Internet Use Policies: Do Your Employees Even Know What is Acceptable?

I bet you’ve ordered something online at work. It may have been pizza for your lunch or flowers for Mother’s Day (…the day before—hey, we’ve all had gift-related emergencies). But did you stop to think whether it’s allowed by your acceptable use policy? In a company with 10 or 20 employees, this may not be a big deal. But in a company of hundreds or thousands, it may slow down your network and hurt profit or productivity.

What’s in your policy? Is social media allowed? How about online transactions? All employees should be able to answer these questions. What good is a policy if your employees don’t know how to follow it?

How to write a good internet use policy

Keep it short. Nobody wants to read a 10-page manual on acceptable use, and will sooner give up or skim. This does not help. Employees need to understand that their internet use affects the company.

But while brevity is important, you need to be thorough. Deciding what’s allowed and what’s banned is hard. For example, social media is a powerful tool. Your marketing team may manage your company’s Facebook page, or maybe your sales team needs LinkedIn to help find leads. These are important to your business, but there has to be some limitations or social media may become distracting in the office. It is also hard for someone to control the content that shows up in their social media feed—some of the content may be funny to one person and offensive to another (see also: The Drew Carey Show S1E05).

Lastly, some social media have game plug-ins. As an IT professional, I’m worried less about employees wasting company time on these games, and more about the security of them. Not all games get updated frequently, and many are based on Flash (and we all know how well that’s going.)

So how do you deem a website acceptable? Using tools like Google Safe Browsing is a good start. The problem with testing each and every website for security, however, is that the internet is kind of large. Blacklists quickly become unmanageable. Instead of blacklisting websites, some companies use whitelists to block all but a few sites. Still, your employees may just log into your guest Wi-Fi with their own devices to send that Vine (this is still a thing… right?). This is where you can go down a never-ending line of policies. There has to be balance.

This is what I recommend for a great acceptable use policy:

• Keep it short
• Keep it easy to understand
• Talk about your policy. Don’t just drop it off on your employee’s desk (they will never read it)
• Follow through

Following up with your internet use policy

Now that we have an easy-to-read policy, we need to talk about how we’ll follow up. Setting a policy without following up is setting yourself up for failure. You might as well have never written a policy to begin with.

Scrutinizer allows you to follow through with your policy. By monitoring NetFlow and setting alarms and daily reports, you can make sure that your traffic is work-related. For example, you may see that your employees are not going to Facebook frequently, and in turn you can lighten the rules on social media. Lightening the right rules reduces the time it takes to monitor your employees and raises morale. On the other hand, if your network is saturated with Facebook traffic to the point where you need to purchase more bandwidth, it’s in your best interests to restrict social media.

Finding a happy medium is key. You’ll set up a trusting relationship with your employees and a more secure environment for your network.

Create an easy-to-understand acceptable use policy and follow through with network monitoring tools like Scrutinizer. Get started now by downloading the free trial of Scrutinizer.

If you find that there is one employee that needs to be looked into more than the others, I suggest checking out our blog on user bandwidth monitoring.