Prasoon Gupta works for one of India’s largest software companies. Around a month ago, one of the company’s clients visited his office in Bangalore. In the course of casual conversation, the client asked one of the engineers if they could access online email services and social networking websites from their workstations in the office. The client was not impressed with the answer.
Within days, Gupta’s company clamped down on Internet access for its employees. Online email services such as Gmail and Yahoo mail, and social networking websites such as Facebook and Orkut, were blocked.
Gupta says: “They wanted to prevent people from sending out confidential client information. But blocking websites is meaningless. It just wastes everyone’s time. People soon began spending even more time online trying to work their way around access blockages. Now it’s a race between the IT administrators and the engineers to see who can outwit each other.”
Employees are using loopholes to outwit IT administrators
Social networking websites are increasingly being seen as a problem in the workplace. And there’s more to it than the security issue. Employees, especially younger people, are spending growing amounts of time online. And, alarmingly for employers, they’re doing it at the office.
In a recent survey by IT security firm Sophos, the results of which came out in October, a striking 14.8% of 500 global Facebook users polled by the company said that they spent virtually all day logged on to the website, including the time they spent at work.
The latest rankings by Alexa Internet, a subsidiary of Amazon.com that estimates Internet traffic, ranks Orkut.com as the fourth most popular website in India after Yahoo, Google.co.in and Google.com. Facebook came in at 11th.
Mansur Ahamed, who runs Tiger Tale Studios, a gaming start-up in Hyderabad, has a different view from that of Gupta’s company. “We don’t block anything in the office. People are free to do what they want as long as work gets done,” he says. When asked if this policy will continue as his company grows, Ahamed is confident: “I think we have to approach this on a trust basis. If I have to police what my people do every minute, I don’t think I’ll have time for anything else.”
“You can trust one person. Ten people. But not a thousand. At that scale, all it takes is one disgruntled employee to breach confidentiality norms,” says a senior vice-president of information security at a large multinational bank, who did not want to be named. “Today we have a blacklist of sites and spend a lot of energy updating it. If things get worse, companies might think of moving to a ‘white list’ system, where people can only access certain approved sites,” he says.
Working your way around the blocks put up by your IT department isn’t complex. Gupta says: “There are dozens of ways of bypassing office restrictions. Free proxies that mask website names and other loopholes are merely a Google search away.”
Digital Inspirations is a technology blog that regularly posts ways and means of getting past online controls. Amit Agarwal, who runs Digital Inspirations, explains: “For instance, you can read your Orkut scraps as an RSS feed without ever visiting the main Orkut site. In case of Facebook, there are services that let you access Facebook via email or SMS.”
The battle to control employee access to the Internet is not one that employers will win easily. That is why, perhaps, ImmersiveX, a Mumbai-based Internet design firm, has tried to rewrite the rules of the game. A recent job posting by the company on a youth job portal had an interesting couple of lines. In the Benefits box, the company has added: “Free Internet! No Orkut blocks!”
But, will the strategy work? Gautam Ghosh, a human resources consultant, is sceptical. “Open Internet and Orkut use might be a differentiator for attracting people, but the company itself would lose out in the long run if the employees cannot manage how much time they spend on the sites, and if work productivity suffers.”