Craft your own Internet usage policy
Tuesday, July 29, 2008 11:48 AM
Having clear guidelines will help employees better protect company assets when they are on the network.
The Internet is an important resource for your customers and employees. It is imperative that you inform your users about the purpose and use of the company Intranet and Internet.
By educating your users and setting out a clear policy, you’ll gain a valuable ally in protecting company assets when users are on the network. The guidelines I present here are generic and should be modified to fit your business model.
Standard Internet practices
These guidelines will help you find appropriate uses of the Internet for
YOURCOMPANY business purposes.
Overview
This guideline does not contain all of the do's and don'ts of Internet usage.
While this guideline will list examples of improper usage, your good judgment
and common sense are essential to guiding you on the appropriate uses of the
Internet and will help protect YOURCOMPANY resources.
Contractors can use the Internet for YOURCOMPANY business purposes in order to fulfill their contracted assignment. Their usage must adhere to the guidelines within this policy.
General principles
Your first obligation as a user is to protect YOURCOMPANY
information assets. The assets that comprise the YOURCOMPANY network
are business assets and should not be considered personal assets. Here are the
general principles for Internet use for YOURCOMPANY business
purposes:
- Material that would be considered inappropriate, offensive or disrespectful to others will not be accessed or stored
- Any software downloaded or installed on YOURCOMPANY assets must comply with applicable licensing agreements and copyrights
- Use only network services you have authorization to access
- Do not send material classified for internal use only via the Internet
Specifically, the Internet should not be used:
Consult with your manager if in doubt about any use of the Internet.
Data classification
Personnel records and financial information that is stored on the network is
considered information for internal use only. This information, along with other
proprietary information will not be sent via the Internet. Managers can make
exceptions for sending YOURCOMPANY internal-use-only material when
appropriate encryption is used.
External communication
Electronic mail or e-mail is the most commonly used form of communication on
the Internet. When communicating outside YOURCOMPANY, remember:
- No form of chain letter will be sent using YOURCOMPANY assets
- Do not send e-mail so that it appears to have come from someone else
- Do not automatically forward your e-mail to a non-YOURCOMPANY e-mail address
- Telnet: or trying to remotely access a system you are not authorized to use is not permitted. Unless you have prior authorization, do not run port or vulnerability discovery programs or try to get into open ports.
- When downloading software, you must comply with YOURCOMPANY procedures for the importation of software, even if it’s "public domain". As a courtesy to others, try to do large file transfers during off hours.
If you have any questions regarding Internet usage, contact your manager.
Final thoughts
The guideline I’ve given you may not cover all the aspects of your network,
yet it will give you a good starting point if you don’t have a policy in place
already.
Enlist your user population in your security effort by putting out some simple do's and don'ts on Internet usage. Controlling Internet usage is not a difficult task. It involves putting together some guidelines and distributing those guidelines to the users, then educating your users.
Once your users are informed on what they can and can’t do on the network, enforce your guidelines. Don’t forget to modify your guidelines as your business and network grow.
Do you have a guideline for Internet usage in place? How does your guideline differ from the one that is presented?
There are currently no comments for this post.