Jidaw Systems

Policy Guidelines on Internet use

As Internet usage becomes more widespread in offices, there is a need to have guidelines to minimize risks introduced by the Internet. A policy for internet use in an organization is required to ensure the Internet is used in the office for work performance, rather than for personal activities.

Essentially a well thought out and implemented policy helps to protect your system resources, secure your confidential data, avoid wasteful and costly litigation, protect users from inappropriate content and guard your corporate image.

What are the risks Internet use brings to an organization? A related concept that is gaining ground in this area is that of “cyber-loafing”. This occurs when staff use the Internet mainly for playing games, downloading questionable software, online shopping, conducting personal business online, checking sports stories or gambling. The impact of “cyber-loafing” is definitely negative, as this lowers staff productivity and the company incurs real costs associated with wasted time.

But “cyber-loafing” is not the only risk of Internet use in the corporate environment. Other red flag areas include but are not limited to: leaking of sensitive information through e-mail, sending of offensive messages, fraud, “419” mail, sending sexual and racist mail, visiting of pornographic sites, copyright violations and other staff misconduct online.

Interest is growing in the legal implications of an employee's conduct online. Should or can an employer seek redress for an employee's misuse of its e-mail system, or is an employer liable for an employees misuse of the internet access?

Still another area of concern posed by internet is that of exposure of the organization's servers to hostile attacks through worms and virus programs downloaded from the net. Controlling the rapid spread of attacker programs introduced through internet use is a major concern for system administrators.

It is obvious that organizations must devise ways of controlling and managing web and email usage. No organization can afford the uncertainty that unrestrained Internet use brings. User policies are therefore necessary to guide users on what is appropriate and inappropriate behaviour online. Clearly there is a need to establish written, clearly communicated and explicit policies.

To be effective users must be exposed to the policy, training and enforcement. So what are the likely things to consider when articulating such a policy?

The policy should be thorough and reflect corporate strategy for your computing environment and associated facilities. Essentially policies should be written to be applicable to all scenarios within the organization.

The purpose of the policy must be stated in an introduction.

The scope of the policy as to who and what facilities should be clearly defined. Who needs Internet access in the organization? Which people in the organization? What departments? What Internet services do they need? Email? Web browsing? Access to clients, vendors, or contractors?

This policy statement should provide specific instructions on the ways users would use facilities that are made available to them. Do users need full time or part time access? How is Internet access integrated into business activities? Full integration or just for mail, browsing or research activities? An effective policy on Internet use must answer these questions with a view to creating an environment that exploits Internet resources in a cost-effective manner with minimal risk to the organization.

In the policy, the organization must consider issues such as an employee's personal usage of the web and email, employee privacy with respect to e-mails, appropriate internet behaviour, the amount of resources used for Internet usage vis a vis other IT requirements, and of course the consequences of policy violation.

The essence of the user policy is to establish what is permissible when using company resources to access the Internet.

The policy should include:

1. Conditions of use: Permitted uses and activities / Prohibited Uses and activities, i.e. Rights and Privileges, Privacy rights, confidentiality, etiquette (professional and appropriate language), public representations on the internet, Network monitoring, data and application ownership, email retention, company's right to monitor, executable graphics and/or programs, downloading, visiting pornographic sites, sending abusive e-mail messages, personal email accounts, passwords, appropriate use of software, systems, equipment, editorial control, copyright. Specific procedures / controls / confirmations on downloads, procedure for non-company users, appropriate use of equipment, e-mail, and the Internet, user account and password management and selection guidelines, security awareness training and testing, incident reporting, and virus handling.

2. Responsibilities and accountability of users. Separate user activities and accountability. The policy should have clear lines of authority and responsibility.

3. Policy awareness. The policy needs to be vigorously promoted and enforced. The policy can be publicized through seminars, meetings or informal sessions with staff. Since all Internet users are expected to be familiar with and comply with these policies, it should be accessible to all concerned.

4. Signing off of policy agreement by all users. Every staff should have a copy of the policy. Staff are expected to sign and return an acknowledgment of having read it.

5. Policy compliance and Feedback

The organization must ensure policy compliance and get feedback on implementation. Companies can use monitoring and reporting software to ensure compliance. Feedback helps in fine-tuning the policy and removing any rough edges.

6. Violations - how are they treated and managed? Processes include: Disciplinary process, policy enforcement process, policy breach response process. These processes should allow you to Correct, Alert and Audit.

7. Contact - There should also be a contact point for questions about the policy. The policy should list the person or people at your company to whom policy violation claims should be reported.

8. Definitions. It may also be appropriate to include a section for definitions of the terms used in the policy.

9. Periodic review and update. The policy must reflect current employee and business needs. What may be inappropriate now may be deemed appropriate by year end.

These guidelines are by no means an exhaustive list of what should be in your Internet user policy, but hopefully they should nudge you the right direction. All the best with your policy formulation.


Jide Awe

Jide Awe is the Publisher of Jidaw.com.

For more coverage and information related to this topic, head to the IT
Articles and Management Resource Center:



What Do you Have to Say? Post Your Comments about this content resource Here.


comments powered by Disqus


Innovation is integral to Sustainability

Read more

Samsung Galaxy Grand Prime: Important Features and Sincere Impressions

Read more

Girls in ICT Day Events and Activities

Read more

Self Worth, New Year

Read more

Girls in ICT Day Events and Activities

Read more

Level of OSS deployment and usage in Nigeria

Read more

Self Worth, New Year

Read more

Students face the Reality

Read more



Ideas are not enough. You must be action oriented to improve your future.



Don't just think but act. You get results not only from thinking but from acting.



You have ideas. You want to achieve. You want opportunity.



But what are you still doing in your comfort zone? The comfort zone is a dangerous place.



"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.



Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.



GO on the offensive now with IT Education and Empowerment.



What is the use of ideas without action?



Start becoming the achiever you deserve to be.