The internet is essential for doing business and many or all of your employees will probably have access to the internet. However, it can also be a great way for employees to waste time, cause security issues or give you legal headaches.
A well thought-out internet policy can help you enjoy the benefits of the internet while reducing the pitfalls. It ensures employees use the internet effectively, states what is and is not allowed, and sets up procedures to minimise risks. Every business should have an email and internet usage policy to clearly describe what constitutes acceptable use of their IT systems to employees.
This guide will help you to identify the risks posed to your business and how to define your internet and email use policy to mitigate those risks
What are the risks?
Malware infections: Malware is software which is specially designed to disrupt or damage a computer system. There are thousands of malware sites out there and new one popping up every day. Your policy should detail what kinds of sites your staff should avoid.
Misuse of personal time: Browsing personal websites can waste an employee’s time. Your policy should to set out what level of personal use is acceptable.
Misuse of company resources: Are your staff storing music files on your server, or crippling your internet connection by downloading movies? Your policy should clearly describe what isn’t allowed.
Liability: Inappropriate content on your network can create a hostile work environment and ultimately a lawsuit. It’s good for your policy to explain the issues at hand, so employees understand why following it is important.
The goal of your internet and email use policy
Decide the goals of your email and internet use policy before you start writing it.
The internet is part of your employees’ daily lives and many businesses allow their staff to use their work place internet and email for personal use to some extent. It can even be beneficial to your business if employees are allowed to manage some aspect of their personal lives from the office rather than having to find an excuse to pop out and pay some bills, buy their child a Halloween custom or send Granny a bunch of flowers for her birthday.
In all cases, malware, pornography, hate downloading of copy write material should be explicitly prohibited. The use of other web content such as banking, social media, personal email, shopping is at your discretion. You may also apply a policy that allows the use of some web sites at certain times– perhaps during specified breaks in their work day such as lunch time.
Writing your internet policy
Use clear, non-technical language when you write your email and internet use policy so that even your least computer literate employee understands exactly what construes acceptable and unacceptable use.
Non-technical users may not be aware of the risks that their activities can cause so try to put each rule into context.
Things change quickly online so avoid specifying web content and services in your policy, instead focus on articulating a set of guiding principles.
Keep your internet and email policy as short and clear as possible. This will greatly increase the chance of it being properly read and understood. As a minimum, include the following:
- Personal internet use should be kept to a minimum. Some personal use may be acceptable, but it shouldn’t affect the employee’s ability to do their job
- Accessing pornographic, violent, abusive or hate sites should be banned.
- Using the network to harass or bully other people should be unacceptable.
- Sending or posting online confidential material, trade secrets or proprietary information should be prohibited.
- Sites deemed to be a security risk or which place excessive demands on the company’s IT systems (like streaming vidoe websites) should be avoided.
- Staff should not put the company at risk of litigation for copyright infringement by downloading music, videos or software illegally.
As a starting point, you may wish to use the sample internet and email use policies that we have made available to you at the bottom of this article.
Finally, be sure to seek professional advice if you’re unsure of what to include in your internet and email policy. Getting it right will help your employees and guard your company – so it’s something that’s worth spending a little money on.
Enforcing your internet and email use policy
Make sure that your internet and email use policy includes the possible sanctions if rules are breached.
Each employee must be given a copy of the internet and email use policy when they start and whenever the policy is updated. They should be given the opportunity to read the policy and then sign it to confirm that they understand it and will abide by the rules of the policy.
Consider using technology to enforce your internet and email policy. There are a several of online security products available that can help you block or allow access to web content very easily, either on a site by site basis or by category. Most will also allow you to specify different policies at different times of the day.