In this post Sian Hayward, our improvement manager, talks about getting internet access and security right for staff in the council. We opened access to social media in 2011 but what about access to other sites?
Some categories of site are blocked to staff, such as gambling websites. We obviously don’t need to look at a gambling site to place a bet but what if we were researching Big Lottery funding?
Here’s Sian:
I’m about to review the blocked sites and categories as they were put in place many years ago when we used a sledgehammer to stop people using the internet.
I appreciate that schools use the same access as us and I wouldn’t want them to have free access to porn sites etc., but some of the restricted sites are really stupid.
These days I’m encouraging internet and social networking use, and with laptops and agile working meaning employees use work equipment for internet access at any time. It’s a real pain to have sites blocked. I believe it’s a management issue if employees are abusing works time rather than simply restricting all access.
In work I research best practice, and am so frustrated when the sites are blocked and I have to use my own internet access for work purposes. This sometimes happens when I’m looking at financial information or when trying to use free online survey tools etc. Recently I couldn’t book a train ticket because our filtering system refused me access to a ticket purchasing site.
We’re now taking a look at the list of the restricted sites and categories so we can set up a team of interested employees to review it. The team need to:
• Review the list from the perspective that we use the same network as schools and some sites NEED restricting.
• Look at the risks involved to the councils reputation and integrity if they stray into some sites inadvertently (the highways team need to order ‘hard core’ for the roads)
• Review the internet access policy to make it a responsibility of employees NOT to use the internet inappropriately (as opposed to restricting access to sites) and toughen up the penalties for doing so e.g. disciplinary.
We can then have one policy for social media and internet use.
Unfortunately certain restrictions are inplace due to the nature of data security. Many IT systems are build to prevent its staff from clicking on malicious links that redirect users to sites that can cause an automatic download of virus or data gathering. For examle, if internet usage was unrestricted and you entered your corporate credit card information into a site pretending to be the trainline, money can be taken automatically without knowledge. Which is a data protection issue.
Same as solutions such as dropbox that allows users to “collaborate” also leaks corporate data out to the internet.
Bottomline is IT restrictions are there for a reason but they can only protect end users so far without awareness how security threats out on the internet. Business data is NOT like have your broadband at home and this is a serious underestimation on staff that do not work from an IT securty standpoint.
Absolutely true and it is essential that access is filtered to protect the council and its employees. A balance needs to be struck between enabling business to be carried out and ensuring the integrity of information. At the moment the balance needs to be realigned as its over restrictive.
I’m afraid the team you’ll put together to review the list will not have the skills to judge what is safe and what is putting your data at risk. I suspect your IT team already has a product or service in place to do this job, which uses information provided by companies that specialise in data protection. Management oversight, disciplinary action etc does not work – ask any IT staff of their experiences and prepare for the horror stories! It may be over restrictive from your point of view, but you will change your mind if you have an open and frank discussion with your IT Dept.