Kyle Northcutt posted this question on LinkedIn:

Who and what should the web filter block?

Obvious malicious, lewd and illegal content aside.... should mental diversions be limited or blocked from users? Social networking, youtube, gaming, news, etc can be very distracting and hamper production, but when used sparingly can boost morale, enhance creativity and act as an employee perk in the organization.

My question is, which(if any) of these activities should be blocked? Should everyone be affected by this policy or should engineering and executives be excluded? As a bonus, how does your company handle web filtering?

There are many interesting answers to his question - ranging from "Block them all, and only open those you need", to answers like Angelos Karageorgiou, who says:


I like Angelos answer because it points to where the challenge really is - the humans. With the technology, we can do everything we can imagine. But humans. Now, that is a totally different manner. It takes a very non-technical manner to deal with those people.

In all my humbleness (right), I post my own answer below (as it is found on LinkedIn).


My LinkedIn answer:

In my experience, blocking access to internet resources soon turn your employers into a negative, less-productive bunch of unhappy sheep (lots of negativity in there, huh?)

Nothing is obvious when it comes to humans, and just blocking whatever one person finds obvious may very well upset someone else. As long as we are using technology to deal with human behaviors, we need to teach the same humans the reasons we choose to use technology instead of juts enlightening them.

There are only a few occasions I suggest using these kinds of controls:

* in controlled / secure environments where you must ensure 100% control of what is entering and leaving the area (then I always advice to set up a set of computers with access - as Internet now is a vital part of our communications)
* in restricted areas like jail and schools where motivation to follow policies are not that evident. But - this is also a very narrow path, as many kids today outsmarts the local IT-resource.
* in short time frames in departments dealing with sensitive information like annual results. Then we may close down all communication within a particular time - but never forget that there are phones, facsimiles and other techs you cannot control (that easy)

I am not a fan of closing down access. I believe that most employees are going to do their job as expected - as long as they get their perceived value in return. And face it - in today's workspace, most people will expect access to the Internet at their discretion.

Now, I am an advocate for employer controlled work environment - ie. the company set's the rules, and when you sign your contract, you agree to follow those very rules. But. As long as we are dealing with humans, we will reach much better results by understanding how psychology and organizations work and function. By using a mixture of positive incentives and negative incentives, and doing this in a clever manner, you will see much better results over time.

Face it, if you force a block, someone will be unhappy. You will start see people trying to work around those barriers. Your management will scream and expect totally different rules. Your day will become a nightmare. And what do you achieve? Less motivated, less productive employees.

I suggest the following approach that has worked a dream in the past:

* set up a QoS on your network, and on your outbound link. Tune down everything you do not like entering (streams, P2P, Skype etc). Set it so low that it is still possible to use it, but not practical anymore.
* Inform your employees regularly about how computers is a time thief (I mean, even for me now - I spend time writing this on the Internet instead of doing any productive work...), and give them tips on how to deal with it. Consider them humans and grown up, and it is amazing what you can get them to accept.
* Set up a network monitoring device, analyzing and capturing data traffic. These devices are able to tune in on, and capture only relevant data - triggered by rules and patterns you can define. Use this to figure out what is really going on, and to find that one or two rouge employees that you know are out there. Now you have evidence you can use to force this person to either follow the rules, or to kick him/her out of the organization.

In the end, you have a very efficient setup that does not intervene with day to day business, that does not make you vulnerable to updates and new "things to block", and that as a bonus makes you the hero of everyone in the organization (except the rouge ones, though...)

I have very good experience with this type of setup. Just keep in mind that you are dealing with humans - so treat them like humans to get the to do what you want!

----

What are your thoughts on webfiltering?

LinkedIn, web filtering, security

I have created a LinkedIn group called NorSec. The group targets security professionals in the Nordic, with particular focus on Norway.

The group is not publicly available. To be accepted you will comply with the following:

• Located in Norway (or the Nordics)
• Currently working within the security industry

The benefits of joining the group are:

• Join and meet other security professionals
• Develop a forum for discussions
• Find job opportunities
• Find candidates
• Get answers

Please note - if you are not located in the area, or not in the security industry, you will not be accepted as a member of this group. There are other groups available for you!

To apply: http://www.linkedin.com/e/gis/111057/40E1791B6B9D

You may consider letting me know about your request using the contact form or my e-mail.

My regular readers know I am a keen networker. As such, I use Linkedin as a tool for managing my connections and finding parters, clients and resources. 

Benoit Dicaire has set up a Security professionals group on Linkedin, the purpose being to have a place to ask questions and to network. The only requirement of the group is to have a genuine interest in the topic. 

If you use LinkedIn, you may find interest in the group. The group has a homepage arriving soon too.

Another group for LinkedIn users is the WrighthandSecurity group - former LinkedInSecurity. I am a co-moderator, but the group is almost dormant - not a lot of action going on atm. Perhaps you can add some?  

 

Dear anonymous (I would much rather prefer to say Dear John),

First - I post this as a blogpost instead of a reply to your comment on my post about Jamparii. 

Thank you for your input. As I know you are not only claiming to do what you say, but actually are trying to build your own tool for business networking, I would much rather that you did enter your own name, John.

However, what you are pointing at is true in all new ventures. It does take capital to build success. And there are several different paths to choose from. Jim has chosen one path, and John, you took another path.

My experience tells me that the path of money alone is not enough. To build a successful networking site, you need quality. You need content. You need active users. And you need a value proposition to your users.

Linkedin, Xing and Facebook are three successful networking tools, but they are very different. Ecademy and Viadeo are others. Myspace and Orcut are there too. Just to name a few of your competitors. They offer value. Distinctive value. And they have success. 

You need to present a clear value to me before I will even consider your new tool. No matter how you choose to finance you venture. Scam or not.

This is about risk as well. Do you have what it takes to break the bank? Did you consider all options? Have you done your homework, so you know how to position yourself?

What if you fail? What if it takes twice the time to break even? Or three times the time? What if you only secure half the funds you need? What if only one tenth of the required users actually signs up? 

So the question to you two competitors - do you have the BUZZ?

I have been known to rant about peoples lack of care or understanding when it comes to publishing information on the Internet. Most people are either incredibly naive, plain stupid or just do not care. (I do realize they probably just do not want to know).

This Youtube came to my RSS reader today (thanks Gnucitizen).

So as a reminder to my readers, please take a look at this video. It is your identity at stake. Your future.

Social networks has taken over much of the communication and networking these days. By setting up one (or many) profiles on LinkedIn, Facebook, Xing, MySpace or any other tool out there, you get to share ideas, thoughts and images with your peers, friends and the public.

Somehow, a large number of people seems to forget the last word - public. Somehow, they expect to be protected against cut'n'past of questions, comments, images and profiles. Even though they put the information into these tools themselves.

Over at LinkedIn, there has been several discussions about privacy - or what people think is privacy. Ray van den Bel, a top-linkedIn and online strategist, has a problem with LinkedIn sending his public questions to his connections. Somehow Ray is confusing privacy with public information. He posted a question (several in fact) on the Answer section of LinkedIn - a public service. Then he starts complaining when LinkedIn sends his question to other LinkedIn users. Wake up Ray, there is two reasons to post questions on LinkedIn (and similar services) - to get answers from as many as possible, and to promote yourself.

 There are other discussions on the LinkedIn Answer covering the same thing - for example someone worrying about someone copying their answer and republish it somewhere else - on blogs, Digg etc. I mean, WAKE UP! You post your ideas, thoughts, answers ONLINE! And on a public website. Hey - you have NO control over that information. If you do not like that, then keep your comments to yourself. Or pick up the phone. 

Internet is transparent. It will become more transparent. You are responsible for your own actions, and need to be in charge. 

For your information - every answer you put on LinkedIn is publicly available. If you post someting on Xing, it is even indexed by search engines. Using CoComment? It is open for the public to subscribe to YOUR comments!

In this cyberworld, you need to recognize that everything is public. If you do not like it, do not use it. It may not be entirely like the toilet wall?

Discuss your view below! 

I just posted a question on LinkedIn Answers - "How do you define Information Security". I ask:

 

I welcome your thoughts on this matter below!