An insurer's nightmare: A high profile prospective businesspartner is ready to sign a multi-million-dollar deal. As youfinalize the arrangements during a tour of the home office, yourvisitor sees an employee viewing pictures from a, shall we say,inappropriate-during-business-hours Web site. A mere glimpse ismore than enough to dissuade the would-be partner from signing thepaperwork, and he walks out-along with a lot of potentialrevenues.

There are paths to enlightenment and roads to ruin on the Net.It's easy to blame the people who put the content out there-butassuming it's legal stuff, it enjoys First Amendment protection. Asis the case with freedom of speech issues, it's the viewer'sright-and responsibility-to view or bypass any material that mightbe objectionable. And while office policy doesn't ordinarily trumpthe Constitution, management may establish any guidelines they wishregarding use of company equipment-in this situation, that meansthe desktop PC, the software on it (e.g., the Web browser), the Netconnection, and so on.

Let's say your company's policy forbids viewing sites of adultnature. Of course, there are extenuating circumstances that couldexplain why 'graphic' sites load: a misleading hyperlink pointedthere, a Web page auto-routes users, or someone simply uses theright (or wrong) search term. For example, researching the KingMidget-an automobile popular during World War II-could yield a linkto "The King Midget in Action." Your fault? Hardly, assuming youdidn't sit there gawking at the images for 10 minutes after theywere loaded. (Dick's Sporting Goods is a popular store in theMidwest. A trip to dicks.com will not, however, bring you to thestore's site.)

Mistakes can happen. But if you're concerned about youremployees using the T1 for T&A, you're in luck. Web sniffingtechnology can alert you to your workers' bad browsing habits.Depending on the company, no-nos can include use of chat rooms,music swapping sites, and auction portals. While these sites areoften PG- or even G-rated, the contents might not align withcorporate goals. Sniffers, snitches, and spies of variousflavors-from Web use logs to real-time snoops-are becoming moreprevalent in the workplace as businesses deepen theire-commitments

Setting the Tone

Circulating and implementing a clear, concise Web use policywill help get everyone on the same page. Explain that looking atquestionable Web sites only drains corporate resources, includingnetwork speed and bandwidth. Make clear the fact that the companycould be sued based on employee browsing. For instance, childpornography is illegal; and loading, viewing, or saving suchmaterial is, too.

You should also institute a policy that deals with theaccidental loading of explicit material. Perhaps it's best toinstruct employees to notify a supervisor if an X-rated pop-upwindow appears so that no unwarranted disciplinary action is taken.Finally, make sure everyone understands the penalties involved withaccessing inappropriate material.

After everyone understands what the company expects of them whenthey're online, it's time to get the solutions running.

So what's the right kind of technology to keep your employees ontask?

Decisions, Decisions

Filters. The filter could be all you reallyneed; in any case, it's a strong foundation. Filters can be used toblock access to specified IP addresses, keywords, phrases, andmore. You can set preferences yourself, or purchase an automatedsolution that scours the Web for words, phrases, and context (e.g.,it allows an employee of a bottle-washing plant to search the Netfor "jugs"), and then reports findings and blocks accessaccordingly. These applications can be customized to delivernotices of bad behavior to higher-ups, network admins, or theuser/violator.

A close relative of the filter, 'file quarantine' solutions canbe installed to halt all potential downloads at the firewall level,allowing supervisors to inspect files of questionable origin orcontent. This protects the rules in the company handbook and thenetwork from virus attacks.

Type Tattletales. On the market are softwaresuites and pre-loaded servers that catch users typing inappropriateterms in search engines, and actually prevent them from doing so.You pick the words and phrases, the solutions do the rest. You caneven set the application to snitch on the user. Some applicationswill simultaneously install and update filters on proxy servers,preventing crafty folks from working around the system. How longbefore Yahoo! will recognize "S-H-I-P minus P, plus T" as a searchphrase?

Timers. If you want to restrict Net accessduring certain times (e.g. after normal business hours) you shouldconsider installing these apps. Quite simply, you set the times foraccess; employees will be securely shut out. Look into buying asolution that will allow a supervisor to override the controls atterminal points in case a necessity arises.

Keystroke Catchers. These solutions allow youto record keystrokes from any screen in the building, or monitoractivities in real time. If someone types it, you can see it;perfect for nabbing the people who abuse chat rooms. Naughtymaterial aside, this can also be useful when watching out foremployees suspected of leaking proprietary information. Manykeystroke monitors have the ability to keep word-for-word logs-butthey need regular feeding: scalable hard drive space.

Real-Time Spies. As the name implies, thesesolutions offer you the chance to actively monitor the way youremployees use company equipment. Sit back, relax, and watch Jim inaccounts payable dump his entire tech stock portfolio in a marathononline trading session; or get the latest dirt on Jane's14-year-old second cousin's pregnancy by secretly dropping in on anMSN Messenger chat. If you're buying, look for apps that allowreal-time snooping on Web activities, instant message tools, mail,and non-Internet-even job-specific-programs. You can also findsolutions that will send this information in real time to remoteservers, private Web sites, or networks for your viewingpleasure.

What You Can Do

A senior level IT professional-under the condition ofanonymity-said his company's policies regarding use of proprietaryequipment are fairly clear. He explained that many gray areas existin terms of what's appropriate and what's not-and levels thereof;in any case, if a page loads some foul content, and it's purelyaccidental, the IT department will issue a memo to the employeeexplaining what happened, and will advise ways to prevent futureproblems.

If an employee is purposely accessing lewd content, the firstoffense almost always involves a meeting involving the employee andhis supervisors; he may also face the company president. Theincident will be noted in the employee's file.

A second offense, at the discretion of company leadership, couldinvolve suspension without pay for a few days, depending on thecontent in question. Our source said the company usually prefersstern warnings to immediate termination-of course, the lattersometimes cannot be avoided. Other types of incidents noted on theemployee's file influence the degree of reprimand.

A third offense, if the employee is really that thick headed,will mean termination. How many warnings and punishments does oneperson need?

According to our source, employees at his company were alsoissued a "sharing policy" explaining what's suitable for use in theworkplace. The rules were issued to all employees as soon asproblematic browsing and e-mailing were discovered. They state thatall e-mail messages containing potentially offensive content-sex,race, religion, disability-be destroyed.

The company's IT department deployed a few solutions that managethe flow of content to prevent the influx of lascivious matter.That includes WebSpy (www.webspy.com), an all-in-one solutionthat filters Web access by keyword, content, and category; producescharts and graphs based on usage and access points; reports usagetrends; and reports usage durations by user or IP address. It canalso be programmed to block access to certain IP addresses,keywords, and phrases. The company also employs Web sniffers, whichare set to monitor the sites employees visit, the duration of thevisit, and the user's name or network ID. E-mail monitors-in thiscase, GFI Software's Mail Essentials (www.gfi.com) are fine-tunedto scan attachments for viruses and route messages withinappropriate content in the subject line or body to the e-mailadministrator.

Content management technology is strong. But there's always apath around the system. So if one of your employees is addicted toAimster and keeps finding ways to tunnel under your cyber-fences,you should suggest a career in software engineering as he'sescorted from the building.

So You Want To Play Big Brother

X-Stop by 8e6 Technologies
(www.8e6technologies.com)
Denies access to pre-selected Web sites, FTP sites, newsgroupsites, and denies searches using pre-selected words within searchengines. Prevents access to selective ports such as IRC, ICQ, RealVideo, Real Audio, etc.; automatically filters proxy servers whichprevents bypassing the system; customizable individual filteringprofile for end users; automatic daily library updates of newcategorized sites; reporting of Internet usage by user or byorganization, and more.

Spector by SpectorSoft
(www.spectorsoft.com)
Records all Internet activities, working in the background andtaking hundreds of screen shots every hour. Works with Web sites,chat applications, instant message services, e-mail, andkeystrokes. Also records Hotmail, Yahoo Mail, and other anonymouse-mail accounts.

Black Box by Enfiltrator
(www.enfiltrator.com)
Tracks computer use, including applications keystrokes, logginguser ID, date, time, application, keystrokes, active time, inactivetime, and more. Recorded information is searchable and viewable viaspreadsheets and charts.

PC-Timer by Safari Software Products
(www.pctimer.com)
Allows businesses to decide who uses what, when, and how long. Thesystem admin allocates time per application to each user; theapplications lock out the users when the time has expired. The appgives a two-minute warning to users and prompts them to save andexit. Internet downloads are not interrupted by PC-Timer even ifthe user is locked out.