During this coming holiday season, your employees are going to shop for things and browse during work. Some will do it during their lunch hour and some will do it from 9 – 5.
There’s no right or wrong answer. You have several options and solutions, the key is first deciding what your policy is going to be and ensuring your employees know it.
Not only do you have to be concerned about lost productivity, but your shopping employees must also be aware of security threats the company’s network can be exposed to by their increased online shopping and downloading of a variety of digital things.
Maybe the image of the shoes they want a closer look at is NOT as innocent as it may seem. Maybe it’s a Trojan Horse or some malware that will infect their computer, steal the passwords of their bank account and wreak havoc on the corporate network.
Security vendor GFI Software suggest the following guidelines to help you improve security and productivity:
Monitor user’s activity 24 x 7 – If your business is concerned that people are spending too much time online and downloading non-work related material, then you need to exert some form of control. Monitoring user activity will cut down on abuse while implementing web security measures will prevent malicious code from entering your network through irresponsible browsing. With proper measures in place, there is no harm in allowing employees to shop online during the lunch break – So long as you know what’s happening.
Acceptable usage policies. In small organizations, security policies are either non-existent or never enforced. Every organization should provide new employees with an acceptable usage policy that defines how they use corporate computers, what is acceptable in terms of Internet use and what is not tolerated nor accepted. Moreover, this document should be signed by the employee the day he or she joins. This will greatly reduce the risk of an employee who is dismissed for breach of the policy fighting back by saying that he or she was never told what they could or could not do.
Education – Explain to employees why they have to be careful when browsing the Internet. The usual ‘because I say so’ approach does not work with them. It only spurs them to bypass whatever the IT manager is telling them not to do. Employees are intelligent and will understand basic concepts of security especially when they can associate actions with the result it will have on their ability to do their job. Gaining an employee’s understanding is essential if an organization wants their cooperation. Even more so during this holiday season.
Everybody is a potential security threat – SMBs need to approach security without allowing emotions and friendship to interfere. Every employee, including the CEO, is a security risk. Employees need to understand that controls are there for good reason and not because the company doesn’t trust them. The IT manager is employed to ensure the network is as secure as possible; and if that means stepping on people’s toes, so be it.
Invest in technology – Security should not be considered an expense but a cost of doing business in an online age. It is also recommended that you invest in a security awareness program too. Technology and awareness need to be managed together and not separately.