Responding for duty

24 Apr 2006

Some people who browse the internet at work may think that what they do online is their own business. In fact employers have a duty of care to ensure they don’t stumble across unsuitable or inappropriate content.

That applies across all industry sectors. Respond!, for example, is the largest non-profit housing provider in Ireland and has been building low-cost housing under governmental and private schemes for more than 20 years.

The organisation, which is limited by guarantee and has charity status, recently rebuilt its network and upgraded its internet connection to broadband. Staff consequently benefited from the faster connection and began using the web more and more.

Mindful of its duty to protect employees from offensive and inappropriate content online — as well as the potential legal consequences of failing to do so — Respond! decided to put in place a security policy, supported by a system that could implement it across the whole organisation, as staff are dispersed between nine different offices around the country.

Colleagues in the Local Government Computer Services Board forwarded Entropy’s name as a security supplier and Respond! asked the firm to advise it on a technical solution that could handle its needs.

Given a choice between products from several different manufacturers, Entropy proposed Websense as the closest fit to Respond!’s requirements: a solution needing minimal amounts of ongoing management that would be easy to use.

By having a system that could monitor internet use and enforce the security policy, Respond! hoped to pre-empt any problems while giving staff the freedom to use the web. “You can certainly browse the web as long as it doesn’t impact on productivity,” says Mark Murray, IT manager with Respond!.

According to Murray, the group doesn’t take a hardline approach to employee internet use, preferring to give staff a reasonable level of freedom to visit the likes of travel websites for booking holidays online.

“We don’t see that as a problem from a security point of view,” he points out.

However, access to sites containing sexual content or online betting will be blocked. In addition, Websense premium groups have been set up to prevent employees from visiting sites associated with spyware, phishing, pharming, keylogging and malicious mobile code.

Murray highlights a key feature in the Websense system as the ability to generate reports on employee internet use; these are in Microsoft Word format so they are easy to read even for non-technical staff.

The software can analyse web browsing trends to very granular levels of detail, Murray points out. Respond! can look at staff web patterns either by department or even on an individual user basis.

Websense even performs real-time analysis so that if the internet connection seems slow, the software can tell if someone is downloading a large file and hogging lots of the bandwidth.

Respond! staff installed Websense themselves, a straightforward process, according to Murray, who added that Entropy engineers were available to give telephone support.

Every week reports generated by Websense are sent to the management team. “If there is an issue from a human resources point of view they [the management team] would take care of that,” Murray adds.

Respond! circulates its security policy to all staff to ensure they are aware of what is and is not permitted online.

The policy is distributed in several ways to ensure everyone in the organisation knows about it, such as including it in the employee handbook and making it available online via a web browser. Staff are also notified if there are any changes to the policy.

The Websense solution has reaped other benefits. “We’re in the middle of an anti-virus tender and information from the reports has told us that we needed some sort of filtering security system at the gateway to stop any spyware or malicious code,” Murray says.

By Gordon Smith