Every business with Internet-enabled computers should have policies that govern internet use by employees. With so many personal and business matters now being conducted online, policies that explain the appropriate use of work computers to access the Internet are essential. These policies, when enforced, can increase productivity among workers as well as protect the computer network and the image of the business.
The Internet policy should clearly state if the employee is able to use the Internet for personal purposes during work hours. If personal use is allowed, there should be set guidelines including permissible times–lunch hour or during breaks–as well as a maximum amount of personal use allowed. If personal use is not allowed, this should be clearly stated and also inform employees that this includes checking personal email accounts online.
Many companies provide employees an email account that ends with @businessname.com. Employees should be made aware that any email sent from this email address reflects on the business. An email policy should include information that should never be sent through a company email account with examples being political or religious information, jokes or other email forwards, and emails that appear to be an official stance of the company when that person is not an authorized spokesperson for the company.
The human resources policy for internet use should clearly state sites that are forbidden from access. Common forbidden sites include pornography sites, gambling sites and sites promoting illegal activities. Companies should consider blocking these websites from access on their server to prevent accidental access of a forbidden site. Many of these sites contain viruses that can easily infect the entire network of computers. The forbidden list should include categories of sites rather than specific site names to avoid overlooking a potentially hazardous site that appears acceptable to the employee if it is not specifically listed.
The Internet policy should alert employees that work computers, browser history and email accounts can be monitored. Employees should not have an expectation of privacy when using a work computer. Even if the employee is allowed personal use of a work computer, the person should be notified that use during that time falls under the same guidelines that covers business use of the computer. Personal email accounts accessed on company time with company Internet access are not confidential.
In addition to spelling out what is and is not allowed, the human resources policy should also state the consequences if the rules are broken. The policy should include consequences for first and subsequent offenses. Also, there may be different levels of consequences depending on the breach that occurred. An employee who surfs porn at work would suffer more serious consequences than someone who places an order for flowers online. Examples of violations and what the employee should expect may make it easier for everyone to understand the policies and procedures.