How do you get your employees to spend less time browsing the web?

“Hi .., Employee internet access control is keyword. For IT tools, I do recommend a combination of forward proxy and a URL filters for the beginning. Proxies are big brothers, and they do intercept every internet connection when deployed right. You can control all internet access, authenticate and log users based on their directory credentials... Best known proxies are Squid as free software, Microsoft ISA as a windows solution and Blue Coat as an appliance. Of course there are several other variances. (esp. for IM control there are specific IM proxies) On the URL filtering side, the idea is to categorize internet addresses by a list of database and dynamic identification method combinations. For example you may block gambling and web mail sites, but allow shopping sites. SmartFilter, 8e6, Websense, Webwasher, ISS Proventia, Optenet, ALSI Intersafe, and DAJ iFilter are the known vendors. Also many firewall vendors deliver integrated URL filtering solutions (e.g. Fortinet, Juniper, and Cisco) Proxied traffic can be tuned to manage the bandwidth allowed per application/site/user. It is also possible to enforce a mandatory user splash page for every login that explains the policies... Time based polices are also very useful, on the proxy or the firewall, you can allow internet access rules based on time; I usually allow unlimited access over the weekends and off-hours. Logging is another key point. If the employees know that all connections are logged they will spend less time on web surfing. First make sure that you have a published monitoring and logging policy and every employee receives a copy. If every internet connection is authenticated then you can get your logs per user (instead of per IP address) Publishing top users on intranet is a very effective/harsh way of curbing unnecessary Internet use... Once upon a time, I cut traffic in several folds without applying any filter- the only point was the publishing of internet access logs on the intranet. The options are limitless in logging (from storing every key stroke, to recording full internet sessions for replays) If you do not control endpoints (like group policies on windows clients) some tech savvy users will find a way to bypass controls, on these cases if your budget allows using an inline SSL decryptor will be very useful I tried to focus on IT tools, but if you have any specific question on any of the topics, or governance of employee internet access, please let me know, regards, - yinal ozkan.”