What should an internet usage policy include?
Drawing up an internet usage policy is typically the role of both the human resources department and the IT department as it endeavours to protect both the employee as well as the IT network. Therefore collaboration between these two departments is essential to ensure that a comprehensive internet usage policy is formulated according to the needs of the company and then enforced.
The scope of an internet usage policy is not to snoop on employees or deny them all access rights to the internet whilst at work; however, guidelines and rules need to be formulated to protect employees from being subjected to material that may be inappropriate to a work environment and that could result in legal ramifications. An internet usage policy also aims to educate users about web-borne threats and how irresponsible browsing can result in malicious packages being unknowingly downloaded onto a computer which in turn could infect the whole network. The implementation of rules needs to be explained so that the user understands why visiting certain sites or downloading software onto his/her workstation could be detrimental to the company's network. Therefore a training session about internet security will act as a cohesive link with the internet usage policy and will likely result in users abiding by the policy once they understand the reasoning behind it.
A clear distinction needs to be made between work use and personal use. The use of the internet at work offers many advantages and resources which can be beneficial to a company's operations. The problems arise with allowed access to personal email accounts, social networking sites, auction sites, etc.; excessive use of these sites leads to cyberslacking - shunning one's work responsibilities because of excessive internet browsing - thus resulting in lower levels of productivity. This is just one of many security issues resulting from unmonitored internet browsing. Downloading software or attachments onto a work computer increases the risk of a virus infection throughout the network. Employees need to be warned about the dangers that downloading unknown files can present.
Not all internet usage policies are the same, as they should be tailor-made to the needs and structure of the company; so certain companies might accept that these sites can be used during breaks. Banning the access to these sites could be seen as draconian and result in disgruntled employees who feel that they aren't trusted. Time-controlled access to sites that don't pose any ethical or moral problems is likely to be the better option as this would suit both users and policy-makers, although most companies would choose to block instant messaging sites like MSN Messenger because these are seen as time-wasters and facilitate downloads and uploads with little supervision. Ultimately there needs to be a balance so as to maintain good relations between staff and management. However, employees must be made aware that their internet access at work is a privilege and not a right and that they are expected to abide by the acceptable use policies put in place by management as employees of the company. Action must be taken against an employee if he/she continuously ignores the policy - this will drive the message home that internet security is not something that can be ignored or will be taken lightly. Penalties for improper internet usage could start with a verbal warning, increase to a written reprimand, demotion and eventual work termination. Employees must realise that their internet browsing has consequences and if they ignore the policy then they must bear the consequences.
For help on creating an internet usage policy for your organization, please refer to this sample internet usage policy.
Who should it apply to?
An internet usage policy would typically cover all employees who have internet access. However, whilst most policies cover the same grounds, each company will have its own terms and conditions according to the company infrastructure. Certain people may be exempt from certain clauses in the policy depending on factors such as their specific role or hierarchical position, amongst others. Should there be no extraordinary circumstances then it's advisable for an internet usage policy to apply across the board.
Any correspondence sent from a company email address should be treated as a professional document even if it just a one-line reply. Once it has the company details attached to it and is going outside of the company then it is a representation of the company and must therefore uphold the company's standards. Thus any discriminatory content in emails sent via company email would be breaking the internet usage policy. Everyone is accountable for their online activities and any data that is stored or created on a company workstation is not private but can be accessed by management if necessary. In the same way, all company information is confidential and should not be sent outside of the company without permission. These are issues that should be present in an internet usage policy and that should be made clear to all employees.
How is an internet usage policy enforced?
Once the internet usage policy is drawn up and employees are made aware of its existence and its importance the monitoring of employees needs to be automated through web monitoring software, as it would be a waste of human resources to assign a single person or team to monitor the internet activities of all the employees. Furthermore web monitoring software will provide more efficient and comprehensive results as reports and data can be accessed within minutes. Action can then be taken based on the reports provided by the software. Web monitoring software should not be used to spy on employees but to verify that employees can be trusted to follow policies and to work efficiently during business hours. To ensure this, policies must be reasonable for staff morale and retention. Enforcing an internet usage policy does not mean turning the workplace into a prison but merely establishing boundaries. Users need to know that the violation of these boundaries will have repercussions and action will be taken against repeat offenders, as well as reporting top policy breakers, otherwise the policy will not be taken seriously.
Internet usage policies protect a company's data assets and confidential information whilst also safeguarding employees and maintaining standards concerning the use of the internet during working hours. Implementing web monitoring software is an investment in security and could prevent employees from cyberslacking or abusing the company's trust with work-related information. If a security issue were to escalate into a lawsuit it could mean financial losses for a company, therefore the maxim should always be an enforced internet usage policy for the protection of all company assets and prevention of losses.
A sample internet usage policy is available for review and use.
Web monitoring software for SMBs
GFI WebMonitor is the ideal internet monitoring and access control solution to implement an effective internet usage policy. It allows management to set boundaries for site browsing, prevent downloading and installing of software and has multiple scanning engines to ensure that allowed downloads are free of viruses and other malware. By controlling downloads and browsing in real-time, the network is being protected from malware being installed. There is also the prevention of data leakage through socially-engineered websites as well as reducing cyberslacking, thus boosting employee and business productivity.