How Loose Internet Policies Can Crush Your Business Security And Bottom Line
With Facebook, Snapchat, Pinterest and other very addictive social media apps consuming our free time, employees are likely to partake during work hours.
With March Madness around the corner and Spring vacations likely coming soon, your staff are likely tempted to look up the latest roster, browse travel deals, or search for spring fashion. While spending a little time here and there during breaks might not sound like a big deal, but in reality your team may be inadvertently landing on compromised or malicious sites (i.e., sites infected with malware) that can very easily put your network at risk. Even more, those minutes browsing can add up to tons of W2 time!
Today, I want to take a few minutes discussing types of very typical online user behaviors that we’ve seen in the Philadelphia area that have lead to ransom attacks and which likely are costing your business A LOT of money. If you have loose internet usage policies, limited or no use restrictions, or an insuficient firewall to protect users against malicious traffic.
First, how specifically is web surfing hurting your business?
Time Wasted—while employees might be wasting time across their work day—excessive meetings, coworker interactions, office politics—the biggest culprit of wasted time at work is surfing the world wide web.
In fact, the internet has grown to over 2 zetabytes of data for people to search (that’s equivalent to 2 TRILLION gigabytes!), there is a LOT of content out there to distract users from getting their work done.
According to Salary.com, the majority of employees spend a good chunk of their work day on social media and other non-work related websites.
Here’s the breakdown by hours of time wasted each WEEK:
Time Wasted % of Employees
<1 hour 39%
1-2 hours 29%
2-5 hours 21%
6-10 hours 8%
10+ hours 3%
Just to get a sense of how this wasted time adds up, here are some numbers of how even a half hour of web surfing for spring travel or March Madness can do to your bottom line over the course of a year. For one example, let’s say you pay your employee $14 per hour. And let’s assume they work 250 days a year. The time wasted by just one employee can really add up to a lot of mullah!
- 30 minutes a day wasted = 125 hours wasted per yr= $1,805.00/yr
- 1 hour a day wasted = 250 hours wasted per yr= $3,610.00/yr
- 2 hours a day wasted = 500 hours wasted per yr= $7,220.00/yr
- 3 hours a day wasted = 750 hours wasted per yr= $10,830.00/yr
- 4 hours a day wasted = 1,000 hours wasted per yr= $14,440.00/yr
- 5 hours a day wasted = 1,250 hours wasted per yr= $18,050.00/yr
And did you know that March Madness, alone, costs US companies well over $175 million in wasted time just in the first two days of the tournament?
Making sure your team isn’t constantly distracted with the outside world during the work day can make an incredible impact on your team’s ability to get work done right.
Security Risks—Every single time your users browse the web for personal use they may be putting your business at risk for ransomware infections. For an example of one of the recent ransomware attacks, see our discussion.
Social media sites are perfect sites for malware attacks. Clicking on video links or websites linked from social media platforms may take users to compromised sites hosting viruses actively looking to infect the machines on your network.
These sites often look really interesting. Maybe you see an interesting headline, photo or video that captivates your attention enough to click on a link. That’s all it takes to open the door to a ransom attack that may cripple your network.
When you are thinking about the costs of malware infections, you need to think of remediation costs, employee downtime (which often amounts to several weeks!), and lost data. Often ransom attacks cost businesses tens to hundreds of thousands of dollars.
How can you help keep that your team safe and productive?
Develop and communicate an internet and email policy with your team—I know rules are never fun, but having a clear understanding of what activities are okay and what is not will help most users avoid activities online that are not safe or inappropriate. Communicate clear expectations with your users as to what types of sites are permitted and which types of sites you do not want them accessing while at work.
Fair use policy?—You may consider coming up with a fair use policy for personal internet use in your workplace. If people are getting their work done, you may consider allowing limited access to trusted sites.
Remember, that some job functions (marketing and sales) may require access to social media sites. If you decide to limit social media at work, keep specific job functions in mind.
Consider web filtering—there are a variety of content-blocking and malware detection tools available to help prevent users from accessing questionable websites. These tools allow you to add specific types of sites—gambling, pornographic, social media, or other types of websites— and prohibit their access on your network. Web filtering and monitoring are good tools to have in place to prevent ransom infections. To see if you are effectively protecting your business from web browsing on malicious sites, security experts recommend getting a 3rd party security assessment.
Use smart passwords— Make sure to use passwords that are not too common. Passwords like “abc123” or “password” won’t cut the mustard anymore. Having sophisticated passwords will prevent hackers from gaining easy access to your network.
But equally important, don’t use same in social media and at work. Many folks I’ve worked with have one password for everything. If a hacker happens to get into your employee’s Facebook account, do you want them to have carte blanche access to your network and data? Hackers can easily break into social media account in under 10 minutes nowadays. With personal info from your users’ social media accounts, they can just as easily start hacking into your network if users aren’t meticulous about separating personal and business credentials.
Are you sure you are doing enough to keep your team (and business) safe online?
How to avoid this? Security experts recommend evaluating your network through a network security assessment.