I ask every client we have, “do you monitor your employees web usage?” I get two answers. “My employees are good people, I don’t need too.”, or they say “No but I need too.” In my opinion, you need to. Not because they are bad people, or are dishonest in any way, but because they could be doing things that innocently hurt the network.
I heard a story once of a guy who was visiting inappropriate websites during his lunch hour. He ended up with a Cryptolocker virus. If you don’t know what that is, it’s a virus that locks your files and the files on your network drive, and you have to pay a “ransom” to get they files unlocked. What happened in this case, is he knew he had it, he was embarrassed, so he tried to fix it himself. As the days passed, the virus spread to each and every server, and every file share. Now the company was basically locked, and they didn’t know why. Eventually, after more than 2 weeks and tens of thousands of dollars, they figured out what happened.
Could this have been avoided if those websites were blocked? Could this have been avoided if random checks were done on the web browsers history? Maybe. But the best thing to do is put a policy in place, and let the employees know exactly what that policy is, and what the repercussions are if you do not follow the policy. The policy should be in writing and should specifically state what employees can and cannot do. Below are a few examples of what you should put into your policy.
Employee Computer Policy
What websites are your employees allowed to visit?
What websites should they not visit.
Are they allowed to have personal information on their computers?
Are they allowed to install personal software?
Do you monitor email?
These are just a few examples of things you can put into your policy. Employees may be a bit touchy at first, but if you use this for new employees as the company policy, you should have no problem.