The importance of an Acceptable Use Policy



Similar documents
How to create a complex and secure backup strategy

GFI MailSecurity deployment strategies

Social networking at work: Thanks, but no thanks?

How to configure IBM iseries (formerly AS/400) event collection with Audit and GFI EventsManager

Archiving technologies

Understanding data backups: why SMEs need them

How to keep spam off your network

The business implications of not having a backup strategy: where businesses get it wrong

Integrating faxes into today s world of healthcare e-records

Patch management with GFI LanGuard and Microsoft WSUS

GFI White Paper. How Web Reputation increases your online protection

GFI Product Guide. GFI MailArchiver Archive Restrictions and Licensing Guide

GFI Product comparison. GFI MailArchiver vs. Microsoft Exchange 2010

GFI Product Comparison. GFI LanGuard 2011 vs Retina Network Security Scanner

GFI Product Comparison. GFI LanGuard 2011 vs Microsoft Baseline Security Analyzer 2.2

security Cloud vs. On-premise solutions

GFI product comparison. GFI MailArchiver vs. Microsoft Exchange 2010

Quick Start Guide for administrators

GFI MailEssentials Online Archive Configuration and usage

Protecting your network against threats

Vulnerability management: Key questions you should be asking

GFI Product Comparison. GFI MailArchiver 6.0 vs Stimulus Software MailArchiva

GFI Product Manual. GFI MailArchiver Evaluation Guide

GFI White Paper. Going beyond Exchange Why it pays to have a dedicated archiving solution

GFI Product Comparison. GFI MailArchiver 6.0 vs Quest Software Archive Manager

GFI Product Guide. How to create a new SQL Server Instance in Microsoft SQL Server 2012 and SQL Server Express

GFI Product Manual. Outlook Connector User Manual

GFI product comparison. GFI MailArchiver vs. Symantec Enterprise Vault

GFI Product Comparison. GFI MailArchiver 6.0 vs EMC Xtender Archive Edition

GFI MailEssentials 2014 Upgrade Guide A guide to upgrading from previous versions of GFI MailEssentials and GFI MailSecurity

GFI Product Comparison. GFI MailArchiver 6.0 vs Waterford Technologies MailMeter Archive

GFI Product Comparison. GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

GFI FAXmaker for Exchange/SMTP 12: An introduction to the architecture and deployment options

Patch management: Fixing vulnerabilities before they are exploited

GFI Product Guide. GFI Archiver Evaluation Guide

Survey: Web filtering in Small and Medium-sized Enterprises (SMEs)

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

GFI MAX RemoteManagement Building Blocks to Managed services

GFI Cloud white paper. Cloud-based services: Easing the IT burden while taking control.

Endpoint Protection Performance Benchmarks

GFI Product Comparison. GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.0

GFI Product Guide. GFI Archiver and Office 365 Deployment Guide

How To Set Up A Journaling Mailbox In Microsoft Office 365 And Gfi Mailarchiver

GFI Product Manual. GFI MailArchiver Outlook Addon

Why organizations need to archive

GFI Product Manual. Outlook Connector Manual

GFI Product Guide. GFI MailArchiver Archive Assistant

Social networking and security risks

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

Human Resources Policy and Procedure Manual

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer

Covered California. Terms and Conditions of Use

U.S. Chemical Safety and Hazard Investigation Board

How to perform network-wide security event log monitoring

OXFORD COMMUNITY SCHOOLS 10 North Washington Street, Oxford, Michigan ACCEPTABLE USE POLICY

GFI Product Manual. Evaluation Guide Part 1: Quick Install

LINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy

GFI Product Manual. Version 6.0. Getting Started Guide

City of Grand Rapids ADMINISTRATIVE POLICY

TERMS and CONDITIONS OF USE - NextSTEPS TM

Hyde School Student Computer Systems Acceptable Use Policy

Transcription:

GFI White Paper The importance of an Acceptable Use Policy In an ideal world, employees would use the computers and Internet access provided their employer solely for business use. It is however, sadly, not an ideal world. Throughout the work day, companies, schools, libraries and other organizations are exposed by their users to the misuse of the system. The dilemma faced by every company is what to do about it and how to start. In this white paper we examine both the extent of the problem of misuse, and the role the creation and dissemination of an Acceptable Use Policy (AUP) can offer in helping an enterprise avoid unwanted consequences and enabling it to deal with transgressions in a fair and systematic way that will survive legal challenges without reducing employee morale and productivity.

Contents The extent of misuse 3 Solutions 3 Acceptable Use Policy 3 What should be in an Acceptable Use Policy? 4 Ideally an AUP should do the following 4 Summary 5 About GFI 5 2

The extent of misuse According to a survey by International Data Corp (IDC), 30 to 40% of Internet access is spent on non-work related browsing, and 60% of all online purchases are made during working hours. The data IDC uncovered includes: 70% of all web traffic to Internet pornography sites occurs during the work hours of 9am-5pm. 58% of industrial espionage is perpetrated by current or former employees.»» 80% of computer crime is committed by insiders. They manage to steal $100 million by some estimates; $1 billion by others. 48% of large companies blame their worst security breaches on employees. 64% of employees say they use the Internet for personal interest during working hours. 70% of all Internet porn traffic occurs during the nine-to-five work day. 37% of workers say they surf the web constantly at work. 90% of employees feel the Internet can be addictive, and 41 percent admit to personal surfing at work for more than three hours per week. 25% of corporate Internet traffic is considered to be unrelated to work. 30-40% of lost productivity is accounted for by cyber-slacking. 32.6% of workers surf the net with no specific objective; men are twice as likely as women. 27% of Fortune 500 organizations have defended themselves against claims of sexual harassment stemming from inappropriate email. 90% of respondents (primarily large corporations and government agencies) detected computer security breaches within the previous 12 months, 80% acknowledged financial losses due to computer breaches, 44% were willing and/or able to quantify their losses, at more than $455 million. Solutions One solution to the problem, beyond simply disabling the connections or depending on sometimes unreliable URL blockers, is to use Internet monitoring systems (see GFI whitepaper: Internet monitoring ). According to IDC, 77.7% of major US companies keep tabs on employees by checking their email, Internet, phone calls, computer files, or by videotaping them at work. 63% of companies monitor workers Internet connections and 47% store and review employee email. Acceptable Use Policy While monitoring has been an effective tool in identifying abusers and cyber-slackers, Human Resources experts, as well as the courts agree that it needs to be accompanied by evidence of a duty of care intended to reduce unacceptable employee activity. A key aspect of this is what is commonly referred to as an Acceptable Use Policy. Nearly every enterprise has a specified set of rules, usually spelled out in an employee handbook, that an employee has to acknowledge by signature that he or she has read and understood. Some of these policies, such as that against racial or religious discrimination and mandatory email archiving are required by law or regulation. Others may reflect common business ethics or a particular company s culture such as prohibitions against drinking, unexcused absences, sexual harassment and the like. Policies also include a set of sanctions that can be used against persons who violate the company s policies. They also provide a legally defensible basis for disciplinary action, up to and including termination. 3

One key advantage to policies like this is that while, traditionally, employers have been held responsible and liable for their actions in the workplace, the presence of policies prohibiting such actions has served as a liability shield that can completely or partially protect that company from lawsuits arising actions from employees acting in contravention of the policies. To safeguard its electronic communications, every company, large or small, should have an Acceptable Use Policy in place that governs Internet, email and computer use in the business. In essence, an Acceptable Use Policy serves as guidance for staff and volunteers on the behavior and use of technology that is approved by the organization. The policy should also detail the consequences that company personnel can expect to face for the abuse of this technology. What should be in an Acceptable Use Policy? As discussed earlier, monitoring voice mail, email and Internet use is generally legal, provided the employer has created and effectively communicated an Acceptable Use Policy. While the exact wording of the AUP will vary from company to company, there are some general guidelines on how an organization communicates such policies to its workers. The key goal of an AUP is to eliminate any employee expectations that these means of communication or use of computers, email and the Internet at work are confidential. The policy must be non-discriminatory and it should prohibit all forms of non-business related communications. To this end, the policy informs employees that the employer may access, search and monitor voice mail, email or company files of any employee that are created, stored or deleted from company computer systems. The policy must be uniformly enforced through employee education, ongoing monitoring and appropriate discipline. Obtaining prior consent will generally protect employers from liability. Ideally an AUP should do the following:»» Define what systems are covered by the policy, e.g., voice mail, email, Internet, and computer systems and files. Specify that an employer s computer systems are for business purposes only, and all files and messages are company property. If the company chooses to allow some personal use, the policy should caveat this by forbidding personal use that interferes with an employee s work or that of others (e.g., prohibiting non-work related websites such as chat rooms, games, travel, shopping, stock trading, hate/discrimination, pornography, etc.). Specifically ban transmitting or downloading of material that is discriminatory, defamatory, harassing, insulting, offensive, pornographic or obscene. Prohibit copying and sending any confidential or proprietary information, or software that is protected by copyright and other laws protecting intellectual property. Prohibit unauthorized access by employees of other employees electronic communications. Warn employees that any misuse will be subject to discipline, up to and including termination. Advise and emphasize employees that they have no right to expect that their communications or use of employer s computer information systems is either confidential or private. After the AUP is drafted, organizations should require the employees to sign the AUP. Some companies have also taken the further step of installing an on-screen warning about their electronic communications policy that appears every time employees log onto their computers. 4

Summary Misuse of the Internet, email and computers in the workplace represents a serious and growing challenge to every organization, regardless of size. In addition to potential illegal activity, disclosure of company secrets and introduction of malware, misuse of these systems has a real dollar cost in terms of lost productivity. To date, the most successful means of combating this has been through monitoring, by a variety of means. The first step in any organization s defensive measures against abuse is a prior consent statement, commonly referred to as an Acceptable Use Policy that specifies that employees have no right to an expectation of privacy with respect to their use of business computers, email systems and Internet connections. The AUP also details unacceptable activities, specifies sanctions, advises of the potential for monitoring and places responsibility for inappropriate behavior on the employee who transgresses those rules. The AUP should be widely disseminated and employees required signing and acknowledging their understanding of it. In addition to providing employees throughout the organization with clear definition of the organization s expectations, a properly executed AUP can serve as a liability shield for the organization in the event of misbehavior by an employee, as well as a legally sanctioned basis for disciplinary actions, including termination. About GFI GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SMEs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com. 5

USA, CANADA AND CENTRAL AND SOUTH AMERICA 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com Disclaimer 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, outof-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information