious websites can expose your network to cyber threats.
  • What Cyfin Does: Our system identifies and blocks access to high-risk sites, protecting your company’s data.

Productivity Enhancement:

  • Why it Matters: Excessive non-work-related browsing can decrease productivity.
  • What Cyfin Does: We provide insights into time spent on different activities, helping you foster a more focused work environment.

Web Application Usage:

  • Why it Matters: Unauthorized app usage can lead to data leaks or reduced productivity.
  • What Cyfin Does: Monitor and manage which applications are used, ensuring they align with business needs.

Policy Compliance:

  • Why it Matters: Clear internet usage policies protect both the company and employees.
  • What Cyfin Does: We help ensure everyone follows these policies, promoting a fair and secure online work culture.

Training & Optimization:

  • Why it Matters: Educating employees on optimal internet use can significantly boost efficiency.
  • What Cyfin Does: Our analytics tools provide data to tailor training programs that enhance digital literacy and productivity.

Key Takeaways:

  • Monitoring isn’t about mistrust; it’s about creating a safer, more productive digital workspace.
  • Data-driven insights can lead to better policies and practices.
  • Employee education on internet usage can transform how your team interacts with digital tools.

For businesses looking to balance security, productivity, and employee well-being, understanding and implementing effective internet monitoring is essential.

#EmployeeInternetMonitoring #CyberSecurityEducation #WorkplaceProductivity #DigitalWorkplace #Cyfin

Determining employee Web-use behavior with Smart Engine analytics

Determining employee Web-use behavior with Smart Engine analytics

I previously discussed that employee Web use has much to do with human behavior in the workplace, and the management of it is not just an IT issue. All stakeholders and areas of the company can help manage employee Web use effectively. With IT investing time in researching and implementing the most suitable Web filtering and monitoring solution for the organization, collaborators in the company, such as senior managers, HR, and department managers, can get the right information in the right format. Ideally the solution would include a reporting engine or Smart Engine making it possible for collaborators to get a true picture of employee behavior. Here I’ll discuss the features of a Smart Engine and its importance in deriving human behavior from Web-use data.

First of all, what is a Smart Engine? A Smart Engine is a powerful reporting engine that helps companies make informed, data-driven decisions and take action on issues concerning the proper use of their network resources. It provides direct, easy, and fast access to data, and low-latency, real-time analytics. With its elaborate, distributed system, it is highly scalable and able to handle petabytes of data. A Smart Engine is built for speed and provides a scalable solution that is optimized for analytics retrieval.

Smart Engine analytics provide the information for reporting–charts and reports–to present accurate and up-to-date Web activity. The Smart Engine utilizes algorithms that perform functions such as determining real Web browsing activity, user names, and time online from Web traffic, and categorizing URLs into logical groups based on content. Without the Smart Engine and its analytics, the reporting components could not provide the adequate information that a company needs to manage employee Web use. The Smart Engine makes technical data usable and manager-ready. Examples of its algorithms are discussed below.

The most important algorithm is one that distinguishes between real Web browsing activity from user clicks (or visits) and background Web activity (unsolicited traffic or hits) by identifying the content of each URL. True visits are actual user clicks that do not include multimedia URLs, such as images, audio Web pages, advertisements, or Web pages that were requested as part of a visit, that is, unsolicited. The differentiation between Web traffic visits and hits is of high importance for companies that want to manage the human factor. Companies can get a true, meaningful picture of the level and type of Web activity occurring in their network.

When Web filtering and reporting products do not include user names in Web traffic records, user Web activity is lost and unaccounted for. The company may not even know that this is occurring. Another algorithm performed by the Smart Engine is a user name caching algorithm that uses the cache user name if available, versus the IP address, allowing you to capture all activity of the user and get more detailed data in reporting.

When users are online, they could be reading a Web page, performing another task in a different application with the browser open, or possibly away from the computer entirely with the browser open. A time online algorithm uses a highly accurate priority method for calculating users’ time online. Managers and IT administrators can quickly see which users, categories, sites, and so on had the most volume of activity and address any potential issues, such as productivity loss, bandwidth slowdowns, and policy noncompliance.

Another algorithm that produces Smart Engine analytics is a categorization algorithm. This algorithm is designed to report on all Web activity. With the extensive content categories available in the Web filtering and monitoring tool, this algorithm categorizes the organization’s Web activity so that managers can analyze their employees’ Web usage. Proper URL categorization detects and identifies a broad range and a high percentage of total Web activity.

The Smart Engine feeds data to the reporting components of a Web monitoring and filtering tool and provides analytics for determining human behavior. You will not get this type of data directly from any firewall on the market today. The raw data itself is only information about machine/network requests. It is not about human activity, but about the machine’s response to a human request to get or push information. The Smart Engine enables companies to quickly create simple Web browsing reports and analyze current or historical Web-use data from human behavior. This human behavior data is what is truly needed to effectively manage employee Web use to keep your employees and network safe.

Reliable Web-use metrics help get accurate, actionable information to company stakeholders

Reliable Web-use metrics

Proper management of employee Web use requires that all company stakeholders be provided with the best possible information on the Web activity of their Internet users. Specifically, the right information needs to get to the right people in the right format. This might be a challenge for companies for various reasons. One reason is that managers who may want to address productivity issues with employees, based on their Internet use or abuse, do not have the information in an easy-to-read and actionable format. They may not even have reporting access to their department’s Web activity whether through data visualizations such as charts, e-mailed reports, or a manager portal.

Another reason is that if there is reporting on Web traffic in the organization, it may be inadequate in showing relevant human behavior in the workplace. That is to say, almost all Web-use reporting tools provide information at the computer transaction level, not the user activity level. Hits and requests are computer-to-computer connections, i.e., all the hits/requests made when a user clicks a link. Your IT or network person is interested in computer-to-computer or computer-to-server communication, i.e., hits, requests, bytes, etc. Managers are interested in visits, time online, categories, and classifications and cannot read computer-level communication reports that don’t mean anything in terms of human action.

Without knowing the human behavior in the organization, management is unable to define what is normal and flag anomalies that may indicate insider threats, i.e., human actions that threaten data security. They are also unable to detect trends in workforce productivity or determine whether an employee is in compliance with corporate policy. In this article, I will cover what you should expect from your Web monitoring and filtering solution to get the most accurate, actionable Web-use information to all company stakeholders, i.e., senior managers, IT, HR, and department managers.

Company stakeholders or collaborators require specific Web-use data and need the right information to make decisions and take action. Reliable Web-use metrics are pertinent to the output of accurate Web-use information. Metrics allow you to analyze patterns of human behavior to detect inappropriate or excessive Internet use, address employee behavioral issues, and discover events that could lead to a data breach. In your Web monitoring and filtering tool, you should be able to get this data presented in easy-to-read visualizations such as reporting dashboards, charts, and detailed audit reports. The tool should also be able to serve dashboards, reports, and metrics from an easy-to-use portal.

All of these reporting visualizations provide several benefits for IT staff, administrators, managers, HR personnel, and other users. They can supply specific information to a specific audience in the company, increasing efficiency and productivity. They can be used for analysis of human behavior which allows companies to manage and control employee Internet use. They can be customized to offer different types of analyses for different users and therefore serve different purposes. And they comprise different reporting types such as Operational, Strategic, and Analytical reporting, allowing customized reporting of the data.

Operational reporting shows activity that is happening now and is based on real-time data. With real-time employee Web-use metrics, IT can monitor Web activity in real time as well as employee bandwidth consumption. The data is updated frequently. Operational reporting components are designed to be viewed multiple times during the day. Real-time employee Web-use metrics give a real-time running display of the browsing behavior of employees, i.e., current user activity, and identifies bandwidth hogs in real time.

Strategic reporting summarizes performance over set time frames, for example, last week or last month, and its individual visualizations, such as dashboard charts, are updated on a recurring basis at less frequent intervals. In relation to key performance indicators or metrics, Strategic reporting can show a snapshot of top consumer Web activity with interactive visualizations providing the details. This data may be of interest to IT staff, managers, and HR personnel. With these interactive visualizations, collaborators can quickly discover and track which users, categories, or sites had the most activity, how much time users are spending online, and so on. With drill-down capability, these charts can provide the details of user Web activity for audits and investigations.

Analytical reporting shows trends in data over time as well as comparisons of Web activity. This data may be of interest to managers and HR personnel. Its data visualizations may consist of trend and comparison charts as well as detailed audit reports, allowing collaborators to analyze large volumes of Web activity data for long-term audits and forensic investigations. Comparison charts allow collaborators to compare the Web traffic for a set date range with that of a previous period to detect any anomalies in Web activity. Analytical reporting also includes categorized, detailed audit reports that can deliver a comprehensive analysis of user activity including their visits, search terms, and inappropriate sites. They can be quickly run as ad hoc reports saving time in audits or investigations.

As mentioned earlier, your Web monitoring and filtering tool should be able to serve these data visualizations from a portal that is accessible to managers as well as an IT administrator. IT should be able to easily distribute reports manually or schedule reports for automatic distribution to managers as necessary. In the self-service portal, managers would be able to create reports on their authorized groups without assistance from IT and drill down to detailed user Web activity.

While reliable metrics are a critical part of Web-use data, your tool should also include a Smart Engine that feeds that data to the reporting components and provides analytics for determining human behavior because the raw data itself is only information about machine/network requests. It is not about human activity, but about the machine’s response to a human request to get or push information. In the next article, we will discuss Smart Engine analytics and its importance in deriving human behavior from Web-use data.

Requirements of an effective employee Web-use management program

Because managing employee Web use deals with humans and their actions, it is a continuous process for all sizes and types of businesses, where the goal is to ensure employees use Web access safely for productive, work-related purposes. To attain a high level of success, I believe that this process requires a Web-use management program be put in place that involves many key players in the organization, communication of the company’s Web-use policy, implementation of a reliable tool to monitor and control Web use, and other important activities. In this article, I will discuss the requirements of an effective employee Web-use management program and the activities involved that will bring about safe and productive Internet use by the workforce.

The key ingredient in an effective program is collaboration and communication among the various groups in the company, i.e., senior management, Legal department, IT personnel, HR personnel, department managers and supervisors, and employees. Communication would include IT keeping company stakeholders informed about current hacker threats, as well as HR apprising senior management of pertinent employee Web-use behavior. Collaboration would occur among HR, IT, and department managers in training the workforce. Collaboration would also take place between IT and department heads to select the appropriate Web monitoring and filtering tool.

If you don’t have one already, another necessity of a Web-use management program is to develop a sound Acceptable Use Policy (AUP) consistent with corporate culture. The AUP should describe acceptable and unacceptable Web-use behavior, i.e., company rules for what constitutes desirable, acceptable, unacceptable, and abusive use of the Internet and other network resources. The policy should also clearly state how compliance will be monitored and what the consequences will be to employees abusing the use of network resources. Does your company have an AUP in place that spells out the rules to your employees?

To ensure adherence to the Web-use policy, it should be clearly communicated to the entire workforce, including management, informing them of what is and what is not acceptable in easily understood language. You may also want to have employees acknowledge that they read and understood the policy through a signed acknowledgement. HR and management personnel should hold meetings with workgroups to answer questions and provide any additional information. This fosters open communication in the workplace and allows employees to be more engaged in proper Internet usage.

In addition to communicating the policy to all concerned, another requirement of an effective Web-use management program is training employees on how to use Web access productively and safely. Whether training is conducted or coordinated by HR or in collaboration with managers and other department personnel, training sessions should cover Internet usage and related subjects. Specifically, employees need to be made aware of what sites they are visiting and what they are clicking on the Web. The purpose of training should be to encourage proper, productive, and safe use of network resources while reinforcing the information in the AUP.

An important requirement of a Web-use management program is to use a reliable software tool that is designed specifically to monitor compliance with Web-use policies and proactively control Web access. The tool should also include a smart reporting engine that distinguishes between user clicks (visits) and unsolicited traffic (hits) and easily presents accurate and up-to-date Web-use data, identifying desirable Web usage as well as unacceptable use and trends. Does your tool include a Smart Engine that analyzes Web traffic to better interpret human behavior? Does it generate easy-to-read, manager-ready reports? Does it give details on employee Web use with drill-down reporting capability? These are key features of a Web monitoring and filtering tool that will benefit IT, HR, and department managers.

Another activity that is necessary is following up with corrective actions when inappropriate Web access is detected. With a policy in place, personnel oriented, the workforce trained, and your Web monitoring and filtering solution actively monitoring and controlling Web use, there are still more activities to do. The tool will inevitably reveal patterns of inappropriate use or disclose signs of outright abuse. These incidents will require attention by HR and management personnel. After identifying the problems, management can take appropriate follow-up actions, such as counseling employees, training or retraining workers, changing work processes, and revising or clarifying the AUP. Managers may also need to institute follow-up audits on individual users and, in worst case, take disciplinary action including termination.

The final element of an effective employee Web-use management program that I will cover involves the establishment of a continuous improvement process by the collaboration team, i.e., HR, IT, department managers, etc. In this process, there would be frequent reviews of employee Web use, new Web services introduced into the network, and new security threats, modifications of work processes, and appropriate revisions of the AUP. All company stakeholders would be involved. What other activities have been effective in your company in managing employee Web use?

Unauthorized Web use can degrade workforce productivity, impact network performance, threaten network security, and create legal liabilities. Any of these outcomes can seriously impact your bottom line. An effective employee Web-use management program is essential to prevent this from happening. If the responsibilities of an effective program are carried out well, misuse and abuse of network resources will be minimized without damaging workforce engagement and morale. Getting accurate, actionable information to all collaborators is a must, and the tool that you are using should be able to provide this information. Next time I will discuss how to get this information with reliable metrics generated by a reporting tool.

Collaboration with others and acquiring the right Web filtering and monitoring solution are critical in IT’s role in managing employee Web use

When it comes to a company’s Internet-connected network, the IT department or person is responsible for not only providing the right access to the Internet to employees, but keeping the company’s network and data secure. In order to do this, IT must invest time in examining the most suitable Web filtering and monitoring solution for the organization and implement it. Besides deploying firewalls, network security equipment, and data loss prevention tools to keep hackers out, IT also needs to keep all company stakeholders informed about the latest tactics being used by hackers to trick employees and compromise security measures put in place. In this article, I will cover why collaboration and input from others as well as the need for research and implementation of the right security equipment are important in managing employee Web use effectively in the organization.

Today, the biggest security threats are not from firewall breaches, but from trusted internal employees who are getting tricked into doing the wrong things, compromising all the well-planned and expensive security measures put in place by IT. To ensure productive and safe Internet access by all employees, actual usage needs to be monitored and controlled. IT needs to implement a reliable Web security tool that can monitor and report on Web use as well as control access to specific Web sites. This type of tool would help identify threats and attacks in the company’s network and also deliver accurate results in Web activity reporting. It would provide data that is easy to consume by all audiences in the company including department managers and HR personnel.

Another important IT task in managing employee Web use is granting the proper authorization to users and groups in the company. In so doing, IT can restrict access to Web sites based on need, to only sites that allow the employee to perform his/her job, or to only data associated with managers’ authorized users. With the right tool implemented, IT can also send easy-to-read reports directly to managers by manual distribution via e-mail or automatic distribution via scheduling. To make their job even easier, if the Web security tool includes a reporting-only access portal, IT, by only controlling portal access privileges, can grant self-service access to managers and HR, allowing them to run their own reports on their authorized groups without needing assistance.

As part of their role in employee Web-use management, IT must collaborate with all company stakeholders, i.e., senior managers, Legal, HR, and department managers. When IT is looking for an appropriate tool for these collaborators to use, it is important that the tool includes a Smart Engine that analyzes Web-use data in order to better interpret human behavior. The generated information can then be easily consumed by all including nontechnical personnel. IT would not need to massage or manipulate the data or be burdened by having to answer a lot of questions. The generated information would be best presented in easy-to-read, manager-ready, drill-down reports that give more detail on employees’ Web traffic. As part of this collaboration, IT should share pertinent information with HR and management when the Web filtering and monitoring product reveals patterns of inappropriate use. In this way, HR and management can determine the appropriate action to be taken.

Cyber attacks are growing in prominence every day targeting small and large businesses. On average, more than 4,000 ransomware attacks have occurred daily since 2016. 1 in 131 e-mails contains malware. As the number of malware types and variants continues to grow and evolve to bypass your antivirus program and other levels of protection, it is necessary for your IT team to keep well-informed of the latest hacker exploits and attacks, and put in place a secure Web filtering and monitoring solution to detect and block malware and other online threats.

An IT administrator that is on top of how network criminals operate and their latest techniques needs to communicate with HR to adequately protect the network from intrusion. Prompt communication of hackers’ latest tactics that focus on exploiting employees will help HR formulate a proper training and informational program on how to identify and avoid these types of exploits. IT can help HR flush out what they need to be training employees on, i.e., what to do and what not to do on the Internet. This type of training will hopefully help reduce the likelihood that an employee will open a suspicious e-mail or click unsolicited attachments in an e-mail if opened, and help to better ideed or unknown sites. Are your employees being provided with this training

IT plays a fundamental role in the proper management of employee Web use. Every year, hackers come up with new ways to trick users into giving up sensitive data, revealing credentials to their accounts, or clicking links to malicious Web sites. It is imperative that IT take the time to thoroughly research and implement the right Web filtering and monitoring tool to protect employees and the company’s network. It is also critical that this tool includes a Smart Engine to analyze the technical data and provide the necessary information on human activity. IT also needs to communicate the latest hacker tricks and traps to all stakeholders in the company, including HR and management, so that the workforce can be properly trained. Collaboration, communication, and training are essential to an effective employee Web-use management program. In the next articles, we will delve into the requirements of an effective employee Web-use management program, the importance of creating a well-designed Acceptable Use Policy, and other topics related to employee Web-use management.

Please let me know your thoughts on and reactions to this article and my questions by adding a comment. What challenges does your IT department or person face in managing employee Internet use effectively? Is IT communicating security vulnerabilities and exploits to your HR personnel, managers, and other company stakeholders?

HR is best suited to bring all company stakeholders together to ensure safe and productive Internet access

employee Web-use management

My discussion here is about the suitability of HR being the hub for employee Web-use management where all company stakeholders are brought together to ensure safe and productive Internet use by all employees. For one, HR’s expertise typically includes personnel policy, codes of conduct, labor relations, workforce training, legal compliance issues, and workforce morale, all of which relate to the employee Web-use management issue. Because of their expertise in policy, training, and processes, HR is in the best position to coordinate the tasks of proposing and developing solutions to ensure that employee Web use is properly managed. After all, Web-use management is not just an IT issue. It is all about employee behavior, productivity, and morale. What Internet-use people issues are you seeing in your company? How are you solving them?

Communication is key in HR’s collaboration with managers, IT, and employees in the company. Starting at the top of the company, HR can educate senior managers on the importance of employee Web-use management, get their input, and keep them involved. By collaborating with IT whose access to highly accurate Web-use reporting and filtering tools can produce easy-to-consume Web activity data, HR can keep upper management apprised of pertinent employee Web behavior. This allows HR to contribute to the organization’s profitability and help keep the company out of severe legal difficulty–important business objectives for senior managers.

As the focal point in the employee Web-use management effort, HR can also schedule Web-use training programs for managers and employees, coordinating with Legal, IT, or department managers who observe a need or have the specific knowledge to train the workforce. Training could include instruction on the proper use of network resources, how to recognize a phishing e-mail message, how to detect malware symptoms, how to recognize and report other online threats, and other Web-use topics. Essentially, training would teach employees how to use Web access productively and safely. In this way, all areas of the company play an important role in proper network resources and policy training that would have a significant impact on corporate Web security. Are these types of training programs taking place in your company?

Another HR task would be to communicate the company’s Acceptable Use Policy (AUP) to the workforce by providing it in writing or electronically, requiring a signature to indicate acceptance of the policy. If you do not have a policy, HR, in collaboration with IT, Legal, and senior managers, would be well-suited to establish a sound AUP consistent with your company’s culture. Once the policy is created, HR can work with functional managers and IT to ensure optimum implementation of the policy. As Web activity is analyzed over time, HR can revise the policy as necessary. Managers and HR would work together to ensure employees are complying with the Web-use policy. Along with managers, HR would be involved in specific cases of policy noncompliance.

In communicating the policy to the workforce, HR would focus on promoting the interest of the company as a whole, while helping to maintain or improve employee morale. Managing employees’ use of Web-access resources is a sensitive and complex task, one that involves communicating with all groups–senior managers, managers, IT, and employees–and deals with policy, training, and continuous improvement processes. With HR as the hub, the continuous improvement process would involve the frequent review of employee Web use, new Web services introduced into the network, and new security threats, as well as modification of work processes and appropriate revision of the AUP.

All areas of the company can help manage employee Web use effectively. In the next articles, we will examine more closely IT’s role in employee Web-use management, the requirements of an effective Web-use management program, developing a sound AUP consistent with corporate culture, and other topics related to the human factor of data security.

Please let me know your thoughts on and reactions to this article and my questions by adding a comment. If HR is leading the Web-use management efforts in your business, in what other ways are they collaborating with others in the company?

Managing employee Web use is a collaborative effort involving managers, HR, IT, and employees.

 

There is no doubt that the Internet is an integral tool in today’s corporate world. It is central to business processes with more and more employees utilizing this important corporate resource daily. Most likely, your workplace has seen a significant increase in Internet use or Web use, contributing to the agility, efficiency, innovativeness, and success of the business. However, many issues can arise with employee Web use if it is not properly managed. I strongly believe that employee Web use involves human behavior in the workplace, and the proper management of it is a collaborative effort involving managers, HR, IT, and employees. In this article, I will discuss the issues affecting companies today concerning employee Web use, and with each article thereafter, we will delve a little deeper into the solutions.

The first issue is that with employees spending a large portion of the workday on the Internet, for both personal and work-related purposes, businesses have reason to be concerned about the security of their corporate network. Employees can be subject to phishing scams, end up on malicious Web sites, and unknowingly download infected files, jeopardizing the security of their system and the company’s network. Are your employees security aware? Do they know how to recognize online threats and how to report them?

Another issue is that with the tremendous increase in surfing the Web at work–between one and three hours a day on personal business–employees can waste considerable work time. Wasted time represents a reduction in workforce productivity and efficiency and consequently, unnecessary cost. Additionally, employees can waste time on legitimate but unproductive Web site visits. This waste can stem from flawed business strategy, poorly designed processes, or misguided supervisory direction. Do your managers have the accurate information they need on their employees’ Web activity?

Employers also have concerns about where their employees are going on the Internet. Unfortunately, one of the most serious forms of Web-access abuse involves the downloading and displaying of pornography. This is a huge issue from the standpoint of workplace liability, where the legal liability primarily takes the form of a sexual harassment lawsuit filed by an employee who has inadvertently or deliberately been exposed to pornographic images downloaded by another employee.

If you are allowing your employees to access the Internet, you must have an Acceptable Use Policy (AUP) that spells out what type of Web activity is acceptable, what type is not acceptable, and the consequences of engaging in the latter. The AUP should reflect the corporate culture. If you don’t have one, who should create this policy and ensure that employees adhere to it? If you do have a policy in place, do your employees know the policy and how to use Internet access properly?

For all of these people-oriented Web-use issues, clearly HR personnel are the professionals best equipped to take the lead in developing and implementing employee Web-use management efforts, collaborating as required with IT, and along with managers, training employees on the use of network resources. IT can deploy firewalls and network security equipment, but is not equipped or trained to deal with the larger issue of keeping your trusted workforce from compromising the security measures in place.

Managing your employees’ use of the Web is all about employee behavior, productivity, and morale, and the resolution of the above issues involves matters of policy, training, and compliance. In the next articles, we will explore HR’s role in the collaboration effort, IT’s role, the requirements of an effective Web-use management program, and other topics related to keeping your employees and network safe.

Please let me know your thoughts on and reactions to this article and my questions by adding a comment. Who is leading the people-oriented Web-use management efforts in your business? Is it a collaborative effort with multiple departments or just an IT-focused task?