Employers may restrict access to certain websites in order to guard against very real cyberthreats, but the practice has its downsides, too. Many also end up blocking harmless content, and can potentially affect productivity, according to research.
In a recent study by TheBestVPN, 64% of employees reported that their company used a firewall to restrict access to certain websites. Despite this, two in five employees admit to accessing them anyway, often while on break and sometimes even to accomplish a work-related task.
The study found that the majority of organizations that use this technology do so to restrict access to websites with mature or illegal content, gambling websites, dating sites, and unsecured websites. “Those top few present obvious risks to a company’s network and possibly their security,” explains Joey Morris, who is part of TheBestVPN’s creative team and the author of the study. “It’s really hard to imagine a possible use of those websites that would be beneficial to any employee’s productivity.”
The gray areas
The case for restricting access to some of the other most commonly blocked websites, however, is less clear cut. According to the study, just over half of employers who use firewalls block access to social media and gaming websites, 35% block access to video streaming services, and nearly 32% restrict access to music streaming platforms. Furthermore, over a quarter prevent access to online shopping websites, 21% restrict access to file-sharing websites, and 17% block instant messaging application.
Is blocking effective?
In 2009, Ann Cavoukian, then-privacy commissioner for the Canadian province of Ontario, called blocking social media at work a “mistake.” “It’s like waving the proverbial red flag in front of your staff,” she said. “It’s almost a challenge to them to find a way around it.”
Over a decade later, the TheBestVPN’s study has proven her right. It found that despite their employers’ best efforts, 40% of employees have found ways to access restricted websites. Most often this is done through a mobile device, and the practice is most common among younger workers.
When asked why they circumvented their company’s firewall, more than 80% said it was to use during a break, 46% said they were just passing time due to a lack of work, and 36% did so to tackle a small errand. Perhaps most concerning to employers, however, is that nearly 18% accessed restricted content in order complete a work assignment.
The case for more access
What might seem like time-wasters on the surface may actually prove to be important enablers of productivity in the long run. Studies have shown, for example, that listening to music at work can improve mood and increase productivity, and other research has found that workers are most productive when they are able to occasionally do “non-work stuff” online.
Morris adds that as people get more accustomed to using digital tools in their personal lives—such as file-sharing websites or instant messaging—they often want to use those same tools in the workplace.
“While they might not be a tool your company uses department-wide, they’re tools people use personally for their own organization or work styles,” he says.
Morris adds that instructional or educational videos can be a practical resource in both our personal and professional lives, and that employees often want to use the same instant messaging applications they use at home for work-related chat groups. He also argues that social media can be a powerful tool for growing and maintaining professional networks.
The case for less access
There’s an old adage in the IT security industry that says the biggest security threat isn’t software, it’s people, and studies have proven that to be true. In fact, one such study found that more than 99% of attacks require human interaction to succeed, such as convincing a user to download a malicious piece of malware, visit an unsecured website, or open an email attachment containing a virus.
According to a recent study by Spiceworks, 90% of organizations that restrict websites on corporate networks do so to protect against such threats, while 83% do so to prevent “unacceptable user behavior.”
“You can spend all this money on software and hardware that protects your network, but all it takes is one person to click on a shady link and your entire network could be infected by malware—or worse, ransomware—that brings your company to a grinding halt,” explains Peter Tsai, a technology analyst for Spiceworks and author of the report.
Tsai explains that for those tasked with keeping their company’s computer systems up and running, it’s vital to restrict access to websites that might compromise the entire network, or make it easier for malicious actors to compromise company assets.
“Imagine you’re a company with trade secrets or sensitive customers information or other types of data that are regulated, and if it gets out, you’ll get fined millions of dollars,” he says. “If you allow your employees to use whatever file-sharing sites they want to, or whatever instant messaging platforms they like, they might be sharing company secrets over Facebook Messenger.”
With regards to music and video streaming services, Tsai explains that they’re often blocked in order to prevent bandwidth issues, which 46% of companies cited as a reason for restricting access to certain websites in his study. “If 15 people at your company are streaming 4K videos at the same time, it could bring your network to a crawl, because all of that bandwidth is being used up,” he says.
How firewalls impact employer-employee relationships
Shel Holtz has heard many of these rationales in the past, and he isn’t buying it. Now the director of internal communication for Webcor, he’s spent much of his career speaking and writing against the use of firewalls in the workplace.
He recalls a time when his employer restricted access to fax machines out of fear that it would make it too easy for staff to steal confidential documents. Holtz adds that he heard the same rationale for limiting access when email was introduced, and again most recently during the debate over social media access at work. “It’s something we’ve seen with virtually every new technology that’s been introduced into the workplace,” he says.
Holtz expresses similar frustration over the argument against misuse of company bandwidth, as it reminds him of similar arguments made when fax machines and copiers were first introduced. “Bandwidth is the new paper,” he says. “Maybe you need to consider increasing the amount of bandwidth you have for employees—it’s not that expensive. But saying it’s some sort of finite commodity strikes me as a little disingenuous.”
Holtz adds that it’s important for organizations to consider whether it’s really necessary to block websites that pose less of a direct threat, as it can have a negative impact on morale, loyalty, and productivity.
“It’s a hit to engagement,” he says. “You hired me, you told me how important I am, but you don’t trust me as far as you can throw me? You’re going to lump me in with every other employee, so I can’t check in with my wife during the day over Facebook Messenger?”
Overall, Holtz believes transparency is the best policy in order to maintain employee trust when websites really do need to be blocked. “Disclosure covers a lot,” he says, adding that if a company really needs to block a website they better be able to communicate a good reason as to why, or staff will just find a way to get around the firewall.