You are using an outdated browser. Upgrade your browser today for a better experience of this site and many others.
OneClick Client Portal
Follow us on Twitter
Like us on Facebook
Link us on LinkedIn
Read our blog on Wordpress
For a free consultation call: 0114 251 8850 or email: firstname.lastname@example.org
Why you should have a written policy for your employees covering acceptable use of the internet and email. A draft acceptable use policy is included. At Hart Shaw, we can provide you with assistance or any additional information required.
In order to protect the firm, its employees, customers and suppliers, all members of staff should be given a copy of the firm’s policy regarding acceptable use of IT resources – particularly internet and email access, as well as data protection policies. It may also be necessary to have a separate Bring Your Own Device (BYOD) policy covering the use of personal devices and to what extent (if any) these are permitted connect to corporate information systems.
Any such policies should form part of the contract of employment – to the extent that any breaches of the policy could result in disciplinary action, and in some cases even dismissal.
Having an acceptable use policy not only helps protect the organisation's exposure to rogue software, legal action, and loss of corporate/personal data, it can also help in disputes with employees.
Employees need to be wary of the content of all emails they may send. One email sent thoughtlessly can have repercussions and unintended consequences, for both the employee and organisation, such as large penalty fines and reputational damage.
Due to the uncensored nature of the material on the internet, there are a large number of websites that contain offensive, obscene and illegal (in the UK) material. Employees should not access such sites and attempts to block these where possible should be made by the business.
Innocent looking websites and emails have been used to tempt users to download material which has been found to contain a virus, or to disclose company, or personal confidential data where they would not normally be imparted.
Employees should be given training to recognise the tell-tale signs of bogus emails and how to perform simple checks online before submitting data to a website.
Employees should also be told what the procedures are should they fall victim to such attacks.
Firms may wish to include references to the use of personal phones, personal headsets and social networking. The use of these or restrictions on the use of these will very much depend on the working environment.
To minimise these kinds of potential problems, employers should consider setting out a policy statement for all employees embracing internet and email access.
A suggested policy statement is shown below, which provide a useful starting point.
The companies and firms see the internet and the use of email as an important business tool.
Staff are encouraged to enhance their productivity by using such tools - but only in accordance with the guidelines set out in this document.
The internet is largely unregulated and uncensored and we have a duty of care to protect the security of the company’s/firm’s internal information, our customers, our suppliers and our employees from malevolent, obscene and illegal material.
The company reserves the right to monitor emails and internet sites visited by an employee. These may be performed at random or where there is a suspicion of behaviour which breaches the company’s ‘email and internet access’ policy.
Staff will be informed, by management, that they may be monitored at any time, when using business systems.
Covert monitoring will only be performed in exceptional circumstances and only when sanctioned by a senior officer(s) of the company/firm.
The company/firm reserves the right to monitor email and internet traffic. However, individual users will not be identified in the monitoring process.
It will be assumed that all staff understand and agree to the policies unless a director (partner) is notified otherwise. Any exceptions are to be appended to the employee's contract of employment and signed by a director (partner) and the employee.
All the company’s/firm’s resources, including computers, access to the internet and email are provided solely for business purposes.
The purpose of this policy is to ensure that you understand to what extent you may use the computer(s) owned by the company/firm for private use. It covers the way in which access to the internet should be used within the company/firm, to comply with legal and business requirements.
This policy applies to all employees of the company/firm and failure to comply may lead to disciplinary action in line with the Disciplinary Procedure. In addition, if your conduct is unlawful or illegal you may be personally liable.
A computer and internet access is provided to you to support the company’s/firm’s activities.
Private use of computers and the internet is permitted, subject to the restrictions contained in this policy. Any private use is expected to be in the employee’s own time and must not interfere with the person’s job responsibilities. Private use must not disrupt IT systems, or harm the company/firm’s reputation.
You should exercise caution in any use of the internet and should never rely on information received or downloaded without appropriate confirmation of the source.
The following users have access to the internet and email from all the following PCs…
The internet may not be accessed for personal use during normal hours of employment. Occasional use for personal reasons is allowed outside working hours, however the restrictions set out in ‘Browsing/downloading material’ (below) must be adhered to.
Personal emails may not be sent/received unless in an emergency and with prior authority from a manager.
Emails must conform to the same rules as issuing correspondence on the company’s/firm’s headed paper.
Emails must not contain controversial statements/opinions about organisations or individuals. In particular, racial or sexual references, disparaging or potentially libellous/defamatory remarks and anything that might be construed as harassment should be avoided.
Emails must not contain offensive material.
Emails containing a virus must not knowingly be sent.
Emails coming from an unknown source must not be opened but disclosed to management (see Disclosure).
Emails sent externally, must contain the company’s/firm’s disclaimer (see sample below)
Emails (sent and received) must be stored in the appropriate client files and use the same naming conventions which are used to store letters and other correspondence.
Emails sent with attachments containing any sensitive data must be encrypted and password protected. Passwords should never be sent by email. Where possible try to send this data by other means.
Only material from bona fide business, commercial or governmental websites should be browsed/downloaded.
No other material should be browsed/downloaded. This specifically includes games, screensavers, music/video and illegal, obscene or offensive material.
Laptops are liable to be inspected by authorities, particularly if travelling by air/sea/rail, both within and outside the UK. Where an employee has a company’s/firm’s laptop they must ensure that it does not knowingly contain illegal material.
Laptops containing corporate data should be encrypted.
Company’s/firm’s laptops may be used for email/internet use without being connected to the corporate server. Appropriate security software to allow such access and to mitigate the risk of viruses or hacking, should be installed.
Portable media devices include USB drive, CDs, DVDs etc.
Where these contain confidential corporate or personal data, the data contained on these devices should be encrypted.
Where using portable devices, only business approved devices should be used.
Employees have a duty to report the following to management:
A breach of any of the policies is a disciplinary matter.
Illegal activities will also be reported to the relevant authorities.
Computers are a valuable resource to our business. However, if used inappropriately may result in severe consequences to both employees and the company/firm. The company/firm is particularly at risk when employees have access to the internet. The nature of the internet makes it impossible to define all inappropriate use. However employees are expected to ensure that employee use of computers and the internet meets the general requirements of professionalism.
Specifically, during any use of the computer or internet employees must not:
The following activities are expressly forbidden:
At any time and without notice, we maintain the right and ability to examine any systems and inspect and review any and all data recorded in those systems. Any information stored on a computer, whether the information is contained on a hard drive, computer disk or in any other manner may be subject to scrutiny by the company/firm. This examination helps ensure compliance with internal policies and the law. It supports the performance of internal investigations and assists the management of information systems.
In order to ensure compliance with this policy, the company/firm may employ monitoring software to check on the use of the internet and block access to specific websites to ensure that there are no serious breaches of the policy. We specifically reserve the right for authorised personnel to access, retrieve, read and delete any information that is generated, received or sent as a result of using the internet, to assure compliance with all our policies. Such monitoring will be used for legitimate purposes only.
This email and all attachments it may contain are confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company/firm. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, printing, forwarding or copying of this email is strictly prohibited.
Please contact the sender if you have received this email in error.
Under company law, every company must include their company registration number, place of registration and registered office address on corporate forms and documentation (this includes emails and websites).
In particular, all external emails must include this information – whether as part of the corporate signature or as part of the corporate header/footer.
At Hart Shaw, we will be more than happy to provide you with assistance in formulating an acceptable internet and e mail access policy, or if any additional information is required.
Download content as a PDF