7 useful tips when implementing policies on Internet/email use

Implementing new Internet/email use policies can be a nerve-wracking affair, especially if a drastic change is employee behaviour is expected. However, there are certain steps that can be taken to better manage the transition. Seven tips are suggested.

Many organisations, from small enterprises to large corporations, are opting to establish Acceptable Internet Use Policies (AIUPs) and/or Acceptable Email Use Policy (AEUPs) to govern how their employees use the available Internet and email facilities. Typically, organisations are driven to implement these policies to address loss of productivity due to:

  • excessive use of the their online resources for personal matters
  • the need to protect their networks, files and equipment from viruses, malware, unauthorised access, and other cyber threats, and
  • the need to ensure that all illegal activities for which they could be held liable, are clearly prohibited.

However, anything new and different from the status quo can be challenging to implement, but these seven tips can help employers and managers navigate some of the difficulties that can arise when implementing new Internet use/email policies.

1.  Avoid conflict in company documents

To limit confusion when an AIUP or AEUP is ready for implementation, earlier policy documents and even employment contracts should also be reviewed. Where inconsistencies, or confusing provisions exist in the various documents, they can be amended to reflect a more cohesive and coherent position on the issues of Internet and/or email use in a corporate setting. For example, an employment contract might permit reasonable personal use of the Internet, but the AIUP might ban this outright. Such discrepancies should be addressed to that a more uniform position is maintained.

2.  Discuss policy prior to implementation

This suggestion is important when a new policy is being introduced, and especially when its implementation will drastically change the current situation. Although management might be eager to establish a particular policy, it is always a good idea to try to get some buy-in from the staff, rather than unilaterally implement new measures. It is also recommended that such exercises be conducted with an open mind and collaborative manner, as staff members often spot deficiencies and issues that had not been previously considered, which can be addressed.

3.  Do not piggyback unduly on employee resources

A typical provision in AIUP/AEUP documents is prohibiting employees from using the Internet or organisation’s email facility for personal purposes, but to what extent does the company expect staff members to use their personal resources on the its behalf? Although persons may need to use their personal email addresses, for example, to attend to an office matter, that should be the exception rather than the norm, and should be discouraged. Instead, employers ought not to expect or rely on their employees to use their resources on the their behalf. For example, if the office’s email accounts can only be accessed within the office and there is no webmail equivalent, or if the office’s accounts frequently malfunction, there can be an expectation that staff should use their personal email accounts for work purposes. Offices should implement appropriate systems to limit such reliance, and not appear to be taking advantage of their staff.

4.  Recognise that a balance (of sorts) is necessary

Although AIUPs/AEUPs typically prohibit persons from using an organisation’s Internet or email account for matters of a personal nature, rigidly implementing such bans can be counterproductive. This is particularly the case in today’s society where smartphones are the norm, and staff members are able to attend to personal matters on their own devices, independent of the work places’ resources. Hence, employers should be prepared to make certain allowances to boost staff morale, and to varying degrees, productivity.

5.  Be clear about the sanctions that can be exercised

Many policies do tend to indicate that breach of their provisions could lead to termination. While this might be true, it is important to consider which breaches require immediate termination, and which ones do not.  In a number of instances an escalation process, such as a verbal warnings, written warnings, suspension, termination, may be more appropriate. This is a matter that should be discussed with staff members, especially if other office documents, do not address the organisation’s disciplinary framework.

6.  Consider implementing monitoring options

Many organisations resort to implementing AIUPs and AEUPs to protect their resources and to limit cyber-slacking by their employees. Having prohibited certain Internet and email behaviour, it then becomes important to be in a position to monitor the extent to which those policies are being followed.  Many of the measures that can be employed, especially the good ones, will have a price attached. However, if an organisation is serious about the policies it implements and the dangers it hopes to protect itself from, then it should be prepared to invest in systems that would assist it in that regard.

7.  Regularly review company policy against legislation

Increasingly in many countries, there is a growing list of online activities that have been labelled as criminal offences. AIUPs and AEUPs frequently refer to such provisions to highlight behaviour that is forbidden by organisations, since they can be held liable for illegal activities conducted by employees using their resources and/or on their premises. Further, recognising that there is a growing focus on preparing more legislation to govern cyber matters, such as to strengthen enforcement against copyright infringement, it is important for organisations to review their policies against current legislation regularly, to ensure they are update and consistent with prevailing rules.

Image courtesy of An English Shooters Blog