Net security, social media misuse pose hurdles for managers

Businesses should have policies and monitoring
Businesses should have policies and monitoring systems in place to determine appropriate use of the internet. File 

Tackling Internet security threats and employees’ access to social media during working hours are the biggest nightmares for managers, according to several new reports.

A study by scholars at Kansas State University and another by KPMG shows employees spend a lot of time on cyberloafing – wasting time on inappropriate website browsing – causing organisations to waste production hours. The study by Kansas University found that some employees spend up to 80 per cent of office time online.

The KPMG study says risk areas regarding social media misuse in the workplace is on several fronts: 46 per cent misuse of bandwidth, time wasting at 35 per cent, malware exposure 49 per cent, loss of confidential information 22 per cent, and negative representation of company 19 per cent.

There is no local survey to determine the amount of time employees spend online on non-work related matters. However, a recent report by the Serianu Cyber Threat Intelligence Team named insider threats by employees as one of the cyber security risks.

A number of firms such as G4S and Child Welfare Society of Kenya (CWSK) say they have been forced to come up with policies on how employees access social media during office hours. They have also invested in filtering and antivirus tools.

“We often notice employees doing unproductive activities like chatting, surfing the Internet, downloading videos and music during office hours. Some of these activities are bandwidth-hungry and slow the speed of internet for those using it for business,” says Ishak Bhardia, system administrator at G4S.

The study by Kansas University suggests that traditional work guidelines on Internet use are not enough to police worker behaviour, and that if companies really want to scale back time employees spend surfing the web, they must consistently enforce sanctions to uphold policies on cyberloafing.

“We found that it was hard to get young people to think that social networking was unacceptable behaviour,” reads part of the report. “Just having a policy in place did not change their attitudes or behaviour at all. Even when they knew they were being monitored they still did not care.”

At G4S, Mr Bhardia says they invested in web filtering applications which regulate the surfing trend among employees to curb the behaviour.

“Web and application filtering has helped us to create customised policies for each user group. Also, it has efficiently regulated surfing trends of the staff resulting into increased productivity,” he added.

The KPMG survey notes that for many companies, benefits of social media use outweigh risks. Rather than ban social media use outright and lose a competitive advantage, businesses should have policies and monitoring systems in place to determine appropriate use of in the organisation.

The Serianu survey notes that most Kenyan employees are unknowingly exposing their companies to cyber attacks through use of personal devices to access company networks.

Sensitive information

The report says that with many companies in Kenya allowing their employees to take their devices to work, hackers are taking advantage of poor security on the gadgets to access sensitive company information.

“With the continued adoption of enterprise mobility, a growing percentage of workers are using their personal devices to access corporate resources,” states the report. “When these devices are not secured this introduces a wide range of security threats.”

In the past few years, the Bring Your Own Device (BYOD) policy has become common place in corporate Kenya owing to the affordability and variety of portable consumer technology.

Many companies believe that encouraging and even facilitating their employees to use laptops, tablets and smartphones increases their productivity since they do not have to be physically present in the office to work.

At the same time, it cuts operational costs as the company is saved the expense of buying new equipment such as desktop computers. However, this also presents a security threat to the company since many employees often take little or no steps to safeguard their portable devices from cyber threats.

Mr Geoffrey Yegon, an ICT officer at CWSK, said the major concern for the organisation has been securing their network against viruses and spam mail.

“In addition to our mail being tampered with, our network was flooded with spam mail which accounted for 30 per cent of our incoming traffic. This eats up precious bandwidth space, affecting network speeds and bandwidth for our internal usage,” Mr Yegon said.