To Avoid Many Perils Control Internet Access, Agencies Warned

NU Online News Service, march 29, 3:57 p.m. EST

NASHVILLE, Tenn.--Oversight of employee Internet use is important to protect an independent insurance agency from computer viruses, legal exposures and time wasting, according to an industry expert.

Chris Borchert, business development executive with iPrevision, made his comments during last week's 34^th annual AMS Users Group meeting, now called Network of Vertafore Users Group (NetVU) here.

Mr. Borchert, whose firm is an Internet security solutions provider based in Yorba Linda, Calif., reviewed how susceptible today's producer technology systems are to outside attack.

He said studies show that employees can spend a lot of work time--as much as two hours of company time--on personal Internet browsing, which can amount to an average of close to $5,500 in lost productivity.

However, many employers may not realize there are legal liabilities that such activity can expose them to, he said. Also, activity on these sites can inadvertently expose the company's network to viruses and malware that can infect a single computer or the entire agency system.

Those under 30, who grew up surrounded by technology, are more prone to spending work time on personal Internet correspondence, while those over 30 spend less. But no age group is immune from exposing the producer's system to legal liabilities, he said.

There are several areas where this exposure can occur, Mr. Borchert noted. It can happen through e-mails, instant messaging, visiting unauthorized Web sites, or social media such as Facebook.

Controlling e-mails has legal implications because some states require companies to keep correspondence for a period of years, he explained.

The use of personal e-mails through Internet sites such as Yahoo!, Google and Windows Live can make that difficult. One issue, he said, is employees sending confidential information to themselves, which might be the case when they are either looking for a new job or leaving their current position.

While instant messaging has become popular, it can be a major drain on productivity because it can absorb a lot of band width, slowing down an agency's system, Mr. Borchert explained. Employees can also use those sites to send files or inadvertently open up the company's system to virus and phishing attacks.

Studies have found, he said, that a minority of employees access and download material from Internet sites that can expose the company to viruses or legal liability. Despite a few people performing such activity, it can expose an agency to a big problem.

Such legal liability, he said, can come in the form of music file sharing, where companies have been held monetarily responsible for a single employee's downloading of illegal music material, because it was done over the company's Web site.

Social networking sites are becoming a new form of exposure, Mr. Borchert warned. There is the time management issues of employees spending too much of their work day communicating over these sites.

The other issue is downloading an application, or visiting a site the employee assumed was friendly, only to discover they opened the company's system to a destructive virus.

He said identifying such actions is a game of "cat and mouse," and that anecdotally, those that "look the most busy are the ones wasting the most time."

The most effective way of combating this problem is developing a written policy and educating employees on what that policy is. Mr. Borchert said the company's Internet policy needs to be reviewed and updated yearly because of technology changes. The policy needs to be clear and easy to read and not laden with technological terms.

As part of the policy, discipline needs to be consistent and employees should sign off on the policy that they were advised of it, he advised.

When developing Internet policy, he said a company needs to determine what kind of culture it wants: either big family, that doesn't do a lot of blocking of Internet sites, or big brother, that controls everything. Many employers end up with a combination of both in their policy, he said.

There is technology available to accomplish these goals, Mr. Borchert said. His own company [which is a NetVU-approved vendor] offers such solutions, including time restrictions, blocking categories of Internet sites or specific sites, and monitoring all Internet activity, down to recording individual instant messages transmitted over the producers system.

"The more employees understand what and why restrictions are in place, the better it is," Mr. Borchert noted. "When they don't understand the security issues, they look for ways to get around it. When they are educated, the more likely they are not to do those activities."