Internet Use Policy: Best Practices and Template

This article provides some insights and guidance on the best practices when developing an Internet Use Policy. You can you the information in this article as a template to draft your own version of the policy.

Why do employees need access to the internet?

All employees and contractors should be provided with access to the internet to assist them in performing their jobs. Use of the internet, however, should be tempered with common sense, good judgment, and sound professional ethics. All personnel have a duty not to waste computer resources or participate in any prohibited activities.

Why do companies monitor employees use of the Internet?

Employees using internet access and e-mail are representing the organization. These users are responsible for ensuring that the internet is used in an effective, ethical, and lawful manner.

Companies have the right, but not the duty, to monitor any and all of the aspects of its computer system, including, but not limited to, monitoring sites visited by workforce members on the internet, monitoring chat groups and news groups, reviewing material downloaded or uploaded by users to the internet, and reviewing e-mails and IMs sent and received by users.

How do companies monitor employees use of the Internet?

Companies may use software and systems (e.g. firewalls, proxy servers, gateways) that are capable of monitoring and recording all internet usage. For each user, these security measures are capable of recording each web site visited, each online forum, or e-mail message, and each file transfer into and out of the networks, and the right is reserved to conduct such monitoring and recording at any time. As described in the Acceptable Use Policy, all users have no expectation of privacy as to their internet usage. Internet activity may be reviewed and usage patterns may be analyzed. This data may be publicized to assure that the information systems are used in accordance with the provisions of this policy. Software and other technological means to identify and block access to internet sites containing sexually explicit or other material deemed inappropriate in the workplace should be used.

What is an inappropriate conduct or behavior?

The company may use software to identify inappropriate or sexually explicit internet sites. Such sites may be blocked from access by the company’s networks. In the event an internet user encounters an inappropriate site or sexually explicit material while browsing on the internet, the user should immediately disconnect from the site, regardless of whether the site was subject to the organization’s blocking software.

Examples of unacceptable use of internet access

  • Visit Internet sites that mat be offensive or hateful.
  • Use the Internet or E-mail for any unlawful activity or for personal gain.
  • Reproduce, distribute or display copyrighted materials without prior permission of the copyright owner.
  • Represent personal opinions as those of the organization or purport to represent the organization when not authorized to do so.
  • Upload, download, or otherwise transmit commercial software or any copyrighted materials belonging to external parties.
  • Intentionally interfere with the normal operation of the network, including the propagation of computer viruses and sustained high volume network traffic, which substantially hinders others in their use of the network.
  • Reveal or publicize classified information which includes, but is not limited to: financial information, confidential client information, marketing strategies and plans, databases and any information contained therein, client lists, computer software source codes, computer/network access codes, business relationships, computer security, or virus activity.
  • Waste time on non-business activities to include playing games, streaming audio or video material not beneficial to the organization.
  • The use of any dial-up third party Internet Service Provider (ISP) over the networks should be prohibited (except in emergency situations). No modem access to the Internet should be permitted from systems installed on the Local Area Network (LAN).
  • Internet activities that can be attributed to the organization’s domain address (such as posting news to newsgroups, use of chat facilities, and participation in mail lists) must not bring disrepute or workforce members with controversial issues (e.g., sexually explicit materials).
  • Internet users should not make unauthorized purchases or business commitments that are not business related through the Internet. The only exception is personal on-line shopping secured by personal credit card. Such shopping should only be done during authorized breaks or lunch periods.
  • Release of proprietary or classified information to the Internet (i.e., posting information to a newsgroup, an FTP server, or e-mailing to external entities).
  • Use high-bandwidth material such as webcams, streaming video or audio without their manager’s permission.
  • Download executable files, programs, applications and patches. Downloading is limited to IT Department personnel only.

Duty not to waste computer resources

As part of the professionalism and ethical behavior expected of all employees, workforce members should not deliberately perform acts that waste computer resources or unfairly monopolize resources to the exclusion of others. These acts include sending mass mailings or chain letters, spending excessive amounts of time on the internet, playing games, engaging in online chat groups or blogs, printing multiple copies of documents, or otherwise creating unnecessary network traffic. Because audio, video, and photos require significant disk space, files of this or other types should not be downloaded unless they’re business-related.

Why you should scan files for virus

Files obtained from external sources, including disks brought from home; files downloaded from the Internet, newsgroups, bulletin boards, or other online services; files attached to e-mail; and files provided by customers or vendors may contain dangerous computer viruses that could damage the computer network. All users should use discretion when downloading files from the internet, accepting e-mail attachments from outsiders, or using disks from non-company sources. Any external file or portable device should first be scanned with company-approved virus checking software.

Policy on social networking sites

Use of any social networking web sites should not interfere with working time. On personal time, any use of social networking should not use logos, trademarks, or other intellectual property of the organization without prior approval. Keep in mind that any written messages are, or can become, public; use common sense. In no case should online information created or forwarded by employees be considered to be disparaging or derogatory towards the organization, any of its customers or potential customers, or any of its workforce members (past and current), and the message disclose any confidential or proprietary information.

In conclusion, this article has provided some guidance on the best practices when developing an Internet Use Policy. You may use the information in this article as a template to draft your own version of the policy.

If you need help creating this policy or developing other policies and procedures, we can help. Contact us today!

    Discover more from Information Security Program

    Subscribe now to keep reading and get access to the full archive.

    Continue reading