Step No. 4: Educate employees
Staff members who are aware of Internet threats and network security are more likely to accept and comply with company policies, make intelligent decisions when surfing the Web, and avoid malware traps. Unsophisticated users may not understand that having multiple IM tools or downloading videos from YouTube can dramatically impact bandwidth.
Although it is often undesirable to overplay the "Big Brother" hand, you will usually find that notifying employees that their online actions are subject to monitoring will prevent the vast majority of incidents.
Step No. 5: Manage incidents
Along with a clear policy, it's important to have a plan for dealing with incidents. You should experience fewer problems if everyone understands the policy and the consequences for breaking the rules.
I recommend having various levels of discipline to manage contravention of the policy. When a potential problem is noted, the administrator should take steps to monitor that user's activity more intensively over a set period of time. More serious infringements should attract a written, documented warning or, in cases such as illegal pornography, this needs to be dealt with immediately. If it's not, it can result in litigation should the employee resign or be dismissed. The importance of employee awareness of the exact disciplinary structure and the necessity of maintaining documentation cannot be stressed enough.
Finally, it's vital to remember that technology and the Internet are evolving rapidly. Given the increasingly social nature of the Web, network managers need to stay on top of trends, monitor network activity, and be prepared to adjust the policy when new threats emerge. I recommend that the policy is reviewed at least biannually to address emerging challenges.
Implementing Web content control can be straightforward and does not need to take much time. By putting these measures in place, companies greatly decrease the odds of their networks being compromised, reduce their liability and improve employee productivity.
Bob Walters is President and CEO of Untangle. Bob began his career landing F/A-18 Hornet fighter aircraft on aircraft carriers. Today, Bob leads Untangle. Most recently, Bob landed Teros, his application security startup, at Citrix Systems via acquisition. Along the way, Bob has contributed in executive and general management positions at a number of top startup and public companies including Securant Technologies (now part of RSA Security), Linuxcare, Informix Software and Red Brick Systems. Bob is a published expert and invited speaker in Internet security, data warehousing and data mining, entrepreneurship and leadership. He is an honors graduate of the U.S. Naval Academy in Annapolis and was a Guggenheim Fellow at Princeton University. He can be reached at firstname.lastname@example.org.