Ingredients of an Internet Usage Policy
The only effective means to check misuse of the Internet in the workplace is having an effective company Internet usage policy that specifies dos and don’ts, and implement the same using effective network monitoring mechanisms and firewalls to restrict access to potentially damaging sites.
A good policy restricts the employee to use company owned equipment and property for personal purposes, and asserts employer rights to control and monitor employees Internet usage, and list out possible disciplinary action for employees making inappropriate or improper use of company time.
Effective Internet policies in the workplace cover:
- List of actions that constitute permissible uses of the Internet and email, another list of specifically prohibited activities, and clear guidelines to identify as permissible or non-permissible any action not falling within these categories
- Policy for sending and receiving email.
- Nature of network monitoring in place, and type of logs maintained. Make explicit the use of email systems and Internet facilities is not confidential or private.
- Nature of network security procedures and protocols in place, employees obligations to confirm to such protocols, and penalties for violating or circumventing such protocols.
Browsing guidelines such as clearing cache on exit, not downloading any unauthorized files, not disclosing any company information or personal passwords over social network media, prohibition of accessing certain known harmful sites, and more.
- Circumstances in which employers may intercept, read, and act on emails directed or sent by a particular employee.
- Specific actions such as abusing others over email and others that would construct as misconduct.
One important clarification required in the policy is employees accessing the web for personal use. Most employers permit a limited use of company Internet for personal purpose, provided such use does not hamper productivity, or compromise company network and data security.
The policy may require a disclaimer attached to each email sent by employees stating the views of the sender may not represent those of the company, as a safeguard against the company becoming liable for employee’s actions.
Make certain that the policy applies consistency across the board, and considering the fast paced nature of changes in the cyber world, update it frequently.