A recent eWEEK article on the use of Web filtering caught my attention, which debated the merits and motivation behind Web filtering at the workplace. Essentially, I like what Don E. Sears wrote when he summed up the prevalent rationale in the pro-filtering camp:
The desire to boost employee productivity during a long-term recession coupled with the preventive management of real and dangerous threats have forced some companies to restrict, monitor and block specific Websites.
On top of this, Sears noted that unrelated activities such as accessing YouTube and shopping online in the office also eat up bandwidth and hurt productivity.
Small and mid-sized companies are the least able to afford and implement Web (or Internet) filtering appliances, but are in the ironic position that with fewer employees, frequently being distracted by the Internet will have a larger overall impact on the efficiency of the company. In addition, the structure and processes in SMBs are also less well-defined, which means they're often more lax with workers engaged in activities that have nothing to do with their jobs.
And so Web filtering can come to the rescue.
But beyond the cost of implementing a reliable solution, the vital employer-employee relationship is far harder to quantify. The good news here is that in a Robert Half Technology poll, a majority (58 percent) of 1,400 CIOs said they have heard nothing from employees about security policies being too strict or at least "find it uncommon" to hear complaints. Workers appear to understand that the need for security is the basis for the restrictions placed on them.
And while I am against draconian keystroke-logging levels of monitoring, operating without controls is akin to firing up a nuclear reactor with its control rods out of commission-you are just asking for an eventual IT meltdown. So small and mid-sized businesses need to implement some measures to protect them, which was what led me to write "Unobtrusive Methods to Monitor Your Employees" recently.
Of course, the proliferation of netbooks, smartphones and Internet tablets in the office means that an increasing number of consumer-centric devices are inexorably making their way onto the corporate networks anyway. Beyond outright banning such devices from the office, the practical long-term solution would be for the IT security team (or the management for SMBs without IT staffers) to actively engage workers to agree on a suitable compromise.
This is where I would love to hear more from you. What kind of security measures do you implement in your small and mid-sized business? How do you forge an understanding with workers on Internet-related activities that are permissible and discouraged?