Requirements of an effective employee Web-use management program

Thursday, June 14th, 2018

Because managing employee Web use deals with humans and their actions, it is a continuous process for all sizes and types of businesses, where the goal is to ensure employees use Web access safely for productive, work-related purposes. To attain a high level of success, I believe that this process requires a Web-use management program be put in place that involves many key players in the organization, communication of the company’s Web-use policy, implementation of a reliable tool to monitor and control Web use, and other important activities. In this article, I will discuss the requirements of an effective employee Web-use management program and the activities involved that will bring about safe and productive Internet use by the workforce.

The key ingredient in an effective program is collaboration and communication among the various groups in the company, i.e., senior management, Legal department, IT personnel, HR personnel, department managers and supervisors, and employees. Communication would include IT keeping company stakeholders informed about current hacker threats, as well as HR apprising senior management of pertinent employee Web-use behavior. Collaboration would occur among HR, IT, and department managers in training the workforce. Collaboration would also take place between IT and department heads to select the appropriate Web monitoring and filtering tool.

If you don’t have one already, another necessity of a Web-use management program is to develop a sound Acceptable Use Policy (AUP) consistent with corporate culture. The AUP should describe acceptable and unacceptable Web-use behavior, i.e., company rules for what constitutes desirable, acceptable, unacceptable, and abusive use of the Internet and other network resources. The policy should also clearly state how compliance will be monitored and what the consequences will be to employees abusing the use of network resources. Does your company have an AUP in place that spells out the rules to your employees?

To ensure adherence to the Web-use policy, it should be clearly communicated to the entire workforce, including management, informing them of what is and what is not acceptable in easily understood language. You may also want to have employees acknowledge that they read and understood the policy through a signed acknowledgement. HR and management personnel should hold meetings with workgroups to answer questions and provide any additional information. This fosters open communication in the workplace and allows employees to be more engaged in proper Internet usage.

In addition to communicating the policy to all concerned, another requirement of an effective Web-use management program is training employees on how to use Web access productively and safely. Whether training is conducted or coordinated by HR or in collaboration with managers and other department personnel, training sessions should cover Internet usage and related subjects. Specifically, employees need to be made aware of what sites they are visiting and what they are clicking on the Web. The purpose of training should be to encourage proper, productive, and safe use of network resources while reinforcing the information in the AUP.

An important requirement of a Web-use management program is to use a reliable software tool that is designed specifically to monitor compliance with Web-use policies and proactively control Web access. The tool should also include a smart reporting engine that distinguishes between user clicks (visits) and unsolicited traffic (hits) and easily presents accurate and up-to-date Web-use data, identifying desirable Web usage as well as unacceptable use and trends. Does your tool include a Smart Engine that analyzes Web traffic to better interpret human behavior? Does it generate easy-to-read, manager-ready reports? Does it give details on employee Web use with drill-down reporting capability? These are key features of a Web monitoring and filtering tool that will benefit IT, HR, and department managers.

Another activity that is necessary is following up with corrective actions when inappropriate Web access is detected. With a policy in place, personnel oriented, the workforce trained, and your Web monitoring and filtering solution actively monitoring and controlling Web use, there are still more activities to do. The tool will inevitably reveal patterns of inappropriate use or disclose signs of outright abuse. These incidents will require attention by HR and management personnel. After identifying the problems, management can take appropriate follow-up actions, such as counseling employees, training or retraining workers, changing work processes, and revising or clarifying the AUP. Managers may also need to institute follow-up audits on individual users and, in worst case, take disciplinary action including termination.

The final element of an effective employee Web-use management program that I will cover involves the establishment of a continuous improvement process by the collaboration team, i.e., HR, IT, department managers, etc. In this process, there would be frequent reviews of employee Web use, new Web services introduced into the network, and new security threats, modifications of work processes, and appropriate revisions of the AUP. All company stakeholders would be involved. What other activities have been effective in your company in managing employee Web use?

Unauthorized Web use can degrade workforce productivity, impact network performance, threaten network security, and create legal liabilities. Any of these outcomes can seriously impact your bottom line. An effective employee Web-use management program is essential to prevent this from happening. If the responsibilities of an effective program are carried out well, misuse and abuse of network resources will be minimized without damaging workforce engagement and morale. Getting accurate, actionable information to all collaborators is a must, and the tool that you are using should be able to provide this information. Next time I will discuss how to get this information with reliable metrics generated by a reporting tool.

Read more of my articles on Web-use management on LinkedIn and the Wavecrest blog: WaveNews.

CyBlock® and ConnectWise® – Integration for MSPs

Monday, August 1st, 2016

1-3-Increase-Revenue

Wavecrest Computing is excited to announce a new feature for its Managed Service Provider (MSP) offerings, CyBlock Cloud’s integration with ConnectWise!

The CyBlock integration is built to provide comprehensive Web-use security and analytics along with the time-saving management of the leading ConnectWise Professional Services Automation (PSA) platform. With only one click between ConnectWise and the CyBlock Cloud MSP Partner Portal, MSPs can now automatically populate new client information in the ConnectWise interface, track and manage CyBlock Cloud licenses, proactively pursue timely renewals, and more. This integration is focused on saving time and improving efficiencies, allowing for increased new and recurring revenue, customer satisfaction, and crucial time to focus on mission-critical issues.

CyBlock Cloud for MSPs is a leading Web-use security, analytics, and reporting solution that will fit any MSP client business size or industry type and requires no hardware or software to buy and install, and no maintenance. Monitor, filter, and analyze data to help protect customers from Web-borne threats, such as malware, ransomware, and phishing attacks, while providing useful, time-saving tools, for example, automatically distributed, manager-ready reports, alerts when thresholds are reached, and trusted coverage over any distributed workforce.

“Wavecrest has a great managed service partner program that allows MSPs easy access to manage their CyBlock clients’ needs from anywhere, at any time. Now, we are excited to work with ConnectWise to increase the convenience to MSPs even more. MSPs can now manage their CyBlock Cloud clients directly in the ConnectWise user interface, saving time and expense that they can then use to increase revenue and focus on mission-critical issues,” explains Dennis McCabe, co-founder and President of Wavecrest Computing. “We know that time is money. Developing ways to help MSPs find more time and increase revenue while offering a product and service that surpasses expectations makes us proud of what we do, and motivated to do much more.”

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Provider (MSP), IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit http://www.wavecrest.net.

Productivity in a Time of Endless Distractions

Tuesday, May 24th, 2016

time online image

Employees have access to all kinds of digital distractions every minute of the day. So, businesses have to make a decision what is acceptable for Internet use when employees are on the clock. This decision can be hard. There are many who think of privacy issues, not wanting to deter human interaction, or who even have a “my managers watch over their employees so I leave it to them” thought. The only real problem is . . . it’s your business that will suffer if Internet-usage privileges are abused on a regular basis. Bandwidth slowdowns and productivity loss, not to mention increased malware risk, can have a substantial impact on your business. No matter which decision you make for your business, you still need to know what is happening to keep your company, your data, and your employees secure and productive.

You need visibility. If you keep up with our Wavecrest posts, we tend to emphasize this point a lot. Why? Because it is a crucial business tool for today’s digital workplace! You have to know what is happening in your business and on your network so you can make informed business decisions. In this particular case, you need visibility into employees’ time spent online.

Wavecrest Computing’s Time Online feature provides the time that a user spends on the Internet in a useful and informative format with easy-to-interpret charts. Find out which users spend the most time online, spot spikes, and analyze usage for productivity issues or potential bandwidth hogs. Each business is unique and your Internet-use policy should fit your specific business needs. Find the visibility necessary to keep productivity high and mission-critical operations running smoothly, with Cyfin and CyBlock solutions from Wavecrest Computing.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Have even more visibility with Wavecrest’s new comparison feature!

Tuesday, May 24th, 2016

compare-contrastWavecrest is pleased to announce an informative new feature that is now included with the latest versions of CyBlock and Cyfin. Now you can compare Web activity trends in selected date ranges to find anomalies or spikes in usage, compare series activity by metric such as Visits, or view the percentage change in activity from the previous to the current period.

The more visibility you have into your company’s Web activity, the more informed your Web-use decisions are. Each business is unique–you make the decisions on what is acceptable or not! Determine these policies, add them to your enterprise Acceptable Use Policy, and proactively protect your business, your data, and your employees.

reportsDashboardTrendUsersCompare

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit http://www.wavecrest.net.

Potential Victims to Very Smart Thieves

Tuesday, May 24th, 2016

cat paw stealing cookie

Employees need to know what their employers’ philosophy is behind technology. Does my employer want me to use whatever app I choose? Can I just store and share work information where it is most convenient for me? Will my employer listen when I explain how much my cloud app does to improve my workflow? If you as the employer listen, you could save your business from an incident or a serious breach.

It is amazing that the news is filled with data breach, data loss, ransomware, and spear phishing, and yet many businesses still think they are immune from an attack. If you are connected to the Internet, you are a highly susceptible victim. Do not take this to mean that you should not run your business with the highly efficient and collaborative tools that cloud services offer. It just means think and act to protect your enterprise assets and employees.

Let’s first cover where a major number of incidents start. Your enterprise weakness . . . the employee. It doesn’t matter if you have the best employees in the universe, they are human. Hackers perfect the way they attack; that is their job. They have become so good at what they do that good employees send out W-2s, transfer millions to banks in foreign countries, and hand out their logon credentials without question.

Now let’s talk about what you can do to help your employees to not become victims.

  • Educate them; make them a part of the process. Communicate. It is everyone’s fight.
  • Go ahead and make your most techy employee an honorary go-to person for others with questions.
  • Gain visibility with proactive monitoring tools. Trust me–this is not an employee privacy invasion. You need to know what is going on first; then make informed decisions.
  • Make sure there is a process in place for an employee who questions something. Make the process part of your Acceptable Use Policy (AUP).

And then the important basics we all know, but are worth repeating . . .

  • Back up regularly and make sure your recovery process is tried and true. Think ransomware attack recovery, so keep it where you can get to it but others can’t.
  • Patch – There is no longer an option to do updates. Many are for security, so just do it and do it consistently. It’s patch management, not patch whenever.
  • Passwords – Maintain, manage, and get creative. Use a password manager if needed.
  • Off-boarding – Make sure to purge all credentials for ex-employees or contractors. How do you know if they are still there? Monitor!!
  • Layered security – Get a firewall, but don’t expect all-in-one add-ons to be impressive. For example, don’t expect the firewall Web-use reporting feature to provide comprehensive and interactive reporting capability. Invest in the solution that means serious employee Web-use reporting business–no more wishy-washy reports that are useless.

Think and act to protect your enterprise assets and employees. Take some time to communicate with your employees about the exploits that they may fall prey to. It is not their fault; they are not an “insider threat” but a potential victim to very smart thieves.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit http://www.wavecrest.net.

Feeling neglected? Let’s fix that.

Wednesday, May 11th, 2016

article-5-photo

It seems the newly named Forcepoint has finally settled into the company they planned since the Raytheon acquisition of Websense. As a Websense customer before the acquisition, are you feeling a bit neglected now? In this new corporate culture, are you finding it difficult to get a hold of technical support or that customer service is not there when you need them? Could it be that their focus is more on the larger Raytheon cyber security customer base than on their Websense customers? Whichever the case, your business is the one that suffers. Stop spending your precious time on working through multiple levels of bureaucracy to get what you need.

Wavecrest has comprehensive, agile, and reliable solutions for your employee Web-use security and analytics needs, ranging from software and hardware deployments to cloud and hybrid deployments. No matter your business size, industry, or distributed workforce, Wavecrest has a solution for you.

Retaining a positive SMB mentality, the Wavecrest team believes strongly in one-on-one communication with prospects, customers, and partners. When you reach out to us, we have a human being on the other end of the line that knows the product well, communicates well, and will take the extra step to get your enterprise and employees secure. You don’t have to go through automated calls, ticketing, or several levels of technical support to reach the person with the knowledge you need.

Leave the government contractor-level pricing, contractual terms, and confusion behind. Don’t remain just a ticket number. Let Wavecrest focus on your business and your specific requirements. Talk to us today.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit http://www.wavecrest.net.

Your Employees and Their 917 Different Cloud Apps. Are You a Sitting Duck?

Tuesday, May 3rd, 2016

targeted duckEvery day someone in your company is using a cloud app. Actually, it is probably more like every minute. Let’s not go into the personal versus work devices on the company network, or whether it is Facebook or Dropbox they are using. Those details don’t really tend to matter when the access allowed is for your own business to decide. It is about the sheer number of cloud services and apps in use in the enterprise today, the visibility in knowing what they are, and the many employees who are left out of the conversation.

We hear managers talk about how it can’t happen to them. They have the best employees, and the discussion is unnecessary. It is already understood–they would NEVER do that! Or our favorite–big brother–the need to let your employees know you really trust them and respect their privacy by allowing them to do what they think they need to do on their own. But that’s not going to protect your business when malware hits or a breach happens . . . and the chances of these happening to you are growing exponentially every day, especially when you are not communicating security issues with your employees.

With all the headlines being about Shadow IT, malware, data loss, intrusions, and ransomware, you would think it would be a common workplace discussion. But based on some recent surveys, companies aren’t saying much internally.

Some numbers that may surprise you. What percentage of employees:

  • Have not been told the right way to download/use cloud applications: almost 60%
  • Have not been told risks of downloading cloud apps without IT’s knowledge: just under 40%
  • Have not been told how to transfer and store corporate data securely: over 40% !!!!

To keep things in perspective–studies are showing that on average, enterprises have 917 different cloud apps in use!

This is not a respect for privacy issue. It’s a security issue, for your business and for your employees! Keeping them in the dark does not show them respect or protect them, it makes them victims before anything even happens.

As technology gets stronger, we as individuals have more decisions on what we use to make our lives, including work, more efficient. But if you do not educate and communicate regularly about cyber threats with your employees, have real visibility into their Web usage, or have a clear, agile Acceptable Use Policy (AUP), you are basically a sitting duck.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit http://www.wavecrest.net.

 

*Stats based on surveys from Softchoice and Netskope.

20 Years Young and Excited About the Next 20!

Tuesday, February 16th, 2016

120223_20bd_jubilej

We are proud to announce that Wavecrest Computing has reached a pretty big milestone…its 20th anniversary! It has been a path we have happily taken with innovative products and a dedicated staff, many of which have been with us since the beginning. We would also like to thank you…our customers, partners, and followers for sharing this journey and challenging us to be constantly reaching for the stars…or the cloud, as the case may be! Here is to an exciting next 20 years where we will remain “at your side” securing your growing, distributed, and agile workforce.

Since 1996, Wavecrest Computing has been a global leader in employee Web-access security and Web-use monitoring and analytics solutions, with scalable filtering and reporting analysis, forensic data tools, and products designed to enable organizations with today’s distributed workforce to successfully address cyber threats. Wavecrest’s CyBlock and Cyfin solutions are built with today’s unique business in mind, offering comprehensive cloud services management and visibility into Shadow IT and insider threats, as well addressing legal liability, workforce productivity, and Web security threats such as malware and phishing attempts. We offer multiple deployments that include Cloud Access Security Broker (CASB), Cloud, Hybrid, Software, and Hardware deployments that fit any business type or size. Wavecrest Computing is headquartered in Melbourne, Florida and is a longstanding GSA contract holder.

For more information on the company, products, and partners, visit https://www.wavecrest.net or follow us on LinkedIn, Facebook, and Twitter.

MSP: Manage Client Bandwidth and Cloud Services

Tuesday, January 19th, 2016

Are unsanctioned cloud services using up all of your clients’ bandwidth? As a managed service provider (MSP) today, knowing your client’s cloud services usage is crucial. Cloud services can range from acceptable collaboration tools to unsanctioned personal usage apps that waste critical bandwidth. Most businesses run cloud services to be able to communicate & collaborate more efficiently. Employees, though, tend to find apps that suit their needs best, even when unsanctioned. Help your clients by finding & managing their bandwidth and cloud services with Wavecrest’s CyBlock.