The value of an Internet usage policy

Powerful tools require careful management. They always have. The same power and force that makes a tool so effective can, in a single moment of inattention, quickly transform the tool from an implement of construction into a device of destruction. The maxim holds true whether the subject is a contractor-grade 7-1/4-inch circular saw or the Internet.

The same capacities and dynamism that make the Internet such a profound business tool also render it a potentially dangerous diversion. Used improperly, the Internet can subject every organisation to harassment claims, countless hours of lost productivity and innumerable security leaks and vulnerabilities.

Eight seconds to infection
Industry statistics demonstrate that PCs connected to the Internet possess an incredibly high likelihood of being quickly afflicted with spyware programs and viruses. The malicious programs can, subsequently, result in data corruption or, worse, the organisation's data being made available to unauthorised parties as the result of a Trojan horse infection.

In fact, a BBC report claimed Windows XP machines were infected with a virus within eight seconds of being connected to the Internet. According to a Guardian story, unprotected systems connected to the Internet have "a 90 percent chance of becoming infected with a virus within 40 minutes". Most corporate systems will enjoy antivirus and firewall infection, but risks still exist.

Billions in lost productivity
Employees frequently review eBay auctions, check sports scores, read titillating entertainment news and trade stocks, all when they should be fulfilling job tasks. Numerous studies place the cost of lost productivity resulting from improper Internet use in the billions of dollars range.

If such figures seem extreme, even conservative estimates prove alarming. Consider the effects of each employee (in a 100-employee organisation) wasting just 20 minutes a day on unauthorised Internet use. At just $40 an hour, that's more than $340,000 in lost productivity a year.

Legal liability
Some employees may surf inappropriate adult sites that, if enabled by management and witnessed by others, could constitute grounds for harassment claims. Or, employees using organisation-provided Internet access could knowingly (or unknowingly) violate international copyright law, which could further expose the organisation to liability.

Internet usage policies
What's an organisation to do? Internet access is now required for fulfilling job responsibilities seemingly in a majority of professions. While various technology solutions (proxy servers, Web monitoring software, filtering appliances, firewalls and so on) can help prevent users from misusing the Internet, no technology is foolproof. Users encumbered with no other restrictions are likely to find success circumventing strictly technological controls.

That's where the value of an Internet usage policy, also known as an acceptable use policy, comes into play. Regardless of the technological solutions in place, a policy ensures every employee and organisation representative understands organisation-provided Internet services are to be used only for fulfilling job responsibilities.

Further, Internet usage policies can:

• Clarify what constitutes acceptable use of Internet services
• Ensure employees understand who to contact with questions regarding acceptable use
• Ensure employees understand the penalties that arise from Internet misuse
• Help lessen an organisation's spyware and virus infestation rates
• Provide human resources with signed documentation from each employee stating a pledge not to improperly use Internet services
• Help mitigate productivity losses
• Decrease dependence upon technology solutions used to enforce employee behaviour
• Reduce the organisation's liability resulting from harassment claims, copyright violations originating onsite and other illegal acts

Complete TechRepublic's Internet Usage Vulnerability Assessment if you are unsure whether your organisation requires an Internet usage policy. The interactive Microsoft Excel tool will help gauge your organisation's exposure.

Should the assessment convince you that your organisation requires an acceptable use policy, review TechRepublic's Internet Usage Policy, which serves as a ready-made template. Customise the policy to meet your organisation's specific needs, or use it as-is to quickly introduce an overarching policy within your organisation.

Remember that just rolling out such a document will not eliminate the risks Internet use poses within your organisation, however. The Information Technology department must aggressively enforce such policies. Employees will naturally resist the effort, so it is important to communicate the seriousness and the risks the policy is designed to protect against.