03/06/98 Enterprise Voices

Return to Enterprise News

March 6, 1998

POLICIES TO ENSURE SAFE SURFING AT WORK

The Internet isn't only a great tool for promoting your small business but it's also a great resource for improving your company's efficiency and competitiveness. By connecting your employees to the Internet, via E-mail and Web browser, you enable them to quickly and cheaply gather information about markets and competitors, communicate with customers and prospects, and generally work smarter.
Unfortunately, Internet access is not without risks. The Web browser that harvests the latest business statistics also carries sexual images, online gambling, and illegal copies of hit songs. The same E-mail program that provides a vital link between customers and employees also lets employees send out sensitive information to nearly anyone on the globe. Further, it is often the company rather than the employee that is held liable for sexual harassment or criminal copyright infringement.
Rather than shutting off access altogether, the best approach for a company is to establish, and enforce, a realistic Internet-use policy. Like all employee policies, this should be clearly communicated to the entire staff, ideally in writing.
What are the elements of an Internet use policy? The major thrust is that the equipment and the connection are owned by the company and provided for business purposes only. Beyond that, the policy should give specific guidelines for each type of Internet resource, such as:
E-mail: Chain letters, threats, and other illegal messages should be prohibited. Employees must also be extra cautious about accidentally misdirecting mail. Because of the chance of misdirection, no overly sensitive material should ever be sent via E-mail. Additionally, employees should be told that E-mail is to be used for business purposes only and that they should not use the office system to send personal messages. Receiving personal E-mail follows the same rules. Employees should not give out a business E-mail address for personal use any more than they should be receiving their personal bills and correspondence via the office mailroom.
On the other hand, you may wish to permit a small amount of nonbusiness use to improve the work environment. If so, tell employees to act responsibly and keep personal E-mail to a minimum. However, it's much easier for everyone to understand and follow an all-or-nothing approach rather than a policy based on individual judgment.
Web browsing: Sexual and sports sites should be avoided. No material should be downloaded or copied from a Web site unless the site owner gives permission. All material that is downloaded *must* be checked for viruses, and large files should be downloaded only during off-peak hours, to minimize network slowdowns.
Usenet newsgroups: Any postings to these worldwide topical discussions must respect the culture and standards of the specific discussion, or else invite electronic retribution. Employees should state in every message that the opinions are not those of their employer. Even so, they should not post anything that could reflect badly on the company.
Creating a policy for appropriate business use of the Net isn't enough. You must also enforce it. For most businesses, enforcement usually concentrates on the most egregious offenders, but for companies where access is particularly costly, or the risks of misuse particularly great, acting against all violators is a possibility. You can buy business software packages such as NetPartners' WebSense (www.websense.com/index.html) or JSB's surfCONTROL (www.surfcontrol.com/) that allow you to limit your employees' access and/or monitor which sites and newsgroups they read. While your employees may not like their Net usage to be monitored -- yes, you should tell them if you are -- the courts are generally behind you. The law is particularly strong for companies that have a published policy stating that employees may be monitored. In such cases, employers are rarely held for invasion of privacy. Keep in mind, however, that the monitoring must be done to assess whether an employee is properly conducting business. Other, more prurient motives, are not commonly tolerated.
Sample Internet-use policies can be found online. Most search engines will show dozens (search under "acceptable use policy"), and employment-law specialists will have model policies as well. One last point: When choosing how stringent a policy to put in place, consider that certain types of companies (such as technology developers) benefit from giving their employees greater freedom to explore and learn about the online environment. Other businesses, particularly those with many temporary workers (who may care less about the company's reputation), will need more restrictive guidelines.
Either way, creating clear policies and reminding your staff that Internet access is a privilege, with inherent limitations and responsibilities, will yield a high Net return on your company's technology investment.
Jonathan I. Ezor (jonathan.ezor@poppe.com) is the Director of Legal Affairs for Poppe Tyson Inc., a global strategic interactive-services company based in New York City. He is also co-author of Producing Web Hits (IDG Books, 1997). The opinions expressed herein do not necessarily reflect those of Poppe Tyson or its affiliates.