An Internet policy for your employees

The Internet is a powerful tool for improving your business's efficiency. But it can also be a great way for employees to waste time, and give you legal headaches.

If you don't already have an Internet policy, you should consider putting one in place. A carefully thought out policy can help you enjoy the benefits of the Internet while reducing the pitfalls. It encourages employees to use the Internet effectively, states what you consider to be acceptable use, and sets up procedures to minimise security and legal risks.

On this page:

• Access rules
• Downloads and purchases
• Your business website
• Implementing policy
• Next steps

Top

Access rules

Give employees proper training before they use the Internet. This should cover:

• Your Internet policy and how it works
• Efficient use of the Internet
• How to use your Internet software.

It's important to encourage good Internet practice to maximise security. Make sure employees follow your access procedures. Don't allow employees to change settings or use other software without your approval.

If you are using a dial-up connection to access the Internet, your policies are likely to be more stringent than for businesses with access to an ADSL connection. Employees may need to disconnect once they have finished using the Internet. You can set your Internet connection to close down after a specified time if it is not being used.

Proper use of the Internet

Encourage the use of appropriate services and promote the appropriate use of internal and external email for business communications. Allow employees to access websites for business purposes but take steps to control misuse of the Internet:

• Limit personal use
• Restrict the sites that employees can visit
• Control downloads
• Control or ban online purchasing
• Control or prohibit other uses of the Internet, such as postings on social networking sites, chat rooms or forums.

If you have a company intranet, you may want to set up extra internal services that work with your Internet software. For example:

• Make important documents such as production schedules, sales targets, standard letters and forms and company policies available via browser software.
• Set up a bulletin board to improve internal communication without creating excessive levels of email.
• Install diary software that allows employees to schedule meetings and book rooms.

Web browsing

Make it clear in your policy that the web should be mainly or solely used for business purposes. Some companies ban personal use altogether; others allow limited personal use, as long as it does not affect employees' work. This may improve employees' Internet skills and overall efficiency. But it can be difficult to define "limited use", and this could make your Internet policy harder to enforce.

Some companies restrict personal use to set times (such as lunch breaks). Other companies have a more flexible attitude to Internet use outside normal working hours. But the same cost, security and legal issues apply.

Consider restricting the sites that employees visit. Time-wasting and problem sites include:

• Social networking sites - some companies ban their use altogether.
• Sites that are offensive and legally problematic (for example, pornographic sites or sites that promote racism).
• Sites that take up a lot of bandwidth and slow down Internet access for other employees. For example, sites that feature videos or music.
• Online shopping, computer games, sports results and gambling sites.
• Sites that require you to register. These can cause problems such as increasing junk email (spam), or other unsolicited marketing materials.

The ability to remove the links to popular websites is often available as a default feature on browser software. You can get your IT manager to configure browser software to disable potentially harmful applications.

Top

Downloads and purchases

Downloading files from the Internet involves certain risks. Your Internet policy should aim to minimise downloading to reduce security problems. Downloaded files may contain viruses, so ensure you have installed virus-checking software and update it regularly.

Ban employees from downloading inappropriate files, and from installing software. All software should be installed by an authorised employee.

Make sure employees understand copyright and other intellectual property issues. Any information published on the Internet will normally be protected by copyright. The use of software downloaded from the Internet is covered by copyright laws.

Remind employees that unauthorised copying is a criminal offence.

Set limits on the size of downloaded files:

• If employees need to download large files, make them do it when the Internet connection is not otherwise needed.
• Avoid downloading large files between 2pm and 4pm, when the Internet is often busy and slow.
• Make sure employees know that printing out large web files can be slow and clog up the printer.

Online purchasing

Make all employees aware of the potential contractual liability arising from online ordering and purchasing. Allow only authorised employees to purchase online or enter contractual agreements. These are usually employees authorised to make purchases by traditional methods such as by phone. Even then, they must read the terms and conditions carefully to avoid entering into a contract with harsh terms.

Only allow online purchasing from approved suppliers. You may want to encourage online ordering for regular orders from existing suppliers to make ordering quicker and more convenient.

Make sure payments are handled securely. Check that any sites you use for online purchasing include secure technology. You can often tell if a site is secure when the web address starts with https://, or when your browser displays a padlock symbol. Some sites are members of recognised security schemes, such as VeriSign.

Other uses

Take particular care with networking sites and similar services. Their informal nature may encourage employees to make defamatory comments for which you may be liable. Some points:

• Employees should not use these services to comment on your company or competitors or disclose any business information without the express written authority of a director.
• Set up an authorisation procedure for joining new services.
• Apply the same policy you use for email.
• Make sure employees know any communications they send will carry their (business) email address.
• Clearly define what you consider to be acceptable and unacceptable behaviour.

Generally, consider prohibiting the use of online chat services and networking sites. Many companies now ban the use of networking sites and chat rooms altogether. You may wish to make exceptions in specific circumstances. For example, if the network administrator needs to join a technical chat room. Clearly define what you consider to be acceptable and unacceptable usage.

Top

Your business website

Use your policy to help make sure your website runs smoothly. Nominate an individual to be responsible for your website and set out how other employees and any contractors will be involved.

Put appropriate technical standards and controls in place. For example:

• Control how the site is updated.
• Only allow authorised employees to update the site.
• Set limits on the size of files you put on your website. Excessively large files will slow down access to your site.
• Don't infringe other people's intellectual property rights.

Responsibilities

Make sure all employees understand their responsibility for the website. Let employees know if they are responsible for keeping any material up-to-date and make this a performance review issue. Encourage all employees to be aware of what information is on the site and what services are offered.

Top

Implementing policy

It makes sense to consult employees on what should be included in the policy so that it ends up being both practical and workable. Make the policy available to everyone and ask employees to sign a copy to confirm they have read it. Refer to the policy in your employment agreements.

Put in place any software that will help regulate Internet use without obstructing legitimate access. Filtering software can automatically prevent access to inappropriate sites. However, be aware that this may fail to block all inappropriate sites and could possibly prevent access to useful sites.

You can also use such software to allow access to specified sites only at certain times (for example, outside normal working hours). However, be aware that excessive restrictions could encourage your employees to find ways to get around what they consider excessive restrictions.

Monitoring

It's possible to install monitoring software that produces a log of the sites each user visits, and any downloads made. But unless you actively check the log, monitoring software will only provide evidence after problems have occurred.

There are also some legal restrictions on how you may monitor employees' use of the Internet (and email). If you plan to use monitoring software, you must tell employees that you intend to do so in both your Internet policy and your employment agreements.

The policy will only provide legal protection if it is properly implemented and enforced.

Top

Next steps

• Create a document that outlines your Internet policy. Make it clear what people can and can't do.
• Assign the responsibility for enforcing the policy to an employee. Usually, the network administrator will be responsible for routine enforcement (such as monitoring traffic), but a senior manager or director should take overall responsibility.
• Apply your policy consistently and fairly to everyone, including yourself. Clarify any exceptions.
• Make sure you have an appropriate disciplinary procedure in place to deal with breaches of the policy.