When it comes to a company’s Internet-connected network, the IT department or person is responsible for not only providing the right access to the Internet to employees, but keeping the company’s network and data secure. In order to do this, IT must invest time in examining the most suitable Web filtering and monitoring solution for the organization and implement it. Besides deploying firewalls, network security equipment, and data loss prevention tools to keep hackers out, IT also needs to keep all company stakeholders informed about the latest tactics being used by hackers to trick employees and compromise security measures put in place. In this article, I will cover why collaboration and input from others as well as the need for research and implementation of the right security equipment are important in managing employee Web use effectively in the organization.
Today, the biggest security threats are not from firewall breaches, but from trusted internal employees who are getting tricked into doing the wrong things, compromising all the well-planned and expensive security measures put in place by IT. To ensure productive and safe Internet access by all employees, actual usage needs to be monitored and controlled. IT needs to implement a reliable Web security tool that can monitor and report on Web use as well as control access to specific Web sites. This type of tool would help identify threats and attacks in the company’s network and also deliver accurate results in Web activity reporting. It would provide data that is easy to consume by all audiences in the company including department managers and HR personnel.
Another important IT task in managing employee Web use is granting the proper authorization to users and groups in the company. In so doing, IT can restrict access to Web sites based on need, to only sites that allow the employee to perform his/her job, or to only data associated with managers’ authorized users. With the right tool implemented, IT can also send easy-to-read reports directly to managers by manual distribution via e-mail or automatic distribution via scheduling. To make their job even easier, if the Web security tool includes a reporting-only access portal, IT, by only controlling portal access privileges, can grant self-service access to managers and HR, allowing them to run their own reports on their authorized groups without needing assistance.
As part of their role in employee Web-use management, IT must collaborate with all company stakeholders, i.e., senior managers, Legal, HR, and department managers. When IT is looking for an appropriate tool for these collaborators to use, it is important that the tool includes a Smart Engine that analyzes Web-use data in order to better interpret human behavior. The generated information can then be easily consumed by all including nontechnical personnel. IT would not need to massage or manipulate the data or be burdened by having to answer a lot of questions. The generated information would be best presented in easy-to-read, manager-ready, drill-down reports that give more detail on employees’ Web traffic. As part of this collaboration, IT should share pertinent information with HR and management when the Web filtering and monitoring product reveals patterns of inappropriate use. In this way, HR and management can determine the appropriate action to be taken.
Cyber attacks are growing in prominence every day targeting small and large businesses. On average, more than 4,000 ransomware attacks have occurred daily since 2016. 1 in 131 e-mails contains malware. As the number of malware types and variants continues to grow and evolve to bypass your antivirus program and other levels of protection, it is necessary for your IT team to keep well-informed of the latest hacker exploits and attacks, and put in place a secure Web filtering and monitoring solution to detect and block malware and other online threats.
An IT administrator that is on top of how network criminals operate and their latest techniques needs to communicate with HR to adequately protect the network from intrusion. Prompt communication of hackers’ latest tactics that focus on exploiting employees will help HR formulate a proper training and informational program on how to identify and avoid these types of exploits. IT can help HR flush out what they need to be training employees on, i.e., what to do and what not to do on the Internet. This type of training will hopefully help reduce the likelihood that an employee will open a suspicious e-mail or click unsolicited attachments in an e-mail if opened, and help to better ideed or unknown sites. Are your employees being provided with this training
IT plays a fundamental role in the proper management of employee Web use. Every year, hackers come up with new ways to trick users into giving up sensitive data, revealing credentials to their accounts, or clicking links to malicious Web sites. It is imperative that IT take the time to thoroughly research and implement the right Web filtering and monitoring tool to protect employees and the company’s network. It is also critical that this tool includes a Smart Engine to analyze the technical data and provide the necessary information on human activity. IT also needs to communicate the latest hacker tricks and traps to all stakeholders in the company, including HR and management, so that the workforce can be properly trained. Collaboration, communication, and training are essential to an effective employee Web-use management program. In the next articles, we will delve into the requirements of an effective employee Web-use management program, the importance of creating a well-designed Acceptable Use Policy, and other topics related to employee Web-use management.
Please let me know your thoughts on and reactions to this article and my questions by adding a comment. What challenges does your IT department or person face in managing employee Internet use effectively? Is IT communicating security vulnerabilities and exploits to your HR personnel, managers, and other company stakeholders?