USA Today reported today that “several top Security and Exchange Commission staffers surfed porn sites as economy teetered.”  While many of us like to think that “everyone” knows it’s inappropriate to surf porn at work using the office computer, time and time again stories like these still pop up.  While whether or not to allow social networking in the office and how to control the use of these sites seems to be the big surfing topic today, apparently we still cannot forget about pornography.  Pornography poses several risks to businesses and government agencies. These include productivity losses, security issues and legal liability.  No matter how strict or lenient your acceptable use policy is, one thing is clear.  Communicating your Web-use policy and regularly monitoring employees’ Web use is important.  You want to stop the problem before it starts or turns into an employee spending “up to eight hours a day looking at and downloading pornography.”

Source: http://content.usatoday.com/communities/ondeadline/post/2010/04/ig-report-several-top-sec-staffers-surfed-porn-sites-as-economy-teetered/1

A recent report by Manpower found that very few companies have policies regarding social networking use.  In fact, only 29% of US companies have a formal social networking policy in place.  Social networks are not only time wasters, but they can pose serious security risks or damage a company’s reputation if employees post confidential or harmful material about the company.  No matter what an employer’s stance is on social networking use in the workplace, it is highly recommended to have a policy in place and educate employees on that policy. Joseph P. Paranac, a shareholder in LeClairRyan’s Labor and Employment Group has offered Web-use policy suggestions on what companies should include.

We have also written a paper that addresses the issues surrounding social networking use in the workplace, the importance of creating a policy, and monitoring or filtering employee’s Web use according to that policy.

White Paper: Social Networking or Social Not-working?

Source: http://www.emarketer.com/Article.aspx?R=1007493

RealTimePlus is our customer-configurable three-layer filtering process. It uses three layers of screening based on: (1) custom categories, (2) the Wavecrest categorization (control) list and (3) a real-time deep packet analysis process.

1. Custom Categories (the “First Layer”). ‘Custom categories’ supplement the standard categories. This enables you to better identify and control your users’ Web activity.   For example, you can create a custom category to:

• Serve as a “white list” that contains all sites to which visits are allowed (while blocking all others).
• Track and possibly block access to ‘standard’ sites that are not in the Wavecrest URL List but are of special local interest or concern.
• Serve as a “black list” that contains all sites to be blocked (while allowing access to all others).
• Track (but not block) visits to internal servers (intranet sites) and/or partner sites.

You can add custom categories at the Advanced Settings – Category Setup – Custom Categories screen. Then use the Advanced Settings – Category Setup – Edit URLs screen to add sites into your custom categories.

2. The Wavecrest URL List (the “Second Layer”). To accurately identify and categorize the vast majority of visits, Wavecrest products use a large, mature categorization control list.  This ‘control’ list consists of 69 ‘standard’ content-identification categories that is updated daily with URLs from around the world.  We recommend that you download the list daily to get the best filtering and monitoring coverage.   You can setup an automatic daily download of the list at the Administration – URL List – Schedule screen.

Another great customization feature with the control list is that you can add and move URLs in the standard categories.  For example, if you use Twitter as a Marketing tool but want to continue to block all other social networking sites, you can simply add www.twitter.com to the Marketing category.  You can make this change at the Advanced Settings – Category Setup – Edit URLs screen.

Finally, set your block/allow policies for your custom categories and standard categories at the Advanced Settings – Filtering Settings – Block Web Categories screen.

3. Deep Packet Analysis (the “Third Layer”). Using real-time ‘deep packet analysis,’ CyBlock can determine if the content of a URL is Flash, video streaming, audio streaming, images, Active X and more.  Any or all of these could be considered “inappropriate” and can be blocked.  You can also add your own extensions to be blocked.  You can block these types of content or add your own at the Advanced Settings – Filter Settings – Block Web Content screen.

Other Features

1. Hourly Blocking. You can block or allow categories at specific hours during the day.  For example, you may want to allow access to some categories during the lunch hour. You can set these hourly policies by clicking on the clock icon at the Block Web Categories screen.

2. Customizable Blocking Message. CyBlock comes with a standard blocking message, but you can configure the product to point to your own Web policy or personalized blocking message.  You can set this custom message at the Advanced Settings - Filter Settings - Web Blocking Message screen.

There has been a lot of buzz surrounding the use of social networks, i.e., Facebook, Twitter, LinkedIn, etc.,  in the workplace recently.  This is a great reminder to all organizations to take a look at their current Web-use policies and update them.

Reuters covered a recent seminar put on by LeClairRyanon covering “Key Issues in Labor & Employment Law,” where the importance of a policy for social networks was discussed.  The speaker, Joseph P. Paranac, a shareholder in LeClairRyan’s Labor and Employment Group, stated, “Inappropriate and unwise use of online social networking sites like Facebook and Twitter is a growing source of liability risk for employers, including discrimination, defamation and retaliation claims.”

He went on to offer some Web-use policy suggestions for employers.

“In order to have a successful policy on the use of social networking sites, Paranac told the audience, employers should stipulate that:

• Employees may not comment or use any confidential information about the employer or discuss internal matters.
• Use of online social networks should be limited to non-working hours, unless the use is for legitimate business purposes.
• Employees’ comments should not be discriminatory or harassing.
• Similarly, they should not be disparaging or defamatory to the employer’s business.

The veteran attorney also offered the following elements of a successful Internet and e-mail policy:

• Employees should be trained on electronic communications equipment parameters and prohibitions.
• All business systems and company-issued electronic communication equipment and data belong to the employer.
• Systems and equipment must be used for appropriate and lawful business purposes only.
• Employee use is subject to review/monitoring by the employer and employees who use employer equipment have no expectation of privacy.
• Use of systems and equipment for harassment, discrimination, or defamation is strictly prohibited.
• Disclosure of employer confidential information is strictly prohibited.
• Warn employees of the penalties or policy violations.
• Obtain a signed acknowledgment of employee receipt of policy.
• Include a procedure for reporting violations.
• Enforce the policy!”

Read the full article: TWEET: ‘I’m About to Testify in My Defamation Case!’

There are two options for managing your Groups and IDs in Cyfin or CyBlock.  You can manage them either “Inside the Product” or “Outside the Product.”

By choosing to manage your Groups and IDs “Inside the Product,”  it means exactly that.  You can manually add, delete and move Groups and IDs in the product.  If you import your Groups and IDs from Active Directory or a text file, each time your Groups and IDs are imported either manually or scheduled, only NEW Groups and IDs will import.  The new Groups and IDs that are imported will be based on your configuration setup in the Active Directory Setup wizard.  Your existing Groups and IDs will not be modified, which means if a user left or moved departments, he/she will have to be deleted or moved in the product.  If you want to have users in the VIP group, you must use the “Inside the Product” option.

If you select to manage your Groups and IDs “Outside the Product,” then you will be only managing and making changes to your Groups and IDs at the directory source.  Each time Groups and IDs are imported, whether manually or scheduled from Active Directory or a text file, all Groups and IDs will be updated to identically match that configuration. Typically this option is not used because the directory source is grouped according to your network setup and not according to how you will want to apply Web-use policies.