Need a way to see employeed surfing habits

[+Bob+]

That's nonsense. First of all, you have no right as an employee
to use the employer network for any purpose not specifically allowed,
nor do you have an automatic right of privacy.

Smart managers know what motivates people to do a good job. It's not
treating them like captives who must be watched at all times.

Secondly, in today's legal climate if I accidentally glimpse
you accidentally viewing a website I consider offensive it can leave the
employer liable for the subsequent civil suit. Don't blame your
management. Blame the people who insist on legislating your right to profit
from being offended.

As long as the employer issues regulations, they are all set. Sure,
you need a 40 page manual written in conjunction with the corporate
lawyers. You don't need to monitor people.

In fact, monitoring sets you up to be sued. If you claim that your
network is "safe" and you then fail to keep it that way, you can be
sued. If you simply give employees regulations and they violate them,
then they personally are responsible for the violation. Talk to a
skilled HR lawyer.

Lastly, depending on the nature of the work there may be real
security issues involved. Think of working for one of those three letter
government agencies.

Irrelevant. This is a case of an employer wanting to know who goes
where. That's not operational security. That's handled very
differently. Everyone I know who works for the DIA, CIA, or DOD in a
sensitive area has standing orders not to use the Internet for
personal reasons and serious penalties for doing so. In addition, the
more sensitive areas are fully isolated. However, there's a legitimate
reason for that - it's not there to because of poor management
(although the military is hardly an example of good management), it's
there for security.

The bottom line is that unless you're a star or a relative you work
for someone on their terms, and those terms are niether good nor evil but
simply their control of their own private property.

You're missing the point. The real bottom line is that this is not how
you treat people if you want them to be loyal, creative, motivated,
valuable employees.

http://en.wikipedia.org/wiki/Theory_X_and_theory_Y

 

[webster72n]

Smart managers know what motivates people to do a good job. It's not
treating them like captives who must be watched at all times.


As long as the employer issues regulations, they are all set. Sure,
you need a 40 page manual written in conjunction with the corporate
lawyers. You don't need to monitor people.

In fact, monitoring sets you up to be sued. If you claim that your
network is "safe" and you then fail to keep it that way, you can be
sued. If you simply give employees regulations and they violate them,
then they personally are responsible for the violation. Talk to a
skilled HR lawyer.


Irrelevant. This is a case of an employer wanting to know who goes
where. That's not operational security. That's handled very
differently. Everyone I know who works for the DIA, CIA, or DOD in a
sensitive area has standing orders not to use the Internet for
personal reasons and serious penalties for doing so. In addition, the
more sensitive areas are fully isolated. However, there's a legitimate
reason for that - it's not there to because of poor management
(although the military is hardly an example of good management), it's
there for security.


You're missing the point. The real bottom line is that this is not how
you treat people if you want them to be loyal, creative, motivated,
valuable employees.

Only thing is, Paul was asked to do this for someone, he is not the employer
and hence these speculations are beyond his scope. He simply needed
constructive suggestions (I am not looking for trouble, just trying to keep
it straight).

 

[the wharf rat]

Smart managers know what motivates people to do a good job.

Stock options!

And a title. Titles are always good.

As long as the employer issues regulations, they are all set.

Well, no, not really. I mean, I'm not a lawyer, right? but
I'm looking right at West's Business Law Chapter 32 Section 11 and an
employer can definitely be liable for torts committed by employees while
working. There's a famous case where a cashier at Walmart got in a fight
with a customer who thought the line was too slow. Walmart actually had
a rule that said cashiers aren't allowed to fight with customers and fired
her on the spot but the store still got sued under the principle of
respondeat superior...

That's why everyone does background checks. They don't care so
much about what you might do to them as what would happen if they hired
someone with say a record of child molestation and you molested a child
customer... Lol, even if they have a rule that says employees aren't
allowed molest child customers.

In fact, monitoring sets you up to be sued. If you claim that your
network is "safe" and you then fail to keep it that way, you can be
sued. If you simply give employees regulations and they violate them,
then they personally are responsible for the violation. Talk to a
skilled HR lawyer.

Well, ya know? I have. Ha ha that's how I know the Latin
Also why I have West's handy...

Irrelevant. This is a case of an employer wanting to know who goes
where. That's not operational security. That's handled very
differently. Everyone I know who works for the DIA, CIA, or DOD in a
sensitive area has standing orders not to use the Internet for
personal reasons and serious penalties for doing so. In addition, the
more sensitive areas are fully isolated. However, there's a legitimate

It certainly is operational security. It's access control.

Look, I've been ISSO and ISSM for half a dozen sites. Even
a site that just handles For Official Use Only does more than just make
rules. I mean, think about it. Don't you think an enemy agent would
look you right in the eye and promise not to leak information, scout's
honor? Lol So part of your job is to make sure they can't do it even if
they try, and another part is to monitor the network so you know if they're
doing it.

IMHO you've (all) got this sort of backwards. Nobody does stuff
like this just because they want to snoop, or because they want you to KNOW
you're being watched. The only time anyone goes through all this trouble
is because they feel that it's what they need to do to ensure information
security. That's a management decision and a management responsibilty,
and as an employee it's both rude and counterproductive to sit there and
mutter about fascists. You knew what the deal was when you signed up, right?

It's like going to a nudist camp (excuse me I mean a clothes free
resort . You KNOW there's going to be naked people and you KNOW you're
going to have to undress so wouldn't it be pretty silly to voluntarily sign
up and then complain that naked guys are looking at your legs?

You're missing the point. The real bottom line is that this is not how
you treat people if you want them to be loyal, creative, motivated,
valuable employees.

No, I think you've still got it backwards. Loyal, creative,
motivated people understand that this isn't anything personal and
that it wouldn't be done if the people responsible for the success of
the project didn't think it was necessary.

 

[+Bob+]

Only thing is, Paul was asked to do this for someone, he is not the employer
and hence these speculations are beyond his scope. He simply needed
constructive suggestions (I am not looking for trouble, just trying to keep
it straight).
<H>.

Agreed... but the advice I originally posted is for him. Sometimes you
need to stand on principle. Other times you compromise for a buck.
Only Paul can decide what instance this is.



I

 

[webster72n]

Agreed... but the advice I originally posted is for him. Sometimes you
need to stand on principle. Other times you compromise for a buck.
Only Paul can decide what instance this is.

I'll drink to that...

 

[Leythos]

I'd go a little further.

1. Start by telling management that they are using an archaic
management style generally known as "theory X". With that style of
management, managers believe that employees are generally lazy and
won't work hard unless strictly supervised under a narrow set of rules
designed to keep their noses to the grindstone. Suggest that they go
look up "Theory Y" and learn what most smart companies figured out
about 40 years ago regarding motivating employees and obtaining
maximum performance.

2. Go prepare your resume. You don't want to work for a bunch of dolts
that spend their time worrying about what web sites employees are
browsing instead of concentrating on serving the company's customers.

Bob, we work for many companies all over the USA. While most all of them
have AUP's and other rules in place, the managers could not do their
jobs if they sat on top of all employees all the time, it's just not
possible to monitor suspected abusive employees and still get their own
work done.

Monitoring is a very good thing - it keeps productivity up, keeps morale
up, and it also spots abuses by employees that can lead to compromised
networks, sexual harassment, loss of intellectual/company data, loss of
productivity, loss of morale, etc...

As an example:

Large company (at least for us), 140 users, two shifts, spread out
across large building with many people isolated from others.

Company had determined that they needed a third shift in order to meet
current requirements.

We had been telling them that the email and surfing being done by the
employees was far beyond abuse of company policy and that we believed
they didn't need a third shift to meet their needs.

They agreed to let us install Web (HTTP/HTTPS) filtering, blocking of
non-Business necessary sites, filtering and blocking of email, and
limiting email (external) to only those that required external email for
business needs.

Yes, there was a lot of complaining, most of it was from the people that
felt the company OWED them the right to surf and email friends/personal
contact. Yes, there was about 2 days of getting the filters properly in
place to allow all BUSINESS functions, but most of it was ready the day
we implemented it.

The factual reporting of abuse showed that more than 40% of the staff
was spending more than 1 hour per day, beyond Lunch/Breaks, on non-
business related email/surfing tasks. The factual reporting also showed
that 5 employees were spending more then 6 hours per day on non-business
related email/surfing tasks.

All abusers were monitored for two weeks, all events recorded. At the
end of two weeks all abusers were confronted by upper management and
given the proof of their abuse, none were fired.

For the first two weeks (apx), all but 2 kept their abuses to just
lunch/breaks, then, over a period of 2 more weeks, the abuse started
creeping into business hours and more and more time - instead of 40%, it
was about 20%, the 5 serious abusers were fully back at it again.

During a single holiday break, one person sent (yes, sent) more than 800
emails to three people in a single shift - they were suppose to be
processing orders that take several minutes to process.... Needless to
say, the following shift was swamped.

The 5 were presented proof of their abuse again, fired, unemployment
denied. The rumors go around, since they were no longer there, and the
abuse stopped for about a month, then, instead of 40%, about 10%
returned to abusing the policy - another round of firings was done.

At this time the company is operating on two shifts, has excess capacity
without the third shift they didn't need, and overall productivity has
increased more than 30 real percent, morale has increased with employee
comments showing that people were really impacted by the failure of
management to force people to do their work, forcing others to carry the
abusers load....

We've seen this say situation played out across the country - and the
Abusive employees always claim they have a RIGHT to check personal
email, contact friends/family at lunch/breaks, but they spill over into
business hours, etc...

If you want to do personal things then do them outside company
hours/resources.

 

[Phillip Windell]

I'd go a little further.

1. Start by telling management that they are using an archaic
management style generally known as "theory X". With that style of
management, managers believe that employees are generally lazy and
won't work hard unless strictly supervised under a narrow set of rules
designed to keep their noses to the grindstone. Suggest that they go
look up "Theory Y" and learn what most smart companies figured out
about 40 years ago regarding motivating employees and obtaining
maximum performance.

What the employees are doing can make a difference,..especially when you may
be pushing the limits of your bandwidth already and some user is listening
the Internet Radio or watching movies on www.Hulu.com. Users will try to
get away with anything they can get away with.

I run ISA Server and can use the Logging to figure out what I want to
know,...but it is just a text of a bunch of log entries,..no pretty
pictures,...and that is fine. The ISA Reporting System (that has pretty
pictures) does not provid detailed enough information,...and that is fine
too (since I almost never use that).

However a proxy server or a firewall is a lousey "babysitter". We only use
the logs to know who the management needs to go have "a little talk" with.
At that point it is human to human,...not human -vs- firewall.

2. Go prepare your resume. You don't want to work for a bunch of dolts
that spend their time worrying about what web sites employees are
browsing instead of concentrating on serving the company's customers.

It is the employees who are supposed to be servicing the customers (not
management),...and they aren't doing that if they are messing with
www.hulu.com or www.hotcheerleaders.com all day.

Now we don't "spend our time" worrying about what web sites the employees
are browsing,...but when something becomes a problem and is noticed,...we
deal with it. Now when a woman comes in in the morning and finds a dried
stain on the seat (figure it out) because some guy on the night shift was
sneaking into someone's office (to avoid his own machine) and enjoy a little
midnight porn before he went home,...that becomes a problem.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

 

[Phillip Windell]

Kudos from me! 100%
I loved the story.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.

 

[Leythos]

Kudos from me! 100%
I loved the story.

We see this in every location we provide IT/Consulting services for.

The latest one is a small company, 10 employees, they use family to
answer the phones and do some basic office work - they used a simple NAT
router and didn't want to use web-blocking of any type - said they would
not have a problem.

I asked the owners to let me install OpenDNS for a month, and it was
difficult for them to listen to family complain about not getting
personal emails, not being able to visit pogo, etc....

What was most telling what that they found MORE work was being done,
that they could measure, after about two weeks, and they had less
problems with your systems on top of that.

 

[+Bob+]

At this time the company is operating on two shifts, has excess capacity
without the third shift they didn't need, and overall productivity has
increased more than 30 real percent, morale has increased with employee
comments showing that people were really impacted by the failure of
management to force people to do their work, forcing others to carry the
abusers load....

You are failing to see the forest for the trees.

a. There are other ways to monitor production efficiency and quality
of employee work. Much better ways. Good employees shine and are
rewarded, bad employees are grown or removed.

b. You are measuring only the short term efficiency of the change
you've made. The long term effect on the workplace has been ignored.
ex. As just one data point, the effects on growing employees and
stifling creativity on the overall business has been ignored.

c. You fallen right into the Theory X trap. You are closely watching
employees, dictating what they do, how they do it, where they do it.
I'll make a WAG this company knows nothing of TQM. This is
manufacturing management from the 1940's. Do some reading about what
really successful companies do since Fred stopped using the
Bronto-crane at the Slate Quarry.

 

[Jon]

Bob, we work for many companies all over the USA. While most all of them
have AUP's and other rules in place, the managers could not do their
jobs if they sat on top of all employees all the time, it's just not
possible to monitor suspected abusive employees and still get their own
work done.

Monitoring is a very good thing - it keeps productivity up, keeps morale
up, and it also spots abuses by employees that can lead to compromised
networks, sexual harassment, loss of intellectual/company data, loss of
productivity, loss of morale, etc...

As an example:

Large company (at least for us), 140 users, two shifts, spread out
across large building with many people isolated from others.

Company had determined that they needed a third shift in order to meet
current requirements.

We had been telling them that the email and surfing being done by the
employees was far beyond abuse of company policy and that we believed
they didn't need a third shift to meet their needs.

They agreed to let us install Web (HTTP/HTTPS) filtering, blocking of
non-Business necessary sites, filtering and blocking of email, and
limiting email (external) to only those that required external email for
business needs.

Yes, there was a lot of complaining, most of it was from the people that
felt the company OWED them the right to surf and email friends/personal
contact. Yes, there was about 2 days of getting the filters properly in
place to allow all BUSINESS functions, but most of it was ready the day
we implemented it.

The factual reporting of abuse showed that more than 40% of the staff
was spending more than 1 hour per day, beyond Lunch/Breaks, on non-
business related email/surfing tasks. The factual reporting also showed
that 5 employees were spending more then 6 hours per day on non-business
related email/surfing tasks.

All abusers were monitored for two weeks, all events recorded. At the
end of two weeks all abusers were confronted by upper management and
given the proof of their abuse, none were fired.

For the first two weeks (apx), all but 2 kept their abuses to just
lunch/breaks, then, over a period of 2 more weeks, the abuse started
creeping into business hours and more and more time - instead of 40%, it
was about 20%, the 5 serious abusers were fully back at it again.

During a single holiday break, one person sent (yes, sent) more than 800
emails to three people in a single shift - they were suppose to be
processing orders that take several minutes to process.... Needless to
say, the following shift was swamped.

The 5 were presented proof of their abuse again, fired, unemployment
denied. The rumors go around, since they were no longer there, and the
abuse stopped for about a month, then, instead of 40%, about 10%
returned to abusing the policy - another round of firings was done.

At this time the company is operating on two shifts, has excess capacity
without the third shift they didn't need, and overall productivity has
increased more than 30 real percent, morale has increased with employee
comments showing that people were really impacted by the failure of
management to force people to do their work, forcing others to carry the
abusers load....

We've seen this say situation played out across the country - and the
Abusive employees always claim they have a RIGHT to check personal
email, contact friends/family at lunch/breaks, but they spill over into
business hours, etc...

If you want to do personal things then do them outside company
hours/resources.

The word 'abuse' (and its derivatives) appears a total of 15 times in your
comment. Each time you use it to refer to the actions of employees and not
once to the potential abuses of management upon their employees by
installing such technology.

The number one abuser in the workplace has always been (and probably always
will be) management itself. So unfortunately your phraseology reflects a
biased perspective, since you earn your income from enforcing such Draconian
measures in the companies you visit.

Technology that you may help to implement for one purpose (rooting out the
'over-surfers') can easily be flipped and used for far more invasive
purposes (eg spying on + stifling the freedom of the innocent surfer).

Ok you can wash your hands of that, count your paycheck, and say 'well we
only installed for that one particular intention'. In reality you would bear
some of the responsibility for its subsequent use, be that good or evil,
since you had the moral choice to either accept or reject such a project.

 

[Jon]

IMHO you've (all) got this sort of backwards. Nobody does stuff
like this just because they want to snoop, or because they want you to
KNOW
you're being watched. The only time anyone goes through all this trouble
is because they feel that it's what they need to do to ensure information
security. That's a management decision and a management responsibilty,
and as an employee it's both rude and counterproductive to sit there and
mutter about fascists. You knew what the deal was when you signed up,
right?

This isn't the likely scenario. Here we probably have 25 happily-working
employees who will arrive at work one day to have their boss announce that
from that day onwards they will be spied upon. I would doubt very much if a
single one of them were told at their recruitment interviews

'Oh, and by the way exactly one year into your employment we'll start
spying on your surfing habits. I hope you agree? If so, sign here.'

No, Mr Boss will come out of his secluded little office one day and announce
to all and sundry that that is just the way it is and that if they don't
like it then the door is thatta way

<-----


with perhaps a few strategically positioned newspapers around the office
headlining the world's financial crisis to help Mr Joe / Miss Jill "heavily
in credit card debt" Worker to make their decisions.

It's like going to a nudist camp (excuse me I mean a clothes free
resort . You KNOW there's going to be naked people and you KNOW you're
going to have to undress so wouldn't it be pretty silly to voluntarily
sign
up and then complain that naked guys are looking at your legs?

I think it's more like turning up at a standard holiday camp and the camp
leader suddenly announcing that the camp rules have changed; that in the
interests of greater transparency and to ensure that attendees can have
nothing to hide, from now on no clothes will be permitted - all except for
the camp leader who somehow still manages to remains fully clothed.

 

[Dave]

What a load of crap!

 

[Leythos]

The long term effect on the workplace has been ignored.
ex. As just one data point, the effects on growing employees and
stifling creativity on the overall business has been ignored.

You are very wrong, having done this for decades myself.

 

[Phillip Windell]

Just guessing,...but maybe Jon and Bob have been fired a time or two over
abusing their usage rights and just have a chip on their shoulder. This
whole theory X & Y thing is just psycho-babble to me. I live in the real
world, and in the real world, people will do whatever they think they can
get away with.

Just my opinion....


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

 

[Jon]

What a load of crap!

Able to elaborate, or are you restricted to 5 word comments by the
authorities?

 

[Leythos]

The word 'abuse' (and its derivatives) appears a total of 15 times in your
comment. Each time you use it to refer to the actions of employees and not
once to the potential abuses of management upon their employees by
installing such technology.

And it would appear, (sorry, I snipped the rest of your post since your
bent can be derived from the part I quoted) that you are an employee
level and not a business owner or manager.

You should adopt the ethical and honest concept as follows:

1) Employees are paid to Work.

2) Employees USE company resources for BUSINESS as permitted by the
BUSINESS.

3) Employees have no natural right to personal anything, not email, not
phone calls, not surfing, not games, etc.... unless their position
clearly permits it.

4) People do not have to apply for any job where they don't agree with
the company policy.

5) Employees "surfing" during business hours are stealing real money
from the company by loss of productivity and decreasing the availability
of network resources for business needs.

6) Employees surfing and private emails are one of the most common
threats to network security in any company.

The problem with people like you, where you believe the employee has
rights that permit abusing the company policy, wher you believe you are
entitled to email and surfing access, is that you're wrong in the USA at
least. If you can't work for 8 hours then don't take the job.

 

[Jon]

Just guessing,...but maybe Jon and Bob have been fired a time or two over
abusing their usage rights and just have a chip on their shoulder. This
whole theory X & Y thing is just psycho-babble to me. I live in the real
world, and in the real world, people will do whatever they think they can
get away with.

Just my opinion....

FWIW I've never been fired once.


Working for Wand-TV your vested interests are clear in perpetuating the myth
of the suspicious "could-be-a-crook" employee that you in the
corporate-controlled media are paid to exploit on a daily basis.

 

[Leythos]

This isn't the likely scenario. Here we probably have 25 happily-working
employees who will arrive at work one day to have their boss announce that
from that day onwards they will be spied upon. I would doubt very much if a
single one of them were told at their recruitment interviews

'Oh, and by the way exactly one year into your employment we'll start
spying on your surfing habits. I hope you agree? If so, sign here.'

No, Mr Boss will come out of his secluded little office one day and announce
to all and sundry that that is just the way it is and that if they don't
like it then the door is thatta way

You are able to leave, if you don't agree.

In the USA, you have no right to privacy when using Company Phones or
Networks, so, even without a written policy they can monitor all
connections.

If you've got nothing to hide then you've got no problems.

If you want to work for a company that does everything the way you want
it, allows all the abuse of company resources, costs the company money
for your personal freedom, then start your own company and watch it
fail.

 

[Leythos]

Just guessing,...but maybe Jon and Bob have been fired a time or two over
abusing their usage rights and just have a chip on their shoulder. This
whole theory X & Y thing is just psycho-babble to me. I live in the real
world, and in the real world, people will do whatever they think they can
get away with.

Just my opinion....

That was my impression also.