From Ryan Groom,
Your Guide to Business Security.
FREE Newsletter. Sign Up Now!

Block of Certain Non-Business Internet Web Sites

Policy: Certain non-business web sites may be blocked. Workers who discover they have connected to a web site that contains sexually explicit, racist, or other potentially offensive material must immediately disconnect from that site. The ability to connect with a specific web site does not in itself imply that workers are permitted to visit that site.

Commentary: This policy is intended to prevent various problems, such as those resulting from the downloading of inappropriate content. These activities might be construed as creating a "hostile working environment," which in turn might expose an organization to lawsuits.

Internet Discussion Group And Chat Room Participation Forbidden unless permission is granted by management

Policy: Unless expressly authorized by the appropriate department, when using the Internet all workers are forbidden from participating in Internet discussion groups, chat rooms, or other public electronic forums.

Commentary: The intention of this policy is to prevent embarrassment and perhaps legal trouble for an organization. This policy seeks to strictly limit who is representing the organization on the Internet. The policy is necessary because so many people take an informal attitude towards posting material on the Internet; in effect, the policy says "watch what you say in public." Separately, the words "public electronic forums" could include on-line teleconferences and other arrangements.

Disclosure Of Personal Contact Information In Public Internet Forums

Policy: At no time should an employee disclose their real names, addresses, or telephone numbers on electronic bulletin boards, chat rooms, or other public forums reached by the Internet. Utilize anonymous e-mail accounts where identification is required so that any information posted will not lead back to the organization.

Commentary: Intended for personal use of the Internet, the policy is impractical for most Internet business activities because the parties will need to exchange money or physical items, in which case contact information must be correct. The policy puts people on notice that they can conceal their identity and that they need not disclose such information when on-line (many are not aware of this). The policy is most relevant to off-hours use of the Internet. Organizations taking a proactive approach to these potential problems with the children of employees will help reduce personal problems that may in turn interfere with employee work performance.

Handling Software And Files Down-Loaded From Internet

Policy: All software and files down-loaded via the Internet must be screened with virus detection software. This screening must take place prior to being run or examined via another program such as a word processing package.

Commentary: The intention of this policy is to clearly define the process that users must go through before they execute software or open data files that have been down loaded from public networks. While viruses, Trojan horses, and worms used to be threats only with software, they are now increasingly being included with data files, such as macros that come along with Office programs. This policy helps to reduce the negative side-effects occasioned by viruses and related programs; these include system down-time, unauthorized erasure of data files, and subtle unnoticeable modification of data files.

Reliability Of Information Down-Loaded from Internet

Policy: All information taken off the Internet should be considered suspect until confirmed by another source. There is no quality control process on the Internet, and a considerable amount of Internet information is outdated, inaccurate, or deliberately misleading.

Commentary: The intention of this policy is to make workers aware that much of the information on the Internet is not reliable. Workers often naively believe that what they read on the Internet is trustworthy. The Internet is, for the most part, unregulated and unsupervised. As a result, con games and other scams are now being perpetrated via the Internet. One of the most prevalent Internet misrepresentations involves provision of information allegedly for the public's benefit, when it is in fact a disguised advertisement. A positive side-effect of this policy is that it causes staff to think more deeply about the quality of the information they use for decision-making.