Corporate Web Site Blocking & Monitoring: Best Practices?


Editor’s note: This is a guest post from Tony Wright, founder and CEO of RescueTime, a venture-backed software startup that helps businesses and individuals improve their time management through automated time tracking and reporting.

574348_binocularsA few weeks ago I read this very interesting piece on WebWorkerDaily about the impact of corporate blocking policies on web working employees. The gist of the article was that blocking tends to throw away a lot of the good with the bad and, increasingly, the things that managers think of as “bad” (Twitter, Facebook, IM, etc.) are actually an important part of folks’ communication toolbox.

I’d like to pile on with more evidence that wholesale blocking is bad. The University of Melbourne found that workers who are allowed to surf the web for fun at work were actually nine percent more productive than those who weren’t. So what about monitoring? Well, it turns out that monitoring your employees (the way most employers do it) is similarly detrimental to productivity. It also tends to make life more stressful for employees.

At RescueTime, we are constantly thinking about the ethics and efficacy of blocking and monitoring for teams and individuals — it’s our mission to actually build software that does this in a way that increases productivity and isn’t evil. A huge, and sometimes daunting, part of our job as product developers is to educate employers on what works, what’s ethical and what kind of expectations are reasonable for web workers. Here’s some of what we’ve learned.

Blocking and Monitoring is Everywhere

As obvious as the faults of blocking and monitoring are, employers still do both. You can see why a manager might do it — excessive leisure surfing can have a huge cost, and abusive workers are exceptional at camouflaging their activities. A 2005 survey by the American Management Associated found that 75 percent of employers monitor their employees’ web site visits to prevent inappropriate usage, while 65 percent of them use software to block web sites entirely. The good news is that 80 percent of employers actually tell their employees about their monitoring practices.

How to Do Blocking Right (If You Care About Productivity)

Just because wholesale blocking of web sites can be evil and ineffective at improving productivity doesn’t mean that blocking should be kicked to the curb. Below are three guidelines for effective blocking:

  1. Your goal should be to block excessive or abusive Internet usage, not block everything. Block using allowances. Decide as a team what an appropriate amount of leisure time is for a work day (or work week). Stop the “binge” leisure surfing and you’ve solved 95 percent of your productivity problem.
  2. “Nudge” before you block. If you’ve set a limit of no more than eight hours a week of leisure surfing, alert the user when they are trending towards exceeding that. Blocking is a painful and limiting experience; a nudge may be all you need to avoid the excess.  If at all possible, give them some social context. Receiving a message that says, “Hey, you’re at 7 hours of leisure surfing so far this week, and 8 hours is the maximum. Your average teammate is at 3h and 21m” can be way more motivating.
  3. Give as much control to your team as you can. The more top-down the solution is, the less effective it is.

How to Do Monitoring Right (If You Care About Productivity)

Monitoring can provide a business with critical data. Which applications are actually getting used? How does the new development methodology effect how people spend their time? How good is the new manager at making sure that people have enough work to do? How people spend their time is a leading indicator for business health and team engagement/morale, but it’s uncomfortable to introduce it to a team, even when done correctly. Below are some guidelines for effective — and minimally evil — monitoring:

  1. Set reasonable expectations. Knowledge workers don’t work solidly for eight hours a day (in fact, if you’re doing productive computer work for five hours a day, you’re in the top 1 percent of our userbase!) Suggesting that they should is a disaster. Also, it should be clear to everyone involved that day-to-day scrutiny will not happen. A leisure-heavy day is not a problem. A leisure-heavy month might indicate that someone is undertasked or undermotivated. It’s also important for everyone to be aware that how you spend your time does not equal productivity.
  2. If productivity matters, only monitor high-end teams. I’m not kidding. A study at Rutgers showed that monitoring high-ability individuals resulted in better performance. Monitoring lower-ability individuals actually lowered their performance.
  3. Give your team the ability to control the monitoring process. Giving them a “pause” button gives them control over the process and actually results in increased task performance (source: University of Conneticut Study).
  4. Monitor as little as you need to. If productivity is your goal, you don’t need to read people’s IM conversations — you just want to understand how they spend their time. Ideally, this should be no different (and no more evil!) than a timesheet, except that it’s more accurate and less effort-intensive.
  5. Monitor everyone (managers included!). We all have the same fear. We know we only really work for a few hours per day  We also all have the same delusion– that somehow we’re more efficient than our peers and that’s how we manage to do eight hours of work in two or three hours. In reality, we’re all pretty similar.  The Rutgers study mentioned above also found that monitoring group-wide offered protection against the stress associated with the monitoring.
  6. Show people their own data. If you’re chasing productivity, showing people how they spend their time can be very motivating, especially if you compare them to their average peer. If you wanted to have each department to be more disciplined about spending money, you wouldn’t monitor their spending in secret and then pounce on them when they spent money irresponsibly. Take the same attitude with time and get your team involved and interested.

What do you think of these guidelines? As a member of a team, what sort of blocking and monitoring rules do you think would actually help you be more productive without feeling too “overlordy”?

Image by stock,xchng user marcos1981.


Deborah Fike

Different people work at different paces. Why bother making sure they’re working exactly 8 hours a week when you can assign them tasks and measure on output. Output is a much better measure of productivity than “time not spent on the Internet.”

Jim Hayes

Hi Tony – My company is going through these discussions and your post was helpful. I would like to setup a process where each team member can see their own internet usage data as other members of their team (promoting transparency).

Are there a few solutions for actually performing the monitoring that you would suggest?


Eight hours a week!!???!!! Are you nuts? If I pay someone to be at work i expect them to be working. Eight hours a week of goofing off is OK? Now I’ve heard everything


I think this is a definitive guide for all of us. Not only for our superiors but also, for those who work a lot online. This article can also impose a great self discipline.

The IT Skeptic

Eight hours a week!!???!!! Are you nuts? If I pay someone to be at work i expect them to be working. Eight hours a week of goofing off is OK? Now I’ve heard everything

Chris Dean


It’s hard to see this as anything but evil. If you are required by regulation to monitor activity that’s one thing, but anything else shows a distinct lack of trust that will only be harmful in the long run. If you treat people like criminals, they will be behave like criminals.

I have no doubt that there is a market for these products, but I for one would never buy any for my company.

Tony Wright

So I assume you’re against the concept of timesheets? Or are those okay because employees can fudge the numbers a bit? What about timecards?

And the concept of expense tracking? Surely team members should be trusted to spend corporate funds wisely, right? Should we stretch that to government? Can trust our civil servants to spend our money wisely?

Time is the most scarce resource a business has. Getting reporting on how people spend a resource isn’t evil, if done correctly… And it’s not necessarily a signal that you don’t trust your team (especially if the team can see how the manager is spending their time!).

Transparency like this has some pretty radical effects. People who don’t know what they should be working on seek out productive stuff to do. People who are leisure surfing don’t hastily alt-tab to Excel when the boss walks by because they’re confident their data is out there. People who work odd hours don’t look like slackers. People who aren’t necessarily good at APPEARING productive/focused no longer pale next to those who do. Workplace camouflage is no longer rewarded.

Putting the truth out there isn’t a force of evil– hiding the truth IS. But obviously, an evil/small-minded manager could do considerable damage with spyware-style monitoring tools.


I’d be willing to bet a tool that shows the employee how much time they’ve spent on the web would be 10 times more effective than the managers doing the monitoring. Most of the time people just don’t realize it.


You make a reasonale case if you believe the sole focus is productivity, but for many firms productivity isn’t the primary reason for blocking, its data leakage. In this day and age a growing number of firms don’t make physical products, they manage data… corporate data, customer data, PII… and the real danger is that employees take the security controls implemented in the work environment for granted. Great security should secure data while minimally interfering with or even enhancing user’s workflow (although that is seldom the case). The problem is that for user’s in companies where data security isn’t a part of the culture or who aren’t security concious/aware, security is thought of as a hinderance to doing business and users either look for a way around existing controls or don’t give any thought to the implications of posting comments or information on convenient WEB 2.0 services. I spend a considerable amount of time each day answering user queries about why particular web sites are blocked and in 98% of the cases once I am done explaining why we don’t allow users to access the site (backed up with examples or scenarios of how misuse has or can cause data loss) the comment back from the user is along the lines of “now that you’ve explained it I understand why the site is blocked I’ll use the service the company provides”.

If providers want companies (not just users) to embrace services on the Internet then they need to build in functions that allow companies to extend their corporate security/controls/processes into the data users may put on these services rather than ignoring corporate security needs and embracing only user ease of use and functionality.

Tony Wright

That’s a really good point– security is no small reason for the existence of blocking/monitoring technology.

But, short of artificial intelligence, how could you possibly allow them access to social media / web 2.0 sites yet NOT allow them to misuse those services in a way that is detrimental to the company?

And a broader question– how much are you paying for that security? i.e. if I could make a case that your security was causing a 10% reduction in employee performance/output and a 8% increase in annual employee attrition/churn and was a major reason why high-performing people aren’t taking jobs at your company, is it worth it? What if you double those numbers? I suppose it depends on the potential damages that a leak could cause.

Comments are closed.