Studies find employees waste over half of their work day on personal time.

Alarming findings from several recent studies on Cyberslacking show that your staff is likely using their work day to partake in personal activities. And even more shocking is that many of these activities could compromise your business.

The internet has definitely altered the way work is performed. We are much more connected to our clients and colleagues than ever before. But we’re also closer to criminals as well. Despite the positive impact the internet has had on communication, it comes with a cost. Wasted work days online are now not so uncommon. Games, videos, social media all contribute to over 35% in productivity of your workers (on average). Depending on how connected your staff is, those numbers could be as great as 70%!

In fact, the U.S. Treasury Department has found that cyber-slacking— the act of avoiding work by performing personal online activities–  accounts for nearly 51% of employees time online and includes activities like answering personal emails, participating in chat rooms, on-line banking, on-line shopping, or even viewing pornography.

What’s startling is that over 75 % of visitors to pornographic websites, 45% of gambling, and 40% of online auction bid come from workplaces during business hours! That’s not to mention that over 80% of surveyed workers admit to playing online games, watching YouTube videos and reading various newspapers online while at their desks. Even if you don’t mind a little distraction in your office, I’m sure you can agree that half of the work day is way too much. Even one out of an eight hour work day seems excessive!

While some personal activities seem alarmingly bad to take place at your workplace, many other activities might not (at least at face value) seem that harmful. But what you’re not considering is the fact that nearly 70% of cyberattacks, network infections and hacks result from personal use in the workplace!

Take a look at this list of activities that more than 50% of workers report doing during working hours at their desks (And what’s alarming is that many of these folks don’t really think anything of it!

Personal Activity Perceived Acceptability (1 = low, 6 = high)
Watch YouTube video clips 6
Read the newspaper online 5.5
Send and open personal email 4.78
View and print personal documents 3
Play games online 2.2
Visit pornographic websites 1.1

 

What’s startling from the above table is that someone thinks any personal activity is appropriate for your workplace!

 

ALL of the activities above can lead to a compromised network. Why? If you let your staff peruse the web, open and download files from untrusted sources online, you’re opening your back door to cyber security vulnerabilities. And what’s worse, is they don’t necessarily think they’re doing anything wrong!

Let’s break down each of these seemingly harmless activities into costs and threats to your business:

Watch YouTube video clips—while YouTube may seem harmless, 30% of surveyed workers reported to spending over an hour a day online watching videos. And often one worker shares videos with other office colleagues during the work day. One innocent video view can snow ball into tens of hours of your workforce partaking in non-work entertainment during their billable hours! AND they’re influencing others in the office to be distracted (at minimum!).

Read newspaper online—while an article here or there might not be a big deal, with 24-hour news cycle, news feeds, tweets and posts, many workers have gotten worse at focusing on their jobs. In fact, in the current political climate, online news often feeds un-productive discussions that consume large portions of the work day.

Send and open personal emails—answering a few personal emails during the workday (even on the lunch hour) seems harmless. But what most employers aren’t considering is personal email addresses are not filtered through your email filter. That means emails (and any attachments or links associated with them!) are NOT safe for your network. Over 40% of phishing attacks that have led to network-wide infections of ransomware (think Cryptowall) have been from personal emails! Unless you’re dedicating your limited resources to screening personal email addresses, I’d recommend eliminating personal emails on your network.

View and print personal documents—similar to sending personal emails, you never know if personal documents don’t come with unexpected strings (viruses or attack vectors). Allowing staff to use your network for personal use increase the risks and have given an open door to sneaky cyberattacks (not to mention waste of time and resources on non-work related stuff).

Play games online— there are far too many games to choose from online. If your staff are less than motivated to work, they can always search for the millions of games to play online. Many of these gaming websites are not secure and many have links to compromised webpages that are hosting viruses. When your secretary decides to zone out for the day and play Candy Crush on her computer, she’s likely not just costing you her day’s wages, but also giving cybercriminals a way into your systems.

Visiting pornographic websites—too many wrongs here to even discuss. First, pornographic websites are notorious for harboring viruses (including Cryptowall derivatives). Second, if you’re unknowingly permitting these activities to occur in your workplace, you could be unknowingly creating a hostile work environment for others. Given that work places are the easiest ways for folks to visit these websites, there’s no doubt why pornographic websites are commonly visited during working hours from business IP addresses!

The hard truth is that the average employee will try to get away with even more nefarious activities at work while on your network! Some experts that study cyberslacking activities have found that workers often try to steal on the job time.

Do you think your business is any different? If someone was given carte blanche access to whatever personal vice might be—online gaming, gambling, sports, pornography— where you don’t regularly monitor online activity or restrict visitation to untrusted website, you likely (1) already have a problem with employees going to untrusted websites with questionable content or (2) will eventually run into the problem!

And it doesn’t matter if they’re on a company-owned computer at work or at home. That computer is inherently apart of your network and an infection can move across the entirety of your network if you’re not careful.

If you’ve locked down work computers, don’t think you’re safe. Use of personal devices at work—that connect to your network—can still cause serious problems. Just because you don’t own that device doesn’t mean it might not be a vector for the latest virus. And don’t for a minute don’t think that hackers aren’t smart enough to get into your systems through a personal device.

Are you concerned that your staff might be partaking in personal activities online during the workday? And are you certain that they aren’t opening doors to hackers, while leaving your business in violation of PCI, HIPAA or NCUA compliance? Contact me TODAY to discuss some affordable solutions to eliminate ‘personal time’ risks and costs to your business!