Factsheet from
Name of ACCA member organisation here
Tel: 0000 000 0000
Email: something@accamemberorganisation.co.uk
www.accamemberorganisation.co.uk
Twenty words from the organisation explaining its services over this one line of available text which you see here
An internet policy for your employees
The internet is essential for doing business. However, it can also be a great way for employees to
waste time, cause of security issues, or give you legal headaches.
A well-thought-out internet policy can help you enjoy the benefits of the internet while reducing the
pitfalls. It ensures employees use the internet effectively, states what is and is not allowed, and sets
up procedures to minimise risks.
This briefing outlines:


The main elements to include in your internet policy.
How to implement and enforce this policy.
1. Access rules
1.1
Depending on the nature of your business, you may provide internet access to some or all of your employees.


1.2
Although most of your employees will find using the internet straightforward, you may need to provide training in
some areas. For instance:




1.3
In an office environment, it is likely all staff members will need internet access to do their jobs.
In other situations — such as in a factory — only certain staff members will need internet access.
How to use specialist internet software or cloud computing services.
What your internet policy says and why it matters.
Spotting and avoiding security risks.
Efficient use of the internet.
Make sure employees follow your access procedures.



Protect your business by using a firewall and security software.
Consider restricting the ability of employees to change settings.
Set rules about whether staff may connect their own devices to the company network.
2. Using the internet
2.1
Encourage the use of appropriate online services.



2.2
Allow employees to access websites for business purposes.
Provide staff with company email addresses for business communications.
Online tools and apps can help your staff with everything from collaborating to staying focused. Create a list
of recommended services.
Control misuse of the internet. You may decide to:

Limit personal use (see 3.1).




2.3
Restrict the websites employees can visit (see 3.2).
Control downloads (see 4).
Restrict access to sensitive company data.
Create guidelines covering use of social networks like Facebook (see 6).
Ensure employees are aware that they will be held accountable for their use of internet and email systems.
3. Web browsing
3.1
Make it clear that the web should be mainly used for business purposes.


Some companies ban personal use altogether.
Some companies allow limited personal use, as long as it does not affect employees’ work.
As the internet has become part of our daily lives, many companies recognise it’s hard to define where business
use ends and personal use begins.
For example, if employees sometimes catch up on work over the weekend, it may seem unreasonable to ban
them from occasionally using the internet for personal reasons while at work.
However, security and legal issues apply to all internet use.
3.2
Consider restricting the sites that employees can visit.



3.3
Social networking sites are a common timewaster. Some companies ban them altogether.
Some websites can be offensive and legally problematic (for example, pornographic or racist sites).
Bandwidth-hungry sites can slow internet access for everyone else. For instance, file-sharing services.
Ensure employees are aware of the main risks of the web.


Phishing websites are fake sites set up to capture sensitive data, like credit card details.
Cyber-criminals set up ‘honeypot’ websites to steal data or distribute malware, typically promising free
software or another attractive offer to lure people in.
4. Downloads
Downloading files from the internet involves risks which your policy should aim to minimise.
4.1
Downloaded files may contain viruses, spyware or other malware.


4.2
Ban employees from downloading inappropriate files and from installing software.


4.3
Install virus-checking software and update it regularly.
Use security software to block or disable potentially harmful applications.
All software should be installed by an authorised employee.
Make sure employees understand the dangers of downloading from unknown sources.
For instance, websites offering normally-expensive software for free are likely to be dodgy.
Make sure employees understand copyright and other intellectual property issues.




Any information published on the internet will normally be protected by copyright.
The use of software downloaded from the internet is covered by copyright laws.
Remind employees that unauthorised copying is a criminal offence.
Republishing images or content on social media services (like Twitter or Facebook) can also breach
copyright law.
2
5. Online purchasing
5.1
Make all employees aware of the potential contractual liability arising from online ordering and purchasing.

5.2
Allow online purchasing only from approved suppliers.

5.3
It is a good idea to maintain a list of approved suppliers from which your business purchases.
Allow online purchasing only by authorised employees.


5.4
Employees should only enter into contracts on the company’s behalf if they have permission to do so.
Control the company’s account details for approved online suppliers. For instance, have one company
account from Amazon, and ensure only your purchasing manager can access it.
Make sure your policy specifies how a staff member can request a purchase when an item is required.
Make sure payments are handled securely.

Before entering any payment details, make sure the website’s address starts with https:// and that the
padlock symbol is shown in your web browser.
6. Social networking
6.1
Take particular care with social networking sites and similar services.
Their informal nature may encourage employees to make defamatory comments for which you may be liable.




6.2
If your business operates social networking accounts, make a particular employee (or group of employees)
responsible for these.
Employees should not use social networks to comment on your company or competitors or disclose any
business information.
Clearly define what you consider to be acceptable and unacceptable behaviour.
Adopt a ‘don’t post it unless you’re sure’ policy. Social media backlashes can be created when a company
account posts something controversial without thinking through the potential consequences.
You may want to ban employees from social networks altogether.



6.3
This can be hard to enforce. Even if you block Facebook on company computers, your employees may still
access it via their smart phones during working hours.
It can make more sense to allow reasonable use. For instance, permit employees to access personal social
networking accounts during breaks.
Keep in mind that social networks can be very distracting for employees.
Consider creating a separate social media policy, to help staff understand the issues.
7. Your own website
Use your policy to help make sure your own website runs smoothly.
7.1
Nominate an individual to be responsible for your website.

7.2
Set out how other employees and any contractors will be involved.
Put appropriate technical standards and controls in place. For example:
3


Control how the site is updated.
Only allow authorised employees to update the site.
7.3
Do not infringe other people’s intellectual property rights.
7.4
Make sure all employees understand their responsibility for the website.



Let employees know if they are responsible for keeping any material up to date.
Make this a performance review issue.
Encourage all staff to be aware what information is carried on the site and what services are offered.
8. Implementing your policy
8.1
8.2
Your employees are likely to use the internet frequently outside of work, so it’s more important than ever to
consult them on what should be in your policy. Some may even be more familiar with the issues than you are.
Make the policy available to everyone.


8.3
Consider implementing software to regulate internet use without obstructing legitimate access.



8.4
Make sure employees sign a copy to confirm they have read it.
Refer to the policy in your employment contracts.
Filtering software can prevent access to some inappropriate sites.
However, no filtering software is 100% effective. It can inadvertently block useful sites too.
You can use filtering software to block certain sites at specific times. For instance, you can prevent
employees accessing Facebook during normal working hours.
Consider using monitoring software to track how employees use the internet .


Monitoring software produces a log of the sites each user visits, and any downloads made.
However, monitoring software generally only provides evidence after problems have occurred.
There are legal restrictions on how you may monitor employees’ use of the internet (and email). If you wish to
use monitoring software, you must tell employees you intend to do so in your internet policy and your
employment contracts.
Also, keep in mind that many of your staff will be internet-savvy. If your use of filtering or monitoring software is
heavy-handed, they may resent the implication that they are not able to manage their own internet use.
8.5
Enforce the policy.

Make someone in your business responsible for enforcing the policy.
Typically, your network administrator will be responsible for routine enforcement. However, a director should take
overall responsibility.



Apply the policy consistently and fairly to everyone, including management staff and leadership teams.
Clarify and justify any exceptions.
Make sure you have an appropriate disciplinary procedure in place to deal with breaches of the policy.
The policy will only provide legal protection if it is properly implemented and enforced.
Cloud computing
4
It’s a good idea for your internet policy to cover cloud computing services, because use of these services has grown
rapidly.
A.
Data protection can be an issue with cloud computing.


B.
Cloud services often require you to upload or transfer company data over the internet.
Make sure employees are aware of the risks of transferring sensitive information.
Employees should only use cloud services approved by the company.


C.
If your business has decided to take advantage of cloud computing, make sure relevant employees have
access to the cloud services you use.
Do not allow employees to sign up for cloud services independently.
Make it easy for staff to suggest useful cloud computing services.


Employees who are good with computers may identify cloud services they believe could help your business.
Make sure you have a clear process for evaluating such services. If you do not, employees may sign up and
start using them without your knowledge.
Expert contributors
Thanks to Craig Sharp (Abussi, www.abussi.co.uk)
Last updated 01.10.14
© Atom Content Marketing 2014. ISSN 1369-1996. All rights reserved. No part of this publication may be reproduced or transmitted without the
written permission of the publisher. This publication is for general guidance only. The publisher, expert contributors and distributor disclaim all liability
for any errors or omissions. Consult your local business support organisation or your professional adviser for help and advice.
5