Tag Archives: policy

Monitoring Employee AI Usage: Reporting for AI Policy Compliance

Generative AI tools like ChatGPT, Copilot, Gemini, and Grok are now part of daily work. That creates a governance gap. HR and management set the AI policy, but without a clear view of how AI tools are actually being used, there is no reliable way to know whether that policy is being followed. Cyfin by Wavecrest Computing gives HR and management that visibility from your existing firewall logs, with no software installed on employee devices.

Why employee AI usage needs oversight

Most organizations have written an AI acceptable use policy, or are about to. The harder part is enforcement. A policy you cannot measure is just a document. Common questions HR and management want answered include:

  • Which AI tools are employees actually using, and are any of them outside policy?
  • Is AI being used for personal tasks during work hours?
  • Which departments rely on AI most, and where might training help?
  • Are usage patterns creating risk that should be reviewed?

Without visibility into real usage, these stay guesses. Cyfin turns them into reportable facts.

What Cyfin shows you about employee AI use

Cyfin reads your existing firewall logs and produces noise-free, human-only reports focused on employee-initiated activity. For AI specifically, every Cyfin customer can see:

  • Which AI tools are being used, identified by name through Cyfin’s Artificial Intelligence category
  • Who is using them, across the organization by user and department
  • How often each tool is used and how long sessions last
  • Historical trends, so you can see whether usage is rising and where

This is usage reporting that HR and management can read and act on independently, without asking IT to interpret raw log data.

Can Cyfin see what employees type into AI tools?

It depends on your firewall. Cyfin’s standard reporting shows which AI tools employees use, how often, and for how long, but not the text they enter. Seeing what an employee actually submitted to an AI tool requires two things: a firewall that exposes AI-specific log fields, such as Palo Alto Networks with its AI visibility add-on, and SSL inspection enabled on that traffic. Where your firewall supports it, Cyfin can surface that deeper detail. Where it does not, you still get complete usage visibility.

Being straight about this matters. Usage-level reporting is what every customer gets and is enough to enforce most AI policies. Content-level visibility is an advanced capability that depends on your infrastructure.

How this helps HR and management

Cyfin is built for HR and management to run their own reviews:

  • Enforce your AI policy. Compare actual usage against your acceptable use guidelines and follow up where needed.
  • Support workplace investigations. Produce clear, dated records of AI tool use for a specific user or department.
  • Target training. See which teams lean on AI and where guidance would help them use it well.
  • Keep audit-ready records. Independent, readable reports that support policy decisions and reviews.

Because the reports filter out non-human background traffic, what you see reflects employee-initiated activity, not automated noise.

Works with the firewall you already have

Cyfin is agentless. There is nothing to install on employee devices, because it works from the log data your firewall already produces. It supports the major firewalls in use today, including Palo Alto Networks, Cisco, Fortinet, Check Point, and SonicWall, so it extends the investment you have already made rather than adding another endpoint tool to manage.

Get a clear view of AI use in your organization

You cannot enforce an AI policy you cannot measure. Cyfin gives HR and management the usage visibility to do it, from your existing firewall, without agents.

Learn more on our employee AI usage page, or request a sample AI usage report to see the format before you commit.


Cyfin by Wavecrest Computing has been purpose-built for employee web use reporting and investigations since 1996. Its noise-filtering engine turns raw firewall log data into clear, human-only reports that HR and management can read, understand, and act on independently. https://www.wavecrest.net • 321-953-5351

Wavecrest Computing Releases Cyfin VPN Usage Reporting

Wavecrest Computing proudly announces the release of Cyfin’s new feature, VPN Usage Reporting. Cyfin is a leading employee Web-use analysis and reporting solution for a wide variety of gateway devices and log file formats.

Wavecrest, a global leader in employee Web-use management, monitoring, and analytics solutions, today announced the release of Cyfin’s newest feature, Virtual Private Network (VPN) Usage Reporting. VPN usage reporting supports today’s increased need to monitor remote employee Web-use while reducing the concern of extending enforcement of Acceptable Use Policies (AUP), managing productivity, and monitoring time online.

The new VPN usage feature adds the capabilities of monitoring the number of active sessions throughout the day, seeing when most people connect and disconnect, determining who has not connected recently, visibility into and responding to unexpected disconnections and excessive invalid login attempts or failures to connect, and more.

“Right now many businesses are in the state of flux, and may remain that way for some time,” notes Dennis McCabe, CEO of Wavecrest. “The remote and distributed workforce has always been part of Wavecrest’s focus, especially with our CyBlock product lines. Now, with VPN usage being an integral part of today’s business environment, we are excited to increase Cyfin’s features to satisfy even more of what customers look for when supporting their workforce. We know that continuing to advance our products allows businesses more freedom and flexibility to operate with any workforce distribution that they require, without having to worry about losing key visibility.”

Comprehensive yet easy to use, Cyfin’s customizable reporting capabilities supply audience-specific Web-use information with reliable metrics, easy-to-read reporting dashboards, manager-ready detailed audit reports, VPN usage reporting, IP segmenting, and more.

For more information, visit https://www.wavecrest.net.

About Us
With over 20 years of proven history Wavecrest provides reliable, accurate Web-use management, filtering, reporting, and analytics products worldwide across every industry. Managers, C-Suite, IT, HR, MSPs, Auditors, and more trust Wavecrest’s Cyfin and CyBlock products to easily decipher and manage real employee Web activity, gain visibility into the distributed workforce, reduce liability risks, improve productivity, save bandwidth, and control costs. Trusted by large government and commercial organizations such as US-CERT Homeland Security, U.S. Department of Justice, USPS Office of Inspector General, National Grid, Johns Hopkins, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit Wavecrest at www.wavecrest.net.

Requirements of an effective employee Web-use management program

Because managing employee Web use deals with humans and their actions, it is a continuous process for all sizes and types of businesses, where the goal is to ensure employees use Web access safely for productive, work-related purposes. To attain a high level of success, I believe that this process requires a Web-use management program be put in place that involves many key players in the organization, communication of the company’s Web-use policy, implementation of a reliable tool to monitor and control Web use, and other important activities. In this article, I will discuss the requirements of an effective employee Web-use management program and the activities involved that will bring about safe and productive Internet use by the workforce.

The key ingredient in an effective program is collaboration and communication among the various groups in the company, i.e., senior management, Legal department, IT personnel, HR personnel, department managers and supervisors, and employees. Communication would include IT keeping company stakeholders informed about current hacker threats, as well as HR apprising senior management of pertinent employee Web-use behavior. Collaboration would occur among HR, IT, and department managers in training the workforce. Collaboration would also take place between IT and department heads to select the appropriate Web monitoring and filtering tool.

If you don’t have one already, another necessity of a Web-use management program is to develop a sound Acceptable Use Policy (AUP) consistent with corporate culture. The AUP should describe acceptable and unacceptable Web-use behavior, i.e., company rules for what constitutes desirable, acceptable, unacceptable, and abusive use of the Internet and other network resources. The policy should also clearly state how compliance will be monitored and what the consequences will be to employees abusing the use of network resources. Does your company have an AUP in place that spells out the rules to your employees?

To ensure adherence to the Web-use policy, it should be clearly communicated to the entire workforce, including management, informing them of what is and what is not acceptable in easily understood language. You may also want to have employees acknowledge that they read and understood the policy through a signed acknowledgement. HR and management personnel should hold meetings with workgroups to answer questions and provide any additional information. This fosters open communication in the workplace and allows employees to be more engaged in proper Internet usage.

In addition to communicating the policy to all concerned, another requirement of an effective Web-use management program is training employees on how to use Web access productively and safely. Whether training is conducted or coordinated by HR or in collaboration with managers and other department personnel, training sessions should cover Internet usage and related subjects. Specifically, employees need to be made aware of what sites they are visiting and what they are clicking on the Web. The purpose of training should be to encourage proper, productive, and safe use of network resources while reinforcing the information in the AUP.

An important requirement of a Web-use management program is to use a reliable software tool that is designed specifically to monitor compliance with Web-use policies and proactively control Web access. The tool should also include a smart reporting engine that distinguishes between user clicks (visits) and unsolicited traffic (hits) and easily presents accurate and up-to-date Web-use data, identifying desirable Web usage as well as unacceptable use and trends. Does your tool include a Smart Engine that analyzes Web traffic to better interpret human behavior? Does it generate easy-to-read, manager-ready reports? Does it give details on employee Web use with drill-down reporting capability? These are key features of a Web monitoring and filtering tool that will benefit IT, HR, and department managers.

Another activity that is necessary is following up with corrective actions when inappropriate Web access is detected. With a policy in place, personnel oriented, the workforce trained, and your Web monitoring and filtering solution actively monitoring and controlling Web use, there are still more activities to do. The tool will inevitably reveal patterns of inappropriate use or disclose signs of outright abuse. These incidents will require attention by HR and management personnel. After identifying the problems, management can take appropriate follow-up actions, such as counseling employees, training or retraining workers, changing work processes, and revising or clarifying the AUP. Managers may also need to institute follow-up audits on individual users and, in worst case, take disciplinary action including termination.

The final element of an effective employee Web-use management program that I will cover involves the establishment of a continuous improvement process by the collaboration team, i.e., HR, IT, department managers, etc. In this process, there would be frequent reviews of employee Web use, new Web services introduced into the network, and new security threats, modifications of work processes, and appropriate revisions of the AUP. All company stakeholders would be involved. What other activities have been effective in your company in managing employee Web use?

Unauthorized Web use can degrade workforce productivity, impact network performance, threaten network security, and create legal liabilities. Any of these outcomes can seriously impact your bottom line. An effective employee Web-use management program is essential to prevent this from happening. If the responsibilities of an effective program are carried out well, misuse and abuse of network resources will be minimized without damaging workforce engagement and morale. Getting accurate, actionable information to all collaborators is a must, and the tool that you are using should be able to provide this information. Next time I will discuss how to get this information with reliable metrics generated by a reporting tool.