~I posted this to another listserv that I wouldn't be surprised if some of you are on, so this may look famliiar. Still in need of some feedback/suggestions!~Do any of you have active web content filtering OR flagging in place for work issued computers? How do you address it with new hires during onboarding, as well as in your policies if a user is found to be surfing unsavory sites?
We have Cisco Umbrella in place on both work issued computers and have been actively adding it to our BYODs as they become a mainstay in our world whether I like it or not. We've been using it thus far only for sites flagged as malware or phishing, but it is of course, reporting back on other content, e.g., gambling and x-rated materials.
The tricky part is the "big brother" aspect, particularly on the BYODs, some of which do get access to our VPN (until we slowly phase out network drives). Our BYOD policy does refer to Cisco Umbrella as an "anti-malware monitoring software" (which I think should be re-worded) and our about-to-be updated technology policies obviously says the org reserves the right to monitor usage on work-issued systems.
I'm not of the mindset that I really care to know what users are doing, particularly on their personally owned systems… but such is our world.Thoughts and feedback are appreciated.
We use content filtering on all corporate-owned computers. We separate our corporate, guest and BYOD device networks in the office and we filter the traffic on each one. We do not content filter BYOD devices once they leave our BYOD network in the office, at least not yet. Filtering BYOD is a sticky subject our management doesn't want to pursue like you said there is the "big brother" aspect. We do use a product like Cisco Umbrella to filter corporate laptops when they are off network.
During orientation, our new hires are given an employee handbook which contains all of the IT-related policies. This includes the Internet Usage policy that states the internet traffic is monitored, reported on and what is considered inappropriate. I have set up email reporting for specific categories and if the need arises, I will conduct a further search on browsing history. If needed, the reports are then turned over to the Executive Director where he will determine how to handle the situation.