Music download & piracy have been in the sphere for quite some time now.  It causes lots of people to get what they want (easily) – music for free thus making it impossible for music companies to (supposedly) make the amount of cash they want to.

Kyle Northcutt posted this question on LinkedIn:

Who and what should the web filter block?

Obvious malicious, lewd and illegal content aside.... should mental diversions be limited or blocked from users? Social networking, youtube, gaming, news, etc can be very distracting and hamper production, but when used sparingly can boost morale, enhance creativity and act as an employee perk in the organization.

My question is, which(if any) of these activities should be blocked? Should everyone be affected by this policy or should engineering and executives be excluded? As a bonus, how does your company handle web filtering?

There are many interesting answers to his question - ranging from "Block them all, and only open those you need", to answers like Angelos Karageorgiou, who says:


I like Angelos answer because it points to where the challenge really is - the humans. With the technology, we can do everything we can imagine. But humans. Now, that is a totally different manner. It takes a very non-technical manner to deal with those people.

In all my humbleness (right), I post my own answer below (as it is found on LinkedIn).


My LinkedIn answer:

In my experience, blocking access to internet resources soon turn your employers into a negative, less-productive bunch of unhappy sheep (lots of negativity in there, huh?)

Nothing is obvious when it comes to humans, and just blocking whatever one person finds obvious may very well upset someone else. As long as we are using technology to deal with human behaviors, we need to teach the same humans the reasons we choose to use technology instead of juts enlightening them.

There are only a few occasions I suggest using these kinds of controls:

* in controlled / secure environments where you must ensure 100% control of what is entering and leaving the area (then I always advice to set up a set of computers with access - as Internet now is a vital part of our communications)
* in restricted areas like jail and schools where motivation to follow policies are not that evident. But - this is also a very narrow path, as many kids today outsmarts the local IT-resource.
* in short time frames in departments dealing with sensitive information like annual results. Then we may close down all communication within a particular time - but never forget that there are phones, facsimiles and other techs you cannot control (that easy)

I am not a fan of closing down access. I believe that most employees are going to do their job as expected - as long as they get their perceived value in return. And face it - in today's workspace, most people will expect access to the Internet at their discretion.

Now, I am an advocate for employer controlled work environment - ie. the company set's the rules, and when you sign your contract, you agree to follow those very rules. But. As long as we are dealing with humans, we will reach much better results by understanding how psychology and organizations work and function. By using a mixture of positive incentives and negative incentives, and doing this in a clever manner, you will see much better results over time.

Face it, if you force a block, someone will be unhappy. You will start see people trying to work around those barriers. Your management will scream and expect totally different rules. Your day will become a nightmare. And what do you achieve? Less motivated, less productive employees.

I suggest the following approach that has worked a dream in the past:

* set up a QoS on your network, and on your outbound link. Tune down everything you do not like entering (streams, P2P, Skype etc). Set it so low that it is still possible to use it, but not practical anymore.
* Inform your employees regularly about how computers is a time thief (I mean, even for me now - I spend time writing this on the Internet instead of doing any productive work...), and give them tips on how to deal with it. Consider them humans and grown up, and it is amazing what you can get them to accept.
* Set up a network monitoring device, analyzing and capturing data traffic. These devices are able to tune in on, and capture only relevant data - triggered by rules and patterns you can define. Use this to figure out what is really going on, and to find that one or two rouge employees that you know are out there. Now you have evidence you can use to force this person to either follow the rules, or to kick him/her out of the organization.

In the end, you have a very efficient setup that does not intervene with day to day business, that does not make you vulnerable to updates and new "things to block", and that as a bonus makes you the hero of everyone in the organization (except the rouge ones, though...)

I have very good experience with this type of setup. Just keep in mind that you are dealing with humans - so treat them like humans to get the to do what you want!

----

What are your thoughts on webfiltering?

LinkedIn, web filtering, security