Databranch

The 7 do's and don'ts of Network Gatekeeping
reprinted with permission from the HP Small Business Center

There's little doubt that the Internet has been a real benefit to organizations - providing instant communication capabilities and an almost bottomless source of valuable, up-to-date information on just about any topic.

However, many employees won't think twice about accessing the network for personal use, perhaps to download music or to shop online. Not only does this put a strain on the network by reducing the bandwidth available for legitimate use, but it also makes it easier for criminals to access sensitive company information and for viruses to enter the network.

From an IT standpoint, it's a hassle to deal with employees downloading unsafe material on the one hand, and complaints about how slow the network is on the other.

So what's the best way to effectively limit employees' network use and keep the network safe, without hampering productivity or creating distrust? Here's a list of do's and don'ts to help you put together a network usage policy.

1. Don't block access to things like IM applications or YouTube without consulting employees. Not only will it cause resentment on the part of users, but such things could be necessary to their work - e.g. to communicate with clients, for research or to watch instructional videos.

2. Do develop and implement a written 'acceptable use' policy with a statement of purpose and clearly laid-out rules that define exactly what is allowed or not allowed. It should also highlight the consequences of violating the policy.

3. Do understand how employees use the Internet for research and communication purposes, and do involve those affected in drawing up the policy. When proposing websites and applications to block, make sure users have a say in the matter. If you have to revise the policy because of an oversight after it's already been signed, then both you and the document lose credibility.

4. Do regulate and control employee use of the Internet with firewalls. Once a list of restricted URLs and other conditions of use have been set, use firewalls and filtering, and monitoring software to prevent employees from accessing inappropriate sites.

5. Don't neglect to use antivirus software - deploy VPN and use other security solutions to keep the network safe from hackers and viruses.

6. Do consider using thin clients instead of desktops or workstations. Thin clients put the normal local functions of a PC onto a server for centralized management, increasing security and enhancing control over user PCs.

7. Do conduct regular employee training sessions to inform them of why an acceptable use policy is necessary. Many employees assume that because they have Internet access at work, they are free to use it however they wish. They may not know how their actions can negatively affect the company (lawsuits, risk to sensitive data, etc.) and be cause for dismissal.

Once a set of rules for acceptable use of the network is in place and employees are aware of their responsibilities, you'll have more time to deal with real IT and business issues. You'll also spend far less of your day slaying viruses and fielding complaints.