How to Manage Personal Use of the Internet in the Workplace

Managing the personal use of the internet by employees is a considerable challenge.

How can you offer personal use of the internet as a workplace perk without negatively affecting productivity and security?
Should employees be allowed to use business internet for personal reasons?
How much personal use is too much?

In this article I will cover common concerns related to personal use in the workplace, overview the benefits of allowing personal use, and provide tips for addressing personal use in your workplace computer use policy.

Free Template

Employee Internet Usage Policy

Paper document that says "Internet Usage Policy"

Download this FREE acceptable use policy, customize it, and distribute it to your employees to set a precedent for the acceptable use of the internet in the workplace.

Start Controlling Employee Internet Use Today

Need to restrict internet access in your network? In this tutorial you will learn how to block websites using a free trial of BrowseControl, CurrentWare’s web content filtering software.

With BrowseControl you can…

Block websites based on URL, category, domain, or IP address

Schedule unique internet restrictions throughout the day

Assign custom policies for each group of computers or users,

and enforce internet usage policies, even when devices leave the network

There are 3 ways to block employee internet access with BrowseControl

1) Block access to specific websites with the Block List

2) Restrict internet access to only certain sites with the Allow List

3) Using the Category Filtering feature you can block access to content categories such as Porn, Virus Infected, or Social Media

For complete control over internet and application use in your network, you can combine BrowseControl with BrowseReporter, CurrentWare’s internet monitoring software.

All right, let’s get started.

To begin, sign up for a free trial of BrowseControl at CurrentWare.com/Download. After filling out the form you will be provided with the files you need to get started with BrowseControl.

To install BrowseControl, run CurrentWare.exe on the administrator’s computer and follow the installation instructions; this will install the CurrentWare Console and Server.

After that, deploy the CurrentWare Client Setup file (cwClientSetup.exe) on all of the computers you would like to control.

From there you can import your Active Directory organizational units or manually create your desired policy groups.

For full installation instructions, please visit our knowledge base at CurrentWare.com/Support.

Now that you have BrowseControl installed, I’ll show you how to block specific websites based on their URL, domain, or IP address with the URL Filter.

This feature can be used to block your employees from accessing distracting websites like Facebook, TikTok, or Instagram.

First, decide whether you want to control internet access based on users or computers and select the desired mode.

Next, click on the URL Filter then select “Blocked List”

From the drop-down menu, select the group of computers or users that you want to restrict

Enter the URL, domain, or IP address of the websites you want to block to the master URL list, then press the Enter key or click “Add”.

BrowseControl will apply a wildcard to the URL, ensuring that any paths within the domain will be blocked as well.

In the master URL list, select the websites you want to block for the chosen group, then click “Add to Blocked List”.

If you would like to add the selected websites to the block list of multiple groups, you can press the drop-down arrow and select “add to multiple groups”, select the desired groups, then click “add to blocked list”

If you have a large number of websites you would like to block, you can also use the import feature to import an existing list.

Finally, click “Apply to Clients”.

That’s it! You have now blocked your employees, students, or patrons from accessing those specific websites.

Next, I’ll show you how to restrict internet access to only certain sites.

This feature is ideal if you want to prevent your employees, students, or patrons from accessing websites that are not explicitly allowed by your organization.

The process is identical to how you would block a website, except this time you will set the internet to “off” and add the websites you would like to allow to the Allow List.

With this method, your users will only be able to access the exact websites that have been approved by your company.

Here are the full instructions.

First, decide whether you want to control internet access based on users or computers and select the desired mode.

Next, click on the URL Filter, then ensure that “Allowed List” is selected

From the drop-down menu, select the group of computers or users that you want to restrict

Next, set the internet to “Off”. This will ensure that only the websites that are added to the allowed list can be accessed.

Enter the URL, domain, or IP address of the website you want to allow to the master URL list, then press the Enter key or click “Add”. BrowseControl will apply a wildcard to the URL, ensuring that any paths within the domain will be allowed as well.

In the master URL list, select the websites you want to allow for the chosen group, then click “Add to Allowed List”

If you would like to add the selected websites to the Allowed list of multiple groups, you can press the drop-down arrow and select “Add to Multiple Groups”, select the desired groups, then click “Add to Allowed list”

If you have a large number of websites you would like to allow, you can also use the import feature to import an existing list.

Finally, click “Apply to Clients”.

Next, I’ll show you how to block websites based on content categories such as Porn, Virus Infected, and Social Media

With BrowseControl’s category filtering feature you can block billions of websites across over 100 URL categories. More than 10,000 new domains are added each day, making it simple to restrict internet access even as new sites emerge.

Here’s how:

First, decide whether you want to control internet access based on users or computers, then select the desired mode.

Next, click on “Category Filtering”

From the drop-down menu, select the group of computers or users that you want to restrict

Select the web content categories you would like to block, then click “Add to Blocked List”

Finally, click “Apply to Clients”.

That’s it!

The Allow List can also be used in tandem with the Category Filtering feature to allow websites that would otherwise be blocked based on their content category.

For example, you could use the Category Filtering feature to block Social Media while still allowing access to LinkedIn.

Now that you’ve seen the 3 key ways you can block a website with BrowseControl, I’d like to show you how to restrict internet access at certain times.

With BrowseControl’s Internet Scheduler you can schedule custom block or allow lists throughout the day.

This feature will bring some flexibility to your internet restriction policies; in this example, we will allow our employees to browse the internet during lunchtime.

Here’s how to use the internet scheduler

First, decide whether you want to control internet access based on users or computers and select the desired mode.

Next, click on “internet scheduler”

From the drop-down menu, select the group of computers or users that you want to restrict

Next, click “New Schedule”

Set the start and end time of the schedule. Then, select the schedule type.

Internet On will allow internet access to all websites that are not on the URL Block List

Custom allowed list will only allow access to specific websites.

Custom blocked list will block access to a specific list of websites and allow access to the rest of the internet.

Custom Category blocked list will block specific categories and allow access to the rest of the internet.

Next, set your desired schedule frequency.

Daily will enable the schedule every day during the specified time period.

Weekly will enable the schedule only on specific days of the week.

Monthly will enable the schedule only on specific months.

Next, click “Add Schedule”.

If you selected one of the custom block or allow list options, you can click the link provided under the “schedule type” column to set the websites or categories that you would like on the list.

And finally, click “Enable Scheduler” if it is not already enabled

That’s it for today. If you’re ready to start blocking websites you can get a free trial of BrowseControl at CurrentWare.com/Download.

If you have any questions during your evaluation our support team is available to help you over a phone call, live chat, or email.

See you next time!

CurrentWare’s employee internet management software is essential for ensuring that your employees are using the internet safely and appropriately while at work.

The CurrentWare Suite includes two internet management solutions:

BrowseControl web filtering software for proactively blocking websites
BrowseReporter employee computer monitoring software for insights into how employees are using technology in the workplace.

Each module in the CurrentWare Suite can be purchased separately for the most flexibility or as a bundle for the best value.

Get My Free Trial

Learn More

Uses for CurrentWare’s Internet Management Software:

Track computer activity on a network to provide the technology usage details needed to determine which employees need corrective action.
Monitor employee internet use to identify suspicious or unproductive browsing behavior.
Reinforce AUPs with custom messages sent to users that attempt to browse inappropriate websites.
Restrict internet access to websites that are inappropriate or unsafe (pornography, malware-infested websites, etc)
Enhance endpoint security with USB access control configurations.
Restrict the use of games and other distracting applications/websites.
Identify actively disengaged workers engaging in time theft.

Table of Contents

Click to Show / Collapse

Should You Let Employees Use the Internet for Personal Tasks?
The Risks of Allowing Personal Internet Use in the Workplace
Why Let Employees Use Company Devices for Personal Use?
Best Practices for Managing Personal Use of the Internet at Work

Create a Computer Use Policy
What Employees Should NOT Do on Work Computers
Provide Employees With Cybersecurity Awareness Training
Decide How Much Personal Use Should Be Allowed
Should Companies Restrict Internet Access?
Should Companies Monitor Employee Internet Usage?

What’s Next?

Should You Let Employees Use the Internet for Personal Tasks?

An employee browsing the Internet on a laptop computer with different websites that are being tracked by the Internet monitoring software.

Deciding whether or not to allow your employees to use the internet for personal tasks is not as clear-cut as it may seem. There are a number of privacy and security concerns associated with personal internet usage.

For example, personal email accounts are more vulnerable than those protected by corporate email gateways. Employees that are being monitored on corporate systems may have sensitive information captured by the employee internet management software.

On the other hand, zero-tolerance policies for personal web browsing are likely to frustrate employees and negatively impact morale. When developing your computer use policy you must consider how you will balance network security, productivity, and employee satisfaction.

The Risks of Allowing Personal Internet Use in the Workplace

Lost Productivity From Excessive Cyberloafing

A woman in professional attire stares off-screen, distracted

For most workplaces a little bit of web surfing between tasks is no issue. That said, without a formal structure some employees can abuse this privilege.

But how much is too much?

According to a publication from Brent Coker of the University of Melbourne so-called “cyberloafing” can have a positive impact on employee productivity; so long as non-work internet browsing does not consume more than 12% of an employee’s work time.

“Short and unobtrusive breaks, such as a quick surf of the Internet, enables the mind to rest itself, leading to a higher total net concentration for a days’ work, and as a result, increased productivity.”
Brent Coker, lecturer of Marketing, University of Melbourne

If excessive web browsing (“cyberloafing”) is affecting productivity that doesn’t necessarily mean that employees should be forbidden to use the internet for personal use altogether.

Computer use policies that are too restrictive will just annoy employees and tempt them to spend more time trying to hide their web browsing than they would actually spend browsing. The key here is to set clear expectations, define how productivity will be measured, and foster an environment that emphasizes employee autonomy.

I will touch on the best practices for balancing productivity and cyberloafing later in this article.

What is cyberloafing?

Cyberloafing—also known as cyberslacking— describes when an employee surfs the web for reasons that are not related to their job. This includes using workplace internet for personal use, playing computer games, and browsing social networking sites.

Why do employees cyberloaf in the workplace?

34% of employees say they are not challenged enough
34% say they work long hours
32% say there are no incentives to work harder
30% are unsatisfied with their employment
23% say they’re bored at work
18% say it’s due to low wages
– Salary.com: Wasting Time at Work Survey 2013

Network Performance Issues From Bandwidth Hogs

An Ethernet router with five RJ45 cables connected to it

Your business needs a reliable and smooth internet connection to thrive. If employee web surfing is congesting your network you will need to address their use of bandwidth hogs accordingly.

Common bandwidth hogs include:

Movie streaming sites like Netflix, Prime Video, and Disney+
Video sharing sites like YouTube, Vimeo, and Dailymotion
Live streaming sites like Twitch, Facebook Gaming, and YouTube Gaming

It’s important to note that not all high-bandwidth websites are exclusively used for personal or unproductive reasons. An employee could have a legitimate business reason for browsing YouTube at work such as watching video tutorials or listening to music, TED Talks, and other valuable content.

That said, your network needs to remain fully operational so that it can be used for its intended purpose. You need to find that balance between allowing personal use of the internet without affecting overall productivity and network efficiency.

Depending on the needs and capabilities of your network this could be as simple as requiring that high bandwidth websites such as YouTube are used exclusively for business purposes.

If your employees have designated break periods your computer use policy could allow for some degree of personal use so long as it’s not negatively affecting the productivity of their coworkers.

For employees that need music to focus they can be provided with alternatives such as low-bandwidth music streaming services or being permitted to use their personal cell phones to listen to music.

Don’t know where your organization’s bandwidth is going? Learn how to monitoring bandwidth usage.

Cybersecurity Risks From Personal Internet Use

Spiceworks - top websites through which organizations have experienced security incidents within the last 12 months — Source: Spiceworks

Providing employees with unrestricted internet access is a cybersecurity nightmare. The internet is rife with security threats like phishing emails, malware, and threat actors that would love nothing more than to compromise your organization’s network.

Security risks of employee web browsing:

Data theft: A disgruntled (or negligent) employee could easily log in to a personal cloud storage site and transmit sensitive data to an external server.
Malware: Employees that browse the internet unimpeded are more likely to run into high-risk sites and download potentially compromised files.

While there is certainly no shortage of danger when networks are used exclusively for business purposes, personal web browsing is naturally higher risk. This is particularly true if employees are using their personal email accounts at work as these accounts are unlikely to be as secure as ones that are managed by the company.

Social media websites also pose a significant risk; as seen in the above graph from Spiceworks they were responsible for 11% of security incidents.

Why social media is particularly dangerous

Malware is spread on social media through links, often with catchy headlines
Social media sites are another avenue for phishing and social engineering attacks
Many social networking sites let users upload and share content, increasing the risks of accidental or malicious data leakage.

The types of websites an employee would visit for work purposes are likely to be pre-vetted and reasonably secure, whereas unfamiliar sites could pose a security risk. Depending on the level of personal use permitted there is also the risk of employees downloading risky software onto company computers.

Legal Liability For Piracy And Other Illegal Activity

A person sorting through a collection of pirated dvds or cds

As an employer you are responsible for ensuring that your employees use company-provided resources appropriately.

If your employees use the internet for illicit purposes such as piracy, data theft, harassment, hacking, and related activities there is a significant risk that your company will be held liable for any associated damages.

Blurring the lines between personal and professional may cause some employees to engage in unsavory behaviors that contribute to a hostile work environment. When allowing employees to use workplace equipment for personal reasons it’s critical that professional expectations are maintained.

Depending on the workplace privacy and employee monitoring laws of your jurisdiction allowing personal use can also be a liability issue as sensitive personal information could be captured by your company’s workplace surveillance software.

Which leads us to…

Potential Impacts on Employee Privacy

Employee Monitoring - Privacy Tips for Employers - CurrentWare

Employee monitoring software does not make any distinction between personal and business use. When monitoring employees in the workplace it is critical that they understand exactly what is being monitored, how their data is being used, and who will have access to it.

On a surface level, the majority of employees are likely to understand that their employer can see anything they do on corporate systems. That said, ambiguity over how much is being monitored could lead to employee privacy concerns.

What is being monitored, exactly?

Standard internet usage activity such as bandwidth usage and URLs visited, or;
Invasively intimate details such as individual keystrokes and private conversations?

Full transparency of employee monitoring ensures that employees that use workplace equipment for personal reasons are making an informed decision. Depending on the laws of your jurisdiction you may even need to adjust what is being monitored to reduce impacts on employee privacy.

Some jurisdictions go so far as to say that explicitly allowing personal use of workplace computers limits what an employer can monitor on their systems. When deciding whether or not to allow employees to use work devices for personal tasks it is important to understand how personal use affects your employee monitoring strategy.

Workplace Monitoring
Policy Template

Disclose your company’s intent to monitor employees in the workplace
Set workplace privacy expectations for employees
Meet transparency requirements for compliance with privacy laws

Get started today—Download the FREE template and customize it to fit the needs of your organization.

Get the FREE Template

Back to Table of Contents

Why Let Employees Use Company Devices for Personal Use?

With all of the risks of letting employees use company devices for personal use you may be tempted to forbid the practice altogether. After all, why would you let employees use company devices for personal use if it’s going to require so much forethought?

In this section I’d like to discuss why allowing personal use of company devices can be a good thing for your organization. After that I’ll provide you with some best practices so you can balance the risks vs rewards of personal use.

It’s Good for Employee Morale

“I worked for a company that specifically allowed personal use of the company internet. It was left to individual managers to monitor use, and ensure people actually did their jobs. The company actually pointed out in the employee handbook, that as the company had an industrial strength firewall,managed by the IT team, that things like online ordering and internet banking were probably safer to do at work that at home.” - Spiceworks user ICH — Source: Spiceworks user ICH

When developing your computer use policy you must consider how you will balance network security, productivity, and employee satisfaction.

Computer use policies that are too restrictive are frustrating for employees. As individuals employees want to feel that they are trusted to manage their own productivity. Allowing for a reasonable amount of personal use provides employees with the autonomy to self-manage.

Besides, employees spend a significant portion of their lives at work. Allowing for some flexibility helps employees maintain a suitable work/life balance and increases overall workplace satisfaction.

It’s a Great Job Perk

A woman working from home on her laptop. She is sitting on the floor and smiling with her laptop in her lap.

While high-speed internet is becoming increasingly more available and affordable, there are still those that do not have reliable internet access at home.

Internet infrastructure for rural communities is underdeveloped on a global scale. According to the report Measuring digital development: Facts and figures 2020 from the International Telecommunication Union, global home internet access is nearly twice as high in urban areas as it is in rural areas: 72% of urban households have access to the internet, yet this is true for only 37% of rural households worldwide.

For some employees having reliable internet access at work provides them with opportunities that they would not otherwise have. Employers with flexible computer use policies are highly desirable for these candidates.

Aside from that, employees that frequently travel for work are going to have plenty of off-hours time that they need to fill up. Carrying around two laptops is certainly a hassle; in these sort of situations the employee may even expect that they can use their work devices to keep entertained in their downtime.

They’re Going to Do it Anyway

A man using a laptop to browse the internet

Even if personal internet use is not permitted in your computer use policy, there’s a strong chance that employees are going to do it anyway.

Consider this…

97% of male survey participants and 85% of female participants in a survey from Singapore Management University believed that cyberloafing in the workplace was acceptable.
64% of employees in a Salary.com survey admitted to visiting non-work related websites every day while at work.
71% of employees in the Salary.com survey believe that short breaks throughout the day are beneficial for their productivity.

Worse yet, overly restrictive policies can actually be a security risk. If too many of the websites that your employees want to visit are being explicitly blocked they are more likely to seek out ways to bypass your web filter. This opens your network to high-risk websites, phishing emails, and other web security risks.

While there certainly needs to be clear guidelines, banning personal internet use altogether might not be the best solution. Alternatives such as limiting personal use to break times, defining what types of personal use are allowed, and setting clear productivity expectations may be better suited.

Back to Table of Contents

Best Practices for Managing Personal Use of the Internet at Work

Create a Computer Use Policy

Free Template

Employee Internet Usage Policy

Download this FREE acceptable use policy, customize it, and distribute it to your employees to set a precedent for the acceptable use of the internet in the workplace.

A computer use policy is a must-have for any organization that provides their employees with access to computers. Companies that have rules regarding their employee’s personal use of the internet will use a computer use policy to communicate their expectation.

A computer use policy is used to:

Outline security standards and best practices such as password management practices, lockout policies, and web browsing expectations.
Set a precedent for corrective actions the company will take when employees use workplace technology inappropriately.
Disclose the employer’s intent to monitor employee computer activity such as internet and application usage, emails, and data handling.

How to Write the Perfect Internet Use Policy

Avoid being too detailed
Outline the most common misuses you are guarding against such as illegal activity, workplace harassment, and other related actions that would be harmful to your business. You don’t want to be too broad though. A vague phrase like “Inappropriate use is prohibited” isn’t going to cut it – be sure to provide enough detail to limit ambiguity without going overboard.
Use strong, active words
When outlining explicit employee expectations in your policy you must use strong words such as must rather than should. This makes it clear that what is being asked of them is a rule rather than a general guideline.
Test your employee’s knowledge
After your employees read the policy you should ask them pointed questions to ensure they have truly read and understood the policy rather than simply signing it blindly.
Keep the policy in an accessible location
After they’ve read and signed the policy, show your employees where they can go if they need to access it again. Keep copies of the policy in a convenient location such as the company intranet and the employee handbook. After all, the intent of the policy is to communicate expectations; it’s not simply a piece of paper that’s intended to be buried in a file somewhere out of reach.
Use text formatting and organization to your advantage.
Break large blocks of text into smaller sections, use headers to separate key sections, and use typefaces that are easy to read. Making the policy skimmable will help greatly when employees need to refer back to it to remind themselves of specific stipulations.

What Employees Should NOT Do on Work Computers

Even when personal use of workplace equipment is allowed, there needs to be clear professional boundaries. Setting reasonable boundaries such as these in your workplace computer use policy will help to ensure that personal use doesn’t become a productivity, security, or liability concern.

1) Don’t Download Unauthorized Software

Allowing employees to download software onto their work computers is incredibly risky. There is no shortage of related risks such as software piracy, shadow IT usage, and added labour costs from IT departments needing to factor in unanticipated elements during troubleshooting.

Besides, employees should not be provided with administrative privileges on their computers in the first place. This provides far too many opportunities for employees to become an entryway for malicious cyberattacks that spread throughout the corporate network.

2) Don’t Save Personal Files to Work Devices

Personal data phishing concept background. Cartoon illustration of personal data phishing vector

Employees that regularly use work computers for personal use are going to be tempted to save personal files to the hard drive.

If left unchecked this habit can lead to the loss of important personal documents, inflated storage use, and a greater potential for infected documents to find their way to company devices.

Employees that get a little too comfortable with saving personal documents on their work computers may also inadvertently store particularly private files that they’d rather not provide others with access to. If they are unexpectedly terminated and locked out from their machine before they can delete their data this could cause serious privacy concerns.

3) Don’t Save Personal Passwords on Company Devices

Screenshot of a login screen. Admin is the username and the password is hidden

It’s critical that employees avoid saving their passwords to company devices. Depending on your network infrastructure allowing them to save their credentials could compromise the security of their accounts. Considering how online banking is a common use-case for computers it’s immediately clear that this is a serious personal security issue.

In addition to officially supported password managers, many modern web browsers include an integrated password manager. As a best practice companies should disable password caching on web browsers to avoid having login credentials available outside of an approved channel.

4) Don’t Connect Work Devices to Public WiFi Hotspots

According to the 2018 iPass Mobile Security Report, 81% of CIOs said their company had experienced a WiFi related security incident in the last year, with 62% of WiFi related security incidents occurring in cafés and coffee shops.

Insecure public WiFi hotspots are attractive to attackers as the volume of people connected to the network and the lack of encryption on some websites allows them to monitor the internet traffic of anyone connected to the network.

Attackers may also use a type of man in the middle (MitM) attack known as a “honeypot” to trick users into establishing a connection with their network device by masquerading as a legitimate WiFi hotspot.

In addition to this, the security of a legitimate public network is not guaranteed. These wireless access points are managed by a third party and they are often provided as a convenience to the public rather than for sensitive business purposes.

To mitigate the temptation to use these insecure WiFi hotspots, remote workers should have their own mobile router or high-speed mobile data plan. A mobile router transforms 4G or 5G wireless connections into a private WiFi signal, negating the need to use potentially unsecured WiFi networks.

What Is a Man in the Middle (MitM) Attack?

A man in the middle (MitM) attack is when a threat actor intercepts or alters communications between two parties. These types of attacks are typically used by threat actors to gain information during the early reconnaissance stages of a more advanced attack.

5) Don’t Do Anything You Wouldn’t Like Your Employer to See

A man sits at his desk working on a computer. The shadowy figure of a colleague looms behind him.

Even if personal use is permitted on work devices employees must avoid saying or doing anything on a work-issued computer or account that they don’t want their employers to see.

Paying the odd bill from time to time or sending a brief personal message to a loved one may be fine, but it’s best to avoid doing anything unprofessional. Depending on what sort of computer activity is being monitored inappropriate internet behaviors on company property could become a liability issue.

Back to Table of Contents

Provide Employees With Cybersecurity Awareness Training

This particular tip is true regardless of whether or not employees will be using work issued devices for personal reasons. You simply cannot afford to skip out on cybersecurity training for any and all staff members that interact with technology in the workplace.

Threat actors routinely take advantage of human error and deception to compromise information systems and assets. Providing employees with security awareness training is incredibly valuable as it reduces the chance that employees will fall for phishing schemes and engage in high-risk behavior.

While the exact ROI of a cybersecurity awareness program is difficult to measure precisely, there’s zero doubt that it’s non-negotiable for any business that takes data security seriously. When it comes to permitting personal use ensuring that employees are equipped with the knowledge they need to browse safely is paramount.

Decide How Much Personal Use Should Be Allowed

A woman and a man look at the same computer screen. They are in a computer lab with other people in the background

It’s important that you are explicitly clear as to what sorts of personal activities will be permitted on company devices. The general concept of “personal use” can be used to describe casual web surfing just as much as it can describe running a side business using company assets.

Setting clear expectations in advance will help employees better understand what is expected of them. How specific or vague you make your computer use policy is up to you, but if you simply state that “excessive personal use” and “inappropriate browsing activity” are forbidden without any sort of guidelines there may be too much ambiguity.

That said, you will not necessarily need to explicitly detail every possible scenario. Just consider what types of activities you are guarding against and provide enough information to clearly communicate your expectations.

Decide where you’ll draw the line:

Moonlighting: Are employees permitted to work on freelance projects using company devices? If so, who truly owns the copyrights to the work that is produced?
Entertainment: Can employees stream movies, listen to music, and read for leisure on company equipment? If so, are there any restrictions such as only partaking after work hours?
Social Media: Can employees use social media and other channels to communicate with family and friends? Is there a limit to how active they can be on social media during work hours?
Errands: Is personal banking, online shopping, and other personal tasks permitted? Are there any privacy or security considerations that your employee should be aware of?

Start Blocking Websites Today Learn More

Back to Table of Contents

Should Companies Restrict Internet Access?

Spiceworks - top reasons organizations restrict certain websites on the corporate network — Source: Spiceworks

According to Spiceworks research, 89% of organizations block or limit the use of one or more online service/site, such as social media, streaming services, or online shopping.

The top reasons for restricting employee internet access include protecting against malware (90%), preventing users from visiting inappropriate websites (84%), and to prevent unacceptable behavior (83%).

Interestingly, only 45% of respondents block websites to increase employee productivity. If you decide to block non-work websites for this reason you may want to consider scheduling more relaxed internet restrictions during employee break times.

When using web filtering for employee productivity it’s important to recognize that there needs to be a balance between security and productivity. Overzealous internet restriction policies may incentivize employees to seek ways of accessing blocked websites, negating the security benefits of a web filter.

Start Blocking Websites Today Learn More

Should Companies Monitor Employee Internet Usage?

Thanks for checking out the latest CurrentWare Video. In this video, we’re going to cover the reasons why you should monitor employee computer activity.

If you like this or other videos we’ve produced, hit the subscribe button below. Stay tuned to the end to learn how to get a free trial of all of the software I demo today.

Employee monitoring involves understanding how your employees are using company provided technology during work hours. There are five main benefits and considerations to employee monitoring that we will cover today:

Employee Productivity management
Addressing inappropriate technology usage, legal liability, and compliance
Managing cybersecurity and data loss prevention
Understanding how remote workers / out of office users are engaging with technology
Understanding bandwidth usage and limiting exposure and costs

So let’s start off with how monitoring can help employee productivity.

44% of employees admit to being distracted by the internet at work, and employees in the US have admitted to wasting 1-2 hours a day browsing the internet.

Employees that know they’re being monitored will avoid excessive personal usage of the internet and computer applications. In addition, in the event an employee is underperforming, employee monitoring reports on their computer activity can be used to help the employee understand their actions and enhance their productivity.

The second important reason to monitor activity is to address inappropriate internet usage & avoid legal liability.

As compliance requirements increase for various businesses, industries & jurisdictions, employers have a responsibility to ensure their employees are complying with regulations such as HIPAA, CCPA, CIPAA and GDPR.

By enabling computer monitoring, you can ensure that your staff are complying with these requirements. In addition, by monitoring & setting alerts, you can instantly be notified if employees are visiting inappropriate websites such as pornography, adult or other websites.

The third reason to monitor computer activity is for cybersecurity purposes & to prevent data loss.

By knowing which websites an employee is visiting, which files are being downloaded or shared, and which external devices and endpoints are being used, company administrators can manage cyber security risks and data loss prevention efforts.

Data breaches and associated risks can cost businesses millions of dollars in damages along with reputational risk, so being aware of these risks and monitoring them can provide significant benefits for every organization. In addition, by using alerts, and setting up risk profiles for users, you can audit activities and groups for questionable employee behavior.

Due to Covid-19, the year 2020 has seen a significant shift to remote work for various companies and organizations. This brings us to our 4th reason to monitor an employee’s computer usage: remote workforce management.

52% of CIOs surveyed suspect that one or more of their mobile workers have been hacked or caused a mobile security issue in the last 12 months. Employee monitoring software can be used to monitor for high-risk activity and verify that employee activity on company networks is legitimate.

The final reason to monitor employees is for bandwidth management purposes. With CurrentWare’s BrowseReporter tool, you can determine who is hogging bandwidth by streaming videos and uploading/downloading excessively large files.

Employees who are hogging bandwidth can slow down the entire network, negatively affecting the productivity of other employees and reducing the performance of business critical operations.

That’s it for this video. If you have any thoughts on this video or other reasons why computers should be monitored, feel free to comment below.

If you’d like to give any of CurrentWare’s computer and device monitoring solutions a try, please check out our free trial at currentware.com/download or get in touch with us and we’d be happy to help!

Note: The above video showcases a legacy user interface for BrowseReporter. To see the most up-to-date features and interface please visit the BrowseReporter product page

“Employers that don’t monitor [their employees] will become fewer and fewer, not to nail employees, but because monitoring increasingly makes business sense.”
Manny Avramidis, president and CEO, the American Management Association

Monitoring employee computer activity is incredibly common. According to a Spiceworks survey of 550 IT pros a solid 91% of organizations monitor employees in some way.

Spiceworks graph - top reasons IT pros monitor employees on corporate networks — Source: Spiceworks

The survey data shows that the majority of IT departments monitor employee activity to protect companies from malware and phishing scams (78%), prevent unacceptable behavior (68%), stop users from visiting inappropriate websites (67%), and protect companies from legal issues (61%).

Internet monitoring software was found to be the most common method for monitoring employee activities, with 78% of organizations in another Spiceworks survey opting to use it.

Spiceworks graph - most common solutions used to monitor employees — Source: Spiceworks

When using web monitoring software in the workplace it’s important to realize that there’s no way to reliably discern between personal and professional use of the internet. If your employees will be allowed to use company devices for personal use you will need to be well versed in the workplace privacy laws of your jurisdiction.

In some jurisdictions employees that use work devices for personal use may have legitimate protected privacy expectations. As a general best practice you must inform your employees that their computer activity will be monitored in advance so they can limit their personal use accordingly.

You can also configure your employee monitoring to only monitor employee computer activity during work hours. This allows employees the opportunity to freely browse during their breaks and other periods where personal use would be considered acceptable.

Want to start monitoring internet usage? Get started today with a FREE trial of BrowseReporter.

Get My Free Trial

Get a Quote

Back to Table of Contents

What’s Next?

Managing the personal use of the internet by employees is a considerable challenge. By following the best practices in this guide you will be able to create a computer use policy that balances your organizations legitimate productivity and security concerns with the desires of your employees.

If you would like a head start in creating your own computer use policy you can download our free internet use policy template and customize it to fit the needs of your business.

With your company policies established you can then use internet filtering and monitoring software to enforce employee internet usage standards.

Improve Employee Productivity With BrowseReporter

BrowseReporter gives us exactly what we needed. I can easily see exactly what sites people are visiting, when they visit them, and how long they stay there.

Ready to get advanced insights into how your employees spend their time? Reach out to the CurrentWare team for a demo of BrowseReporter, CurrentWare’s employee and computer monitoring software.

Learn More

Contact Sales

Dale Strickland

Dale Strickland is the Digital Marketing Manager for CurrentWare, a global provider of user activity monitoring, web filtering, and device control software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKEN	session	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmp	session	Zoho sets this cookie for the login function on the website.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
_gaexp	2 months 11 days 7 hours 3 minutes	Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_GY6RPLBZG0	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_opt_expid	past	Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_dc_gtm_UA-6494714-6	1 minute	No description
_gaexp_rc	past	No description available.
34f6831605	session	No description
383aeadb58	session	No description available.
663a60c55d	session	No description available.
6e4b8efee4	session	No description available.
c72887300d	session	No description available.
cookielawinfo-checkbox-tracking	1 year	No description
crmcsr	session	No description available.
currentware-_zldp	2 years	No description
currentware-_zldt	1 day	No description
et_pb_ab_view_page_26104	session	No description
gaclientid	1 month	No description
gclid	1 month	No description
handl_ip	1 month	No description available.
handl_landing_page	1 month	No description available.
handl_original_ref	1 month	No description available.
handl_ref	1 month	No description available.
handl_ref_domain	1 month	No description
handl_url	1 month	No description available.
handl_url_base	1 month	No description
handlID	1 month	No description
HandLtestDomainName	session	No description
HandLtestDomainNameServer	1 day	No description
isiframeenabled	1 day	No description available.
m	2 years	No description available.
nitroCachedPage	session	No description
organic_source	1 month	No description
organic_source_str	1 month	No description
traffic_source	1 month	No description available.
uesign	1 month	No description
user_agent	1 month	No description available.
ZCAMPAIGN_CSRF_TOKEN	session	No description available.
zld685336000000002056state	5 minutes	No description

Start Controlling Employee Internet Use Today

Uses for CurrentWare’s Internet Management Software:

Should You Let Employees Use the Internet for Personal Tasks?

The Risks of Allowing Personal Internet Use in the Workplace

Lost Productivity From Excessive Cyberloafing

What is cyberloafing?

Why do employees cyberloaf in the workplace?

Network Performance Issues From Bandwidth Hogs

Cybersecurity Risks From Personal Internet Use

Legal Liability For Piracy And Other Illegal Activity

Potential Impacts on Employee Privacy

Workplace MonitoringPolicy Template

Why Let Employees Use Company Devices for Personal Use?

It’s Good for Employee Morale

It’s a Great Job Perk

They’re Going to Do it Anyway

Best Practices for Managing Personal Use of the Internet at Work

Create a Computer Use Policy

How to Write the Perfect Internet Use Policy

What Employees Should NOT Do on Work Computers

1) Don’t Download Unauthorized Software

2) Don’t Save Personal Files to Work Devices

3) Don’t Save Personal Passwords on Company Devices

4) Don’t Connect Work Devices to Public WiFi Hotspots

What Is a Man in the Middle (MitM) Attack?

5) Don’t Do Anything You Wouldn’t Like Your Employer to See

Provide Employees With Cybersecurity Awareness Training

Decide How Much Personal Use Should Be Allowed

Should Companies Restrict Internet Access?

Should Companies Monitor Employee Internet Usage?

What’s Next?

Improve Employee Productivity With BrowseReporter

Dale Strickland

Related posts

The Cybersecurity Risks of AI & How to Safeguard Sensitive Data

Why Your Business Needs a Data Loss Prevention Strategy

Workplace Monitoring
Policy Template