Internet Usage at Work: The Balance Must Be Right
Sir, Clive Couldwell (IT security, are you at risk? 6 January) highlights the mismatch between technical capability and business need - the internet and Turnbull Report. One of Turnbull's symptoms to watch for as an early sign of problems asks if there are "marked differences between IT service provision and what the business users require, and a disconnect between the overall business and IT strategy and the operational and development activities".
How many companies that now acknowledge the major external IT security threat is the internet-sanctioned internet connectivity for all, or the facility for internal threat by providing PCs with copying facilities (disk/CD).
Instead of trying to manage these problems by throwing technology and money at them, why not ask the IT department the question: "Can we not have internet access isolated physically from our internal systems with a small numbers terminals dedicated and specific to this purpose?" To which the answer is yes. Also ask: "Can we not supply PCs without copying facilities?" - to which the answer is yes again.
There is of course the productivity benefit of all the staff not spending three hours a week on the internet on non-company activities as reported.
Sir, internet usage and employee e-mails are already making news and causing litigation among some large corporates. Those that have fallen foul of the law have discovered subsequently that this new part of company culture can have expensive consequences for company directors.
Declaring what a company's internet usage policy (IUP) actually is must now become a fundamental requirement for all businesses. Directors of small and medium-sized companies cannot simply ignore the legal dangers of internet and e-mail abuse, hoping that it will never happen to them.
The problem is that smaller businesses believe they are immune to internet and e-mail security issues and dismiss such matters as being the pain-point of the large corporates. However, internet usage and content security will increasingly become a major concern for these organisations.
Any company that provides internet and e-mail access for its employees should now provide an IUP statement as a standard part of its terms and conditions of employment. Directors need to be aware of their responsibilities and the legal implications of unsolicited and non-work related e-mail communications involving their employees. Without a policy in place and the software tools to police and manage it they are at risk.
Employers can now be judged liable for offensive or inappropriate material sent by employees and the very existence of many small businesses may be threatened by ensuing litigation.
By establishing an IUP, educating staff and employing the right technology to enforce the company policy on internet and e-mail usage, employers will be protecting themselves, as well as their employees, from any such risks.
A company's IUP should clearly specify what is considered to be the appropriate use of e-mail, acceptable and non-acceptable internet-based news groups and work related download access/transfers areas. …