How to Manage Personal Use of the Internet in the Workplace
Managing the personal use of the internet by employees is a considerable challenge.
- How can you offer personal use of the internet as a workplace perk without negatively affecting productivity and security?
- Should employees be allowed to use business internet for personal reasons?
- How much personal use is too much?
In this article I will cover common concerns related to personal use in the workplace, overview the benefits of allowing personal use, and provide tips for addressing personal use in your workplace computer use policy.
Get Your FREE Employee Internet Usage Policy Template
- Disclose the monitoring of internet use
- Communicate standards for technology use
- Describe your usersโ rights and responsibilities
Get started todayโDownload the FREE template to set standards for acceptable internet usage in your organization.
Start Controlling Employee Internet Use Today
CurrentWareโs employee internet management software is essential for ensuring that your employees are using the internet safely and appropriately while at work.
The CurrentWare Suite includes two internet management solutions:
- BrowseControl web filtering software for proactively blocking websites
- BrowseReporter employee computer monitoring software for insights into how employees are using technology in the workplace.
Each module in the CurrentWare Suite can be purchased separately for the most flexibility or as a bundle for the best value.
Uses for CurrentWareโs Internet Management Software:
- Track computer activity on a network to provide the technology usage details needed to determine which employees need corrective action.
- Monitor employee internet use to identify suspicious or unproductive browsing behavior.
- Reinforce AUPs with custom messages sent to users that attempt to browse inappropriate websites.
- Restrict internet access to websites that are inappropriate or unsafe (pornography, malware-infested websites, etc)
- Enhance endpoint security with USB access control configurations.
- Restrict the use of games and other distracting applications/websites.
- Identify actively disengaged workers engaging in time theft.
- Should You Let Employees Use the Internet for Personal Tasks?
- The Risks of Allowing Personal Internet Use in the Workplace
- Why Let Employees Use Company Devices for Personal Use?
- Best Practices for Managing Personal Use of the Internet at Work
- Create a Computer Use Policy
- What Employees Should NOT Do on Work Computers
- Provide Employees With Cybersecurity Awareness Training
- Decide How Much Personal Use Should Be Allowed
- Should Companies Restrict Internet Access?
- Should Companies Monitor Employee Internet Usage?
- Whatโs Next?
Should You Let Employees Use the Internet for Personal Tasks?
Deciding whether or not to allow your employees to use the internet for personal tasks is not as clear-cut as it may seem. There are a number of privacy and security concerns associated with personal internet usage.
For example, personal email accounts are more vulnerable than those protected by corporate email gateways. Employees that are being monitored on corporate systems may have sensitive information captured by the employee internet management software.
On the other hand, zero-tolerance policies for personal web browsing are likely to frustrate employees and negatively impact morale. When developing your computer use policy you must consider how you will balance network security, productivity, and employee satisfaction.
The Risks of Allowing Personal Internet Use in the Workplace
Lost Productivity From Excessive Cyberloafing
For most workplaces a little bit of web surfing between tasks is no issue. That said, without a formal structure some employees can abuse this privilege.
But how much is too much?
According to a publication from Brent Coker of the University of Melbourne so-called โcyberloafingโ can have a positive impact on employee productivity; so long as non-work internet browsing does not consume more than 12% of an employeeโs work time.
โShort and unobtrusive breaks, such as a quick surf of the Internet, enables the mind to rest itself, leading to a higher total net concentration for a daysโ work, and as a result, increased productivity.โ
Brent Coker, lecturer of Marketing, University of Melbourne
If excessive web browsing (โcyberloafingโ) is affecting productivity that doesnโt necessarily mean that employees should be forbidden to use the internet for personal use altogether.
Computer use policies that are too restrictive will just annoy employees and tempt them to spend more time trying to hide their web browsing than they would actually spend browsing. The key here is to set clear expectations, define how productivity will be measured, and foster an environment that emphasizes employee autonomy.
I will touch on the best practices for balancing productivity and cyberloafing later in this article.
What is cyberloafing?
Cyberloafingโalso known as cyberslackingโ describes when an employee surfs the web for reasons that are not related to their job. This includes using workplace internet for personal use, playing computer games, and browsing social networking sites.
Why do employees cyberloaf in the workplace?
- 34% of employees say they are not challenged enough
- 34% say they work long hours
- 32% say there are no incentives to work harder
- 30% are unsatisfied with their employment
- 23% say theyโre bored at work
- 18% say itโs due to low wages
โ Salary.com: Wasting Time at Work Survey 2013
Network Performance Issues From Bandwidth Hogs
Your business needs a reliable and smooth internet connection to thrive. If employee web surfing is congesting your network you will need to address their use of bandwidth hogs accordingly.
Common bandwidth hogs include:
- Movie streaming sites like Netflix, Prime Video, and Disney+
- Video sharing sites like YouTube, Vimeo, and Dailymotion
- Live streaming sites like Twitch, Facebook Gaming, and YouTube Gaming
Itโs important to note that not all high-bandwidth websites are exclusively used for personal or unproductive reasons. An employee could have a legitimate business reason for browsing YouTube at work such as watching video tutorials or listening to music, TED Talks, and other valuable content.
That said, your network needs to remain fully operational so that it can be used for its intended purpose. You need to find that balance between allowing personal use of the internet without affecting overall productivity and network efficiency.
Depending on the needs and capabilities of your network this could be as simple as requiring that high bandwidth websites such as YouTube are used exclusively for business purposes.
If your employees have designated break periods your computer use policy could allow for some degree of personal use so long as itโs not negatively affecting the productivity of their coworkers.
For employees that need music to focus they can be provided with alternatives such as low-bandwidth music streaming services or being permitted to use their personal cell phones to listen to music.
Donโt know where your organizationโs bandwidth is going? Learn how to monitoring bandwidth usage.
Cybersecurity Risks From Personal Internet Use
Providing employees with unrestricted internet access is a cybersecurity nightmare. The internet is rife with security threats like phishing emails, malware, and threat actors that would love nothing more than to compromise your organizationโs network.
Security risks of employee web browsing:
- Data theft: A disgruntled (or negligent) employee could easily log in to a personal cloud storage site and transmit sensitive data to an external server.
- Malware: Employees that browse the internet unimpeded are more likely to run into high-risk sites and download potentially compromised files.
While there is certainly no shortage of danger when networks are used exclusively for business purposes, personal web browsing is naturally higher risk. This is particularly true if employees are using their personal email accounts at work as these accounts are unlikely to be as secure as ones that are managed by the company.
Social media websites also pose a significant risk; as seen in the above graph from Spiceworks they were responsible for 11% of security incidents.
Why social media is particularly dangerous
- Malware is spread on social media through links, often with catchy headlines
- Social media sites are another avenue for phishing and social engineering attacks
- Many social networking sites let users upload and share content, increasing the risks of accidental or malicious data leakage.
The types of websites an employee would visit for work purposes are likely to be pre-vetted and reasonably secure, whereas unfamiliar sites could pose a security risk. Depending on the level of personal use permitted there is also the risk of employees downloading risky software onto company computers.
Legal Liability For Piracy And Other Illegal Activity
As an employer you are responsible for ensuring that your employees use company-provided resources appropriately.
If your employees use the internet for illicit purposes such as piracy, data theft, harassment, hacking, and related activities there is a significant risk that your company will be held liable for any associated damages.
Blurring the lines between personal and professional may cause some employees to engage in unsavory behaviors that contribute to a hostile work environment. When allowing employees to use workplace equipment for personal reasons itโs critical that professional expectations are maintained.
Depending on the workplace privacy and employee monitoring laws of your jurisdiction allowing personal use can also be a liability issue as sensitive personal information could be captured by your companyโs workplace surveillance software.
Which leads us toโฆ
Potential Impacts on Employee Privacy
Employee monitoring software does not make any distinction between personal and business use. When monitoring employees in the workplace it is critical that they understand exactly what is being monitored, how their data is being used, and who will have access to it.
On a surface level, the majority of employees are likely to understand that their employer can see anything they do on corporate systems. That said, ambiguity over how much is being monitored could lead to employee privacy concerns.
What is being monitored, exactly?
- Standard internet usage activity such as bandwidth usage and URLs visited, or;
- Invasively intimate details such as individual keystrokes and private conversations?
Full transparency of employee monitoring ensures that employees that use workplace equipment for personal reasons are making an informed decision. Depending on the laws of your jurisdiction you may even need to adjust what is being monitored to reduce impacts on employee privacy.
Some jurisdictions go so far as to say that explicitly allowing personal use of workplace computers limits what an employer can monitor on their systems. When deciding whether or not to allow employees to use work devices for personal tasks it is important to understand how personal use affects your employee monitoring strategy.
Workplace Monitoring Policy Template
- Disclose your companyโs intent to monitor employees in the workplace
- Set workplace privacy expectations for employees
- Meet transparency requirements for compliance with privacy laws
Get started todayโDownload the FREE template and customize it to fit the needs of your organization.
Why Let Employees Use Company Devices for Personal Use?
With all of the risks of letting employees use company devices for personal use you may be tempted to forbid the practice altogether. After all, why would you let employees use company devices for personal use if itโs going to require so much forethought?
In this section Iโd like to discuss why allowing personal use of company devices can be a good thing for your organization. After that Iโll provide you with some best practices so you can balance the risks vs rewards of personal use.
Itโs Good for Employee Morale
When developing your computer use policy you must consider how you will balance network security, productivity, and employee satisfaction.
Computer use policies that are too restrictive are frustrating for employees. As individuals employees want to feel that they are trusted to manage their own productivity. Allowing for a reasonable amount of personal use provides employees with the autonomy to self-manage.
Besides, employees spend a significant portion of their lives at work. Allowing for some flexibility helps employees maintain a suitable work/life balance and increases overall workplace satisfaction.
Itโs a Great Job Perk
While high-speed internet is becoming increasingly more available and affordable, there are still those that do not have reliable internet access at home.
Internet infrastructure for rural communities is underdeveloped on a global scale. According to the report Measuring digital development: Facts and figures 2020 from the International Telecommunication Union, global home internet access is nearly twice as high in urban areas as it is in rural areas: 72% of urban households have access to the internet, yet this is true for only 37% of rural households worldwide.
For some employees having reliable internet access at work provides them with opportunities that they would not otherwise have. Employers with flexible computer use policies are highly desirable for these candidates.
Aside from that, employees that frequently travel for work are going to have plenty of off-hours time that they need to fill up. Carrying around two laptops is certainly a hassle; in these sort of situations the employee may even expect that they can use their work devices to keep entertained in their downtime.
Theyโre Going to Do it Anyway
Even if personal internet use is not permitted in your computer use policy, thereโs a strong chance that employees are going to do it anyway.
Consider thisโฆ
- 97% of male survey participants and 85% of female participants in a survey from Singapore Management University believed that cyberloafing in the workplace was acceptable.
- 64% of employees in a Salary.com survey admitted to visiting non-work related websites every day while at work.
- 71% of employees in the Salary.com survey believe that short breaks throughout the day are beneficial for their productivity.
Worse yet, overly restrictive policies can actually be a security risk. If too many of the websites that your employees want to visit are being explicitly blocked they are more likely to seek out ways to bypass your web filter. This opens your network to high-risk websites, phishing emails, and other web security risks.
While there certainly needs to be clear guidelines, banning personal internet use altogether might not be the best solution. Alternatives such as limiting personal use to break times, defining what types of personal use are allowed, and setting clear productivity expectations may be better suited.
Best Practices for Managing Personal Use of the Internet at Work
Create a Computer Use Policy
A computer use policy is a must-have for any organization that provides their employees with access to computers. Companies that have rules regarding their employeeโs personal use of the internet will use a computer use policy to communicate their expectation.
A computer use policy is used to:
- Outline security standards and best practices such as password management practices, lockout policies, and web browsing expectations.
- Set a precedent for corrective actions the company will take when employees use workplace technology inappropriately.
- Disclose the employerโs intent to monitor employee computer activity such as internet and application usage, emails, and data handling.
How to Write the Perfect Internet Use Policy
- Avoid being too detailed
Outline the most common misuses you are guarding against such as illegal activity, workplace harassment, and other related actions that would be harmful to your business. You donโt want to be too broad though. A vague phrase like โInappropriate use is prohibitedโ isnโt going to cut it โ be sure to provide enough detail to limit ambiguity without going overboard. - Use strong, active words
When outlining explicit employee expectations in your policy you must use strong words such as must rather than should. This makes it clear that what is being asked of them is a rule rather than a general guideline. - Test your employeeโs knowledge
After your employees read the policy you should ask them pointed questions to ensure they have truly read and understood the policy rather than simply signing it blindly. - Keep the policy in an accessible location
After theyโve read and signed the policy, show your employees where they can go if they need to access it again. Keep copies of the policy in a convenient location such as the company intranet and the employee handbook. After all, the intent of the policy is to communicate expectations; itโs not simply a piece of paper thatโs intended to be buried in a file somewhere out of reach. - Use text formatting and organization to your advantage.
Break large blocks of text into smaller sections, use headers to separate key sections, and use typefaces that are easy to read. Making the policy skimmable will help greatly when employees need to refer back to it to remind themselves of specific stipulations.
Get Your FREE Employee Internet Usage Policy Template
- Disclose the monitoring of internet use
- Communicate standards for technology use
- Describe your usersโ rights and responsibilities
Get started todayโDownload the FREE template to set standards for acceptable internet usage in your organization.
What Employees Should NOT Do on Work Computers
Even when personal use of workplace equipment is allowed, there needs to be clear professional boundaries. Setting reasonable boundaries such as these in your workplace computer use policy will help to ensure that personal use doesnโt become a productivity, security, or liability concern.
1) Donโt Download Unauthorized Software
Allowing employees to download software onto their work computers is incredibly risky. There is no shortage of related risks such as software piracy, shadow IT usage, and added labour costs from IT departments needing to factor in unanticipated elements during troubleshooting.
Besides, employees should not be provided with administrative privileges on their computers in the first place. This provides far too many opportunities for employees to become an entryway for malicious cyberattacks that spread throughout the corporate network.
2) Donโt Save Personal Files to Work Devices
Employees that regularly use work computers for personal use are going to be tempted to save personal files to the hard drive.
If left unchecked this habit can lead to the loss of important personal documents, inflated storage use, and a greater potential for infected documents to find their way to company devices.
Employees that get a little too comfortable with saving personal documents on their work computers may also inadvertently store particularly private files that theyโd rather not provide others with access to. If they are unexpectedly terminated and locked out from their machine before they can delete their data this could cause serious privacy concerns.
3) Donโt Save Personal Passwords on Company Devices
Itโs critical that employees avoid saving their passwords to company devices. Depending on your network infrastructure allowing them to save their credentials could compromise the security of their accounts. Considering how online banking is a common use-case for computers itโs immediately clear that this is a serious personal security issue.
In addition to officially supported password managers, many modern web browsers include an integrated password manager. As a best practice companies should disable password caching on web browsers to avoid having login credentials available outside of an approved channel.
4) Donโt Connect Work Devices to Public WiFi Hotspots
According to the 2018 iPass Mobile Security Report, 81% of CIOs said their company had experienced a WiFi related security incident in the last year, with 62% of WiFi related security incidents occurring in cafรฉs and coffee shops.
Insecure public WiFi hotspots are attractive to attackers as the volume of people connected to the network and the lack of encryption on some websites allows them to monitor the internet traffic of anyone connected to the network.
Attackers may also use a type of man in the middle (MitM) attack known as a โhoneypotโ to trick users into establishing a connection with their network device by masquerading as a legitimate WiFi hotspot.
In addition to this, the security of a legitimate public network is not guaranteed. These wireless access points are managed by a third party and they are often provided as a convenience to the public rather than for sensitive business purposes.
To mitigate the temptation to use these insecure WiFi hotspots, remote workers should have their own mobile router or high-speed mobile data plan. A mobile router transforms 4G or 5G wireless connections into a private WiFi signal, negating the need to use potentially unsecured WiFi networks.
What Is a Man in the Middle (MitM) Attack?
A man in the middle (MitM) attack is when a threat actor intercepts or alters communications between two parties. These types of attacks are typically used by threat actors to gain information during the early reconnaissance stages of a more advanced attack.
5) Donโt Do Anything You Wouldnโt Like Your Employer to See
Even if personal use is permitted on work devices employees must avoid saying or doing anything on a work-issued computer or account that they donโt want their employers to see.
Paying the odd bill from time to time or sending a brief personal message to a loved one may be fine, but itโs best to avoid doing anything unprofessional. Depending on what sort of computer activity is being monitored inappropriate internet behaviors on company property could become a liability issue.
Provide Employees With Cybersecurity Awareness Training
This particular tip is true regardless of whether or not employees will be using work issued devices for personal reasons. You simply cannot afford to skip out on cybersecurity training for any and all staff members that interact with technology in the workplace.
Threat actors routinely take advantage of human error and deception to compromise information systems and assets. Providing employees with security awareness training is incredibly valuable as it reduces the chance that employees will fall for phishing schemes and engage in high-risk behavior.
While the exact ROI of a cybersecurity awareness program is difficult to measure precisely, thereโs zero doubt that itโs non-negotiable for any business that takes data security seriously. When it comes to permitting personal use ensuring that employees are equipped with the knowledge they need to browse safely is paramount.
Decide How Much Personal Use Should Be Allowed
Itโs important that you are explicitly clear as to what sorts of personal activities will be permitted on company devices. The general concept of โpersonal useโ can be used to describe casual web surfing just as much as it can describe running a side business using company assets.
Setting clear expectations in advance will help employees better understand what is expected of them. How specific or vague you make your computer use policy is up to you, but if you simply state that โexcessive personal useโ and โinappropriate browsing activityโ are forbidden without any sort of guidelines there may be too much ambiguity.
That said, you will not necessarily need to explicitly detail every possible scenario. Just consider what types of activities you are guarding against and provide enough information to clearly communicate your expectations.
Decide where youโll draw the line:
- Moonlighting: Are employees permitted to work on freelance projects using company devices? If so, who truly owns the copyrights to the work that is produced?
- Entertainment: Can employees stream movies, listen to music, and read for leisure on company equipment? If so, are there any restrictions such as only partaking after work hours?
- Social Media: Can employees use social media and other channels to communicate with family and friends? Is there a limit to how active they can be on social media during work hours?
- Errands: Is personal banking, online shopping, and other personal tasks permitted? Are there any privacy or security considerations that your employee should be aware of?
Should Companies Restrict Internet Access?
According to Spiceworks research, 89% of organizations block or limit the use of one or more online service/site, such as social media, streaming services, or online shopping.
The top reasons for restricting employee internet access include protecting against malware (90%), preventing users from visiting inappropriate websites (84%), and to prevent unacceptable behavior (83%).
Interestingly, only 45% of respondents block websites to increase employee productivity. If you decide to block non-work websites for this reason you may want to consider scheduling more relaxed internet restrictions during employee break times.
When using web filtering for employee productivity itโs important to recognize that there needs to be a balance between security and productivity. Overzealous internet restriction policies may incentivize employees to seek ways of accessing blocked websites, negating the security benefits of a web filter.
Should Companies Monitor Employee Internet Usage?
Note: The above video showcases a legacy user interface for BrowseReporter. To see the most up-to-date features and interface please visit the BrowseReporter product page
โEmployers that donโt monitor [their employees] will become fewer and fewer, not to nail employees, but because monitoring increasingly makes business sense.โ
Manny Avramidis, president and CEO, the American Management Association
Monitoring employee computer activity is incredibly common. According to a Spiceworks survey of 550 IT pros a solid 91% of organizations monitor employees in some way.
The survey data shows that the majority of IT departments monitor employee activity to protect companies from malware and phishing scams (78%), prevent unacceptable behavior (68%), stop users from visiting inappropriate websites (67%), and protect companies from legal issues (61%).
Internet monitoring software was found to be the most common method for monitoring employee activities, with 78% of organizations in another Spiceworks survey opting to use it.
When using web monitoring software in the workplace itโs important to realize that thereโs no way to reliably discern between personal and professional use of the internet. If your employees will be allowed to use company devices for personal use you will need to be well versed in the workplace privacy laws of your jurisdiction.
In some jurisdictions employees that use work devices for personal use may have legitimate protected privacy expectations. As a general best practice you must inform your employees that their computer activity will be monitored in advance so they can limit their personal use accordingly.
You can also configure your employee monitoring to only monitor employee computer activity during work hours. This allows employees the opportunity to freely browse during their breaks and other periods where personal use would be considered acceptable.
Want to start monitoring internet usage? Get started today with a FREE trial of BrowseReporter.
Whatโs Next?
Managing the personal use of the internet by employees is a considerable challenge. By following the best practices in this guide you will be able to create a computer use policy that balances your organizations legitimate productivity and security concerns with the desires of your employees.
If you would like a head start in creating your own computer use policy you can download our free internet use policy template and customize it to fit the needs of your business.
With your company policies established you can then use internet filtering and monitoring software to enforce employee internet usage standards.
Improve Employee Productivity With
CurrentWareโs Remote Employee Monitoring Software
Ready to get advanced insights into how your employees spend their time? Reach out to the CurrentWare team for a demo of BrowseReporter, CurrentWareโs employee and computer monitoring software.
- Improve Productivity
Track unproductive web browsing and idle time to detect time-wasting - Save Time With Intuitive Reports
User-friendly reports make it easy to understand employee computer activity - Enhance Visibility
See how employees spend their timeโeven on Terminal Server and Remote Desktop Services!