Create an email and internet use policy

It’s important your business has an email and internet use policy to clearly describe what constitutes acceptable use of your IT systems. It can help avert these problems:

• Malware infections. For instance, Google found that one in 10 web pages contains malicious computer code.
• Misuse of staff time. Browsing personal websites like Facebook can hit an employee’s performance. They could be wasting an hour a day!
• Misuse of company resources. Are your staff storing music files on your server, or crippling your internet connection by downloading movies?
• Liability. Inappropriate content on your network - especially pornography - can create a hostile work environment and ultimately a lawsuit.

However, writing your email and internet use policy may not be an easy task. You need to balance the needs of your network and any legal requirements with the recognition that the internet is a part of your employees’ everyday life.

If you wouldn’t stop them making a quick personal phone call on work time, why stop them sending the odd personal email?

The goals of your internet policy

Decide the goals of your email and internet use policy before you start writing it. Your company aims may fall into one of these two groups, or be somewhere in between:

• You want to treat your staff as a ‘big family’. This means you take a liberal approach with your policy and simply aim to keep malware and inappropriate content off your network. You’ll probably ban sites which are inappropriate or a common source of malware, but otherwise give your employees a lot of flexibility.

• You want to exercise maximum control. This approach involves banning your staff using all but approved websites, and usually involves severe restrictions on what employees can access. Be warned: this approach can quickly alienate employees!

In practice, most the goals of most companies are somewhere in between these two extremes:

Alternatively, you may implement more than one policy, to cover different times of day (working hours and lunchtime) or different categories of employee.

Writing your internet policy

Use clear, non-technical language when you write your email and internet use policy. People who are not technically-minded may have a different perspective on what constitutes misuse of your computer systems. Similarly, they might be unaware of how their activities can cause problems.

Keep your internet policy as short as you can, to increase the chance of it being read and understood. And base it on simple principles that can be understood and seen as reasonable by technical and non-technical staff alike. As a minimum, include the following:

• Although some personal internet may be acceptable, it should be kept to a minimum and not affect the employee’s ability to do their job.

• Accessing pornographic, violent, abusive or hate sites should be unacceptable.

• Using the network to harass or bully other people should be unacceptable.

• Sending or posting online confidential material, trade secrets, or proprietary information should be prohibited.

• Sites deemed to be a security risk or which place excessive demands on the company’s IT systems should be avoided.

• Staff should not put the company at risk of litigation for copyright infringement by downloading music, videos, or software illegally.

You can base your company’s policy on this list and adapt it to your specific circumstances.

Remember that things move fast online. Constantly adapting your policy to take new websites or technology into account would be impossible, so focus on clearly articulating a small set of guiding principles.

Finally, be sure to seek professional advice if you’re unsure of what to include in your internet and email policy. Getting it right will help your employees and guard your company – so it’s something that’s worth spending a little money on.

Your internet policy: what next?

•         Download our sample email and internet usage policy

•         Read about internet, email and other policies on the Law Donut