Get Safe Online

Home   Knowledgebase   Protect your business   Write good staff policies

Write good staff policies

Employees should pay as much attention to online security as you do

When employees have access to the internet at work, there are serious risks involved. They can download viruses, create legal liabilities, gain unauthorised access to critical information and, potentially, leak it. Good technical security and staff training can help. Good staff policies are also important because they make it very clear what is acceptable and what is not.

Get professional advice

This article presents an overview of the key issues. You will need to get professional advice in drafting staff policies and changes to employee contracts. It is also worth getting advice about how to introduce new policies to staff and combine them with a training programme.

What to include in an internet policy

  • When private internet use is acceptable.
  • What kinds of material are off limits.
  • How confidential information should be treated.
  • Use and care of company property such as laptops.
  • Rules about remote access to the company.
  • Guidelines about installation of programs and software piracy.
  • Security guidelines such as the use of strong passwords.
  • A ban on sharing and downloading copyrighted material like MP3 songs.
  • Details of any monitoring activity you will undertake, if any.
  • The consequences of breaching the policy.

What to include in an email policy

  • Disclaimers on emails (“this email is private and does not represent the views of the employer…” etc.).
  • What tone and approval is required for email correspondence with people outside the company.
  • Whether a manager’s sign off is required for external email.
  • Additional guidelines, if appropriate, relating to the Data Protection Act; email and distance selling legislation and libel laws.
  • How to handle confidential information when sent by email or, indeed, whether it should be transmitted electronically without encryption or other protection.

How to prepare and implement a policy

  • Be clear about the risks you are trying avoid.
  • Consult staff about the proposed policies and get their input.
  • It is important to strike a balance between practicality and control. Remember that trust is as important as supervision.
  • If you use a lawyer’s boilerplate policy, check to make sure that it applies to your circumstances and that it is easy to understand. Don’t be afraid to ask for changes and simplification if necessary.
  • Where appropriate, include the new policies in staff handbooks, new employee induction, intranet sites and so on.
  • It needs to tie in with your disciplinary procedures, employee contracts and other policies such as non-discrimination.
  • Make sure that everyone sees the policy once it is finalised.
  • Make sure that the policy is available for people to consult.
  • Encourage feedback from employees. A policy that is so restrictive as to be unworkable will be circumvented rather than complied with – it is better to know where the shoe pinches.
  • Someone in the company should be responsible for implementing and monitoring the policy.
  • Keep the policy under review to make sure it stays current.

Further information

  • Business Link.  Click IT & e-commerce then Staff and IT.
  • ACAS has a guide to staff policies.

Previous article
Train staff
Next article
Use encryption
 
 
Bookmark | Print | Email | Embed page
 
| | Digg | Slashdot | StumbleUpon | Delicious | Jumptags
 
 
Copyright (c) 2010 Get Safe Online. All rights reserved.
Powered by NQcontent