Smart Answers December 1, 2009, 12:11AM EST

Putting a Fair Internet Use Policy in Place

Business owners who are worried about employees shopping online this holiday season should consider David Kelleher's ways to manage access

Story Tools

More than half of employees who have Internet access at work say they will shop for holiday gifts from the office, according to a November poll conducted for Shop.org, a division of the National Retail Federation.While online shopping may be more efficient than braving the crowds at lunch hour, employee shopping can compromise both security and productivity, says David Kelleher of GFI Software, which sells remote monitoring and management software primarily to small and medium firms.He spoke recently about this topic with Smart Answers columnist Karen E. Klein. Edited excerpts of their conversation follow.

This time of year particularly, lots of employees are conducting personal business online at work. What are the issues raised by this for small business owners?
There are two issues that the employer has to be aware of. The first is security and the second is productivity.

These days, everybody's on Facebook and LinkedIn, and they may have MySpace (NWS) accounts as well. So your employees come into work, turn on their computers, and spend the first 10 or 15 minutes looking at news sites, updating their profiles, and checking what their 200 or so friends have been doing the previous evening.

Hard-working employees may be doing this on their lunch hours, but some of them are spending as much time as possible online, maybe looking at all the fantastic offers this holiday season.

How much work time are employers losing?
If you have eight out of 50 employees spending an hour a day wasting time online and you factor in how much a work hour costs that business, and factor it in over a long period of time, the cost for the employer can be considerable.

The other cost comes from providing bandwidth, which is quite expensive particularly for small and medium businesses. The last thing you want is your employee going on YouTube (GOOG) and watching videos, or downloading something from iTunes, slowing down your network.

What security risks do employers face from employees' online activity?
There are real security problems and many, many threats, not only from e-mail but also from Web browsing. Your employee could be browsing online, come across a link, click on it, and download a little file. That's how some piece of malware finds it way onto their machine and from there it gets into all the machines on the network.

Are small business owners aware of these risks?
Very few. According to a recent GFI survey of small and medium businesses, only 9% said they were concerned about internal threats and only 36% said they monitor employees' browsing activity.

Aren't these online scams pretty easy to spot?
Unfortunately people fall for them all the time. Your employee is using the technology and you can't sit down next to them all the time and say, "Don't touch that!" It's impossible.

For instance, recently some bad guys created a fake Web site for the new Twilight film, New Moon. When somebody does a search for that movie, various links come up, including one that promised to show the full movie for free online. When users clicked on that link, they were asked to download a viewer to see the video. It turned out that download was a Trojan—self-replicating malware.