If you look at the range of activities that companies undertake to monitor Internet access, it can run the gamut from the extreme to the apathetic. Companies who want to maintain absolute control over their employee’s Internet usage may take measures that include recording and reviewing everything that users do on the web. They might even use a proxy server that only permits access for a subset of users and to only a list of business approved websites. On the other side of the spectrum you may find companies that don’t want to create a feeling of mistrust and, as a result, don’t monitor anything their users do online. Internet monitoring is still a critical part of maintaining the security of your organization. It doesn’t have to be the totalitarian approach of the first extreme above, but it needs to take an active role in protecting your users and your data resources from the murkier parts of the web.
There are four critical reasons to monitor Internet usage within your organization. Without having to single out any one user or play Internet Cop, these four reasons should be more than enough to convince you that at the very least, some aggregate reporting and proactive defense measures are essential to protect the organization and the employees themselves. Together with each reason, I will share my own first-hand experience that made me appreciate the use of Internet monitoring.
Viruses don’t just spontaneously come into existence on your network. They get in through user actions; the majority of which include downloads of infected files or accessing compromised sites. These actions are often the results of perfectly innocent and well-meaning actions, since the site you trust completely today, might find itself hacked tomorrow. By monitoring users’ Internet activities, proactively scanning downloads (executable files, documents and scripts contained within web pages), and checking for things like cross-site scripting attacks and obfuscated URLs, an Internet monitoring system helps to protect your users from threats outside your control, like a vendor website that has been compromised. The last virus incident I was involved in occurred because a user accessed a file sharing site with the computer set aside for shipping. Because this was a standalone machine in an unsupervised area, it was easy for a user to surf the web, and the antivirus software had stopped working but was not being properly monitored. Internet monitoring caught the infected file before it got to the desktop, and that alert let us know we had a machine requiring attention.
Compliance issues can come up when users access personal webmail sites, file sharing sites, or attempt to download copyrighted materials. By establishing a policy that prohibits these actions, and then implementing a technology that enforces this policy, a company can show good faith in meeting the requirements of any legislation or contractual obligations. A couple of years ago, a competitor filed a lawsuit against my employer. Part of the complaint alleged that users accessed this competitor’s website to download software using a third party’s credentials, which violated licensing agreements. Having logs to show that this did not occur proved very useful in court.
There are perfectly legitimate reasons for users to access websites during work hours. There are also plenty of distractions that can lead a user to accidentally burn through an hour of their day, even though they might have started out with the intention to just check something quickly. While I am completely in favor of allowing users some recreational access to the Internet, it is easily something that can be misused. By monitoring the sites responsible for the largest amount of time spent online by employees, a company can bring up the subject in team or company meetings, without singling out any individual. A few years ago, a supervisor whose department was chronically behind schedule was found to be spending most of his day on gaming sites, instead of seeing to his team’s needs. HR addressed this with the supervisor, and the team immediately started meeting their goals.
One of the largest expenses for many IT groups is their monthly bandwidth bill. If anything seems slow, users are bound to complain, so it is a constant effort to stay on top of bandwidth utilization reports, and to buy bigger pipes as usage climbs. Of course, sometimes the top bandwidth consumers are not what the business had in mind when it allowed Internet access to everyone. Being able to tell just what is using up all the bandwidth,and to then decide whether a larger circuit or a conversation with a user is the proper course of action, can save hundreds to thousands of dollars a month. In this case, a remote site with a pair of bonded DS1s complained regularly that they needed a bigger pipe; applications timed out regularly and response was unacceptable. In reviewing the logs of the Internet Monitoring, we determined that some user was streaming movies all day, every day. By blocking that category of site without having to identify the user, the problems with application timeouts were eliminated, and we avoided spending thousands more to get a larger circuit into this (very) remote office.
In each case above, Internet monitoring directly contributed to solving a problem, without requiring the security team to spend all day watching what others were doing. In all four reasons, I personally found that the Internet monitoring solution we implemented paid for itself in the costs saved or avoided. By adding an Internet monitoring solution to your environment, you can add another layer of protection to your defense for both your business and your employees.