HR is best suited to bring all company stakeholders together to ensure safe and productive Internet access

Monday, April 9th, 2018

employee Web-use management

My discussion here is about the suitability of HR being the hub for employee Web-use management where all company stakeholders are brought together to ensure safe and productive Internet use by all employees. For one, HR’s expertise typically includes personnel policy, codes of conduct, labor relations, workforce training, legal compliance issues, and workforce morale, all of which relate to the employee Web-use management issue. Because of their expertise in policy, training, and processes, HR is in the best position to coordinate the tasks of proposing and developing solutions to ensure that employee Web use is properly managed. After all, Web-use management is not just an IT issue. It is all about employee behavior, productivity, and morale. What Internet-use people issues are you seeing in your company? How are you solving them?

Communication is key in HR’s collaboration with managers, IT, and employees in the company. Starting at the top of the company, HR can educate senior managers on the importance of employee Web-use management, get their input, and keep them involved. By collaborating with IT whose access to highly accurate Web-use reporting and filtering tools can produce easy-to-consume Web activity data, HR can keep upper management apprised of pertinent employee Web behavior. This allows HR to contribute to the organization’s profitability and help keep the company out of severe legal difficulty–important business objectives for senior managers.

As the focal point in the employee Web-use management effort, HR can also schedule Web-use training programs for managers and employees, coordinating with Legal, IT, or department managers who observe a need or have the specific knowledge to train the workforce. Training could include instruction on the proper use of network resources, how to recognize a phishing e-mail message, how to detect malware symptoms, how to recognize and report other online threats, and other Web-use topics. Essentially, training would teach employees how to use Web access productively and safely. In this way, all areas of the company play an important role in proper network resources and policy training that would have a significant impact on corporate Web security. Are these types of training programs taking place in your company?

 

Another HR task would be to communicate the company’s Acceptable Use Policy (AUP) to the workforce by providing it in writing or electronically, requiring a signature to indicate acceptance of the policy. If you do not have a policy, HR, in collaboration with IT, Legal, and senior managers, would be well-suited to establish a sound AUP consistent with your company’s culture. Once the policy is created, HR can work with functional managers and IT to ensure optimum implementation of the policy. As Web activity is analyzed over time, HR can revise the policy as necessary. Managers and HR would work together to ensure employees are complying with the Web-use policy. Along with managers, HR would be involved in specific cases of policy noncompliance.

In communicating the policy to the workforce, HR would focus on promoting the interest of the company as a whole, while helping to maintain or improve employee morale. Managing employees’ use of Web-access resources is a sensitive and complex task, one that involves communicating with all groups–senior managers, managers, IT, and employees–and deals with policy, training, and continuous improvement processes. With HR as the hub, the continuous improvement process would involve the frequent review of employee Web use, new Web services introduced into the network, and new security threats, as well as modification of work processes and appropriate revision of the AUP.

All areas of the company can help manage employee Web use effectively. In the next articles, we will examine more closely IT’s role in employee Web-use management, the requirements of an effective Web-use management program, developing a sound AUP consistent with corporate culture, and other topics related to the human factor of data security.

Please let me know your thoughts on and reactions to this article and my questions by adding a comment. If HR is leading the Web-use management efforts in your business, in what other ways are they collaborating with others in the company?

Follow me on LinkedIn or read more articles on Web-use management on the Wavecrest blog: WaveNews.

Managing employee Web use is a collaborative effort involving managers, HR, IT, and employees.

Thursday, March 22nd, 2018

 

There is no doubt that the Internet is an integral tool in today’s corporate world. It is central to business processes with more and more employees utilizing this important corporate resource daily. Most likely, your workplace has seen a significant increase in Internet use or Web use, contributing to the agility, efficiency, innovativeness, and success of the business. However, many issues can arise with employee Web use if it is not properly managed. I strongly believe that employee Web use involves human behavior in the workplace, and the proper management of it is a collaborative effort involving managers, HR, IT, and employees. In this article, I will discuss the issues affecting companies today concerning employee Web use, and with each article thereafter, we will delve a little deeper into the solutions.

The first issue is that with employees spending a large portion of the workday on the Internet, for both personal and work-related purposes, businesses have reason to be concerned about the security of their corporate network. Employees can be subject to phishing scams, end up on malicious Web sites, and unknowingly download infected files, jeopardizing the security of their system and the company’s network. Are your employees security aware? Do they know how to recognize online threats and how to report them?

Another issue is that with the tremendous increase in surfing the Web at work–between one and three hours a day on personal business–employees can waste considerable work time. Wasted time represents a reduction in workforce productivity and efficiency and consequently, unnecessary cost. Additionally, employees can waste time on legitimate but unproductive Web site visits. This waste can stem from flawed business strategy, poorly designed processes, or misguided supervisory direction. Do your managers have the accurate information they need on their employees’ Web activity?

Employers also have concerns about where their employees are going on the Internet. Unfortunately, one of the most serious forms of Web-access abuse involves the downloading and displaying of pornography. This is a huge issue from the standpoint of workplace liability, where the legal liability primarily takes the form of a sexual harassment lawsuit filed by an employee who has inadvertently or deliberately been exposed to pornographic images downloaded by another employee.

If you are allowing your employees to access the Internet, you must have an Acceptable Use Policy (AUP) that spells out what type of Web activity is acceptable, what type is not acceptable, and the consequences of engaging in the latter. The AUP should reflect the corporate culture. If you don’t have one, who should create this policy and ensure that employees adhere to it? If you do have a policy in place, do your employees know the policy and how to use Internet access properly?

For all of these people-oriented Web-use issues, clearly HR personnel are the professionals best equipped to take the lead in developing and implementing employee Web-use management efforts, collaborating as required with IT, and along with managers, training employees on the use of network resources. IT can deploy firewalls and network security equipment, but is not equipped or trained to deal with the larger issue of keeping your trusted workforce from compromising the security measures in place.

Managing your employees’ use of the Web is all about employee behavior, productivity, and morale, and the resolution of the above issues involves matters of policy, training, and compliance. In the next articles, we will explore HR’s role in the collaboration effort, IT’s role, the requirements of an effective Web-use management program, and other topics related to keeping your employees and network safe.

Please let me know your thoughts on and reactions to this article and my questions by adding a comment. Who is leading the people-oriented Web-use management efforts in your business? Is it a collaborative effort with multiple departments or just an IT-focused task?

Is your business’ human operating system secure?

Wednesday, August 2nd, 2017

Everyone is worried about operating systems, whether it is network operations, business operations, or a desktop operating system. The functionality of these intricate parts of your business are critical. But have you thought about your employees and how they operate? Today, your human operating system needs to be more than just making sure your employees are doing their job. Human vulnerabilities are a primary target for cyber criminals. Your human operating system, or the human factor, needs to be manageable and efficient, with tools in place that proactively support an open, yet secure, digital work environment.

Insider threats can be found at the top of headlines almost every day. Listen carefully to what each event tells you. It can happen to you, no matter how big or how small your business is. You don’t have to be a government organization to be susceptible to an insider threat. Insider threats can be a malicious employee who may be upset at the company, a good employee who just makes a mistake, or a targeted employee who unknowingly allows a malicious user into the network or access to proprietary data. Whatever the cause, there has to be tools in place to combat these human factor Web-use risks.

The human factor in business Web use is complicated in many ways. Hackers target natural human vulnerabilities and mistakes happen, employees can be sensitive to being singled out or afraid to admit the mistake, and fully blocking all access in today’s digital work world will likely just limit productivity and upset employees. The key? Visibility into the human factor. See how and when your employees use their Internet access. With that visibility into Web-use detail, you can then manage the usage to fit your unique business needs and gain a comprehensive, proactive way to secure and protect your business.

Securing and managing your enterprise’s human operating system in a proactive and efficient manner will help reduce cyber risks, such as phishing, malware intrusions, ransomware, data loss, employee misuse, legal liabilities, bandwidth hogs, shadow IT, and more. Find a solution that fits your business and your budget. Make sure it is flexible, easy to use, and easy to manage, allowing you to secure and shape employee Web-use–on your terms.

About Wavecrest

Wavecrest has over 20 years of proven history of providing reliable, accurate Web-use management and Advanced Log File Analyzer products across various industries. Managed Service Providers, IT specialists, HR professionals, Forensics Investigators, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage the human factor in business Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Trusted by large government and commercial organizations such as US-CERT Homeland Security, U.S. Department of Justice, USPS Office of Inspector General, National Grid, Johns Hopkins, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.