relax ceo piece of mind

Why your Business Needs an Employee Internet Security Policy

iStock_000059050458_Small

As an employer it can sometimes feel like you spend more time managing employees than managing a business. After all, employees need processes, procedures and policies in place to ensure that everything is clear and understood. This prevents incidents and puts everyone on the same page with regard to how the business should run and employees should behave. You have policies in place for workflows, fire drills, vacation and benefits and most other things. But an often-overlooked area of concern for many business owners is an internet security policy. Since the internet and the risks surrounding it are relatively new, many companies don’t have a set policy for how their workstations can be used. As workforces become more mobile and BYOD, mobility, the cloud, laptops and tablets intermingle with homes and offices, it’s important to create policies that protect company data and assets from hackers and viruses. Here are a few reasons that you should implement an internet security policy.

The statistics are glaring.
We like to think that we have hired people that we can trust. But even the most involved background checks and hiring agencies can’t prevent an employee from abusing the internet at work. Here are a few statistics from Staffmonitoring.com that indicate that you need an internet security policy:

  • 48% of large companies blame their worst security breaches on employees
  • 70% of all internet pornography traffic occurs during the nine to five work day
  • 27% of companies say they have fired an employee for misuse of office e-mail or internet
  • 60% of security breaches occur within the company – behind the firewall
  • 59% of ex-employees admitted to stealing company data when leaving previous jobs.

In conjunction with these statistics, there are a few more that might make you think differently about how your employees approach the internet. According to this awesome infographic from Go-Gulf.com, the estimated annual cost of cyber crime is $100 Billion. And 50% of these attacks are virus, malware, worms or Trojan-based and 17% are web-based attacks.

It creates a standardized set of rules and consequences.
Like anything else in your business, you need a set of standards that will help govern your employee behavior, create processes and help your employees to understand the implication of the rules you set. Having a policy in place that explains the why, how and what if’s of internet security risk will not only protect your organization from malware, viruses and Trojans, but it will also ensure that your employees don’t waste time on the job with non-work related activities on frequently visited websites. If everyone is on the same page from the start, you can minimize actions that compromise your data and their employment.

It can be a massive productivity boost.
Time gets wasted at work. It happens. It’s a by-product of the fact that some employers expect employees to be at their desk 8 full hours during the week without exception. The inflexible scheduling has led to many doing personal errands, shopping and surfing the web on company time. While a certain amount of this can be healthy, as employees should take breaks to refresh their brain before their next task, it can also be disruptive to productivity. While blocking access can seem overly restrictive and pointless in a smartphone driven society, having policies in place to govern “personal” surfing during work hours, or redirects in place to help your employees stay on task are great ways to boost productivity. This blog gives some great insight on managing the efficiency of Millennial employees, who are historically distracted by social media and personal web surfing.

Ultimately, regulating every moment of your employee’s work day is a thing of the past. As more and more employees in the emerging Millennial workforce demand mobility and work-life balance, you must accept that a certain amount of internet use will be personal. Creating policies governing this user so that it’s very clear what can and cannot be done and how much time can be spent on these things is very important to protect your company data from breaches.