Controlling Internet Use in the Workplace

By Gregory Taillon

E-mail Story
Print Story
Despite the great benefits the Internet gives businesses, managers also need to control what their employees access and how they use it. Many times, Internet access is an open invitation to waste time. Many employees increasingly participate in Internet chat, personal e-mailing, and online shopping and bill-paying. Extreme cases involve online pornography and gambling on company time.

To reduce these types of activities while providing some privacy for individual Internet use and maximizing work-hours, consider the following strategies for controlling Internet use in the workplace:

Set policies for Internet use. Rules need to exist before they can be enforced. Therefore, employers must set policies before they can take disciplinary action on Internet abuse. Policies should indicate how much personal time an employee can spend online. This relies heavily on the honor system, however, because without expensive protection programs, monitoring such time is difficult. In addition to time losses, consider security guidelines. Nonbusiness online dabbling increases a network’s vulnerability to viruses and hackers, which can spell disaster.

Beyond outside risks, a business must also consider risks that come from within. As cyber-crime levels increase, so do the legal ramifications, including copyright laws protecting artists from illegal music- and video-downloading. Of utmost concern are violations of the Child Online Protection Act, which makes it a felony to download, print, share, or possess pornographic images of children. Despite cases in the headlines that should serve as a deterrent, some employees continue to view pornography on the job, and employers may be held liable for illegal content. Many businesses think their employees have common sense and would never do this, but it can also happen by mistake when links to sexually explicit websites are disguised, making them difficult to detect. Therefore, company policies should also include rules of engagement in relation to spammers.

Monitor Internet activity with information assurance. Information assurance (IA) is available for large businesses that can afford Internet security but cannot rely on the honor system due to a large workforce. Dumb terminals are one option; allowing employees to use company e-mail without full Internet access is another. This type of system allows a company to provide a password for each employee, then track computer use as necessary. Some employees may consider this spying, but it is perfectly legal when employees are made aware of which types of use are appropriate. By using defensive programming, corporations can detect software glitches and anomalous control data flows that may indicate viruses. In case of a major computer attack, IA specialists should back up important data.

Use firewalls. A computer firewall protects networked computers from hostile intrusions. It can take the form of a hardware device or a software program running on a secure host computer. Just as fire doors or firewalls protect a building from fire damage, computer firewalls limit the spread of damage from one subnetwork to another.

Firewalls also log all attempts to enter the private network, and trigger alarms when hostile or unauthorized entry is attempted. They may be programmed to recognize and block certain types of traffic, sources, destination addresses, or key words such as “sex,” “bet,” or “adults only.” Firewalls recognize key words using complex rule bases that analyze the application data and determine if the traffic should be allowed through the system. Ultimately, the business owner or manager determines how a computer firewall is used.

Maximizing Online Security for the Future

Although allowing some level of personal Internet use is a nice benefit to provide to employees, restrictions must be in place. The honor system is always the best approach, but even the best screening for honesty and integrity is not foolproof. An information assurance system is a worthwhile investment. And although the firewall is an integral part of any security system, it is not an effective program in and of itself. A combination of strategies based on the technology budget is important for any business that uses the Internet.

Gregory Taillon is a global media expert and the author of Remote Control Wars. For more information, visit or call 800-786-1764.




















The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices