1-sqHello. It’s me. Can we talk? It’s about Dan. He keeps surfing to, well, those places, during the work day, when people are around…it’s like he doesn’t have any shame or sense of propriety. The other day I was walking a candidate for that open role through the office, and you could see from across the bullpen what Dan was looking at, and it wasn’t biology homework! Isn’t there something, anything, you can do?

Does that scenario sound familiar to you? If you don’t have an Internet Usage Policy, it very well might be something you have already had, or will have in the near future. We all have Dans. Some of us have Internet filtering software. All of us should have an Internet Usage Policy, and if you don’t, it’s well past time for you to do something about it! An Internet Usage Policy, often referred to as an Acceptable Use Policy, is a document that all employees need to read and understand, and be held accountable to, if you are going to give them Internet access.

What it needs to include

An Internet Usage Policy, or IUP, needs to spell out in clear, easy to understand terms, exactly what is and is not acceptable when it comes to accessing the internet on both company time, and when using company resources. Don’t overlook the need for after-hours specifics, or the use of mobile gear and company-paid for access through cellular MiFi devices or hotel Internet access. And don’t try to spell out each and every website that is prohibited or permitted either. Do make clear though that internet access is a privilege that can be revoked, and while some recreational or personal use may be tolerated, abuse will result in the loss of privilege, and said abuse can come from excessive recreational use during work hours, or accessing any content that could be deemed offensive or inappropriate, or using corporate resources for illegal purposes. Try to ensure that the “offensive or inappropriate” determinations are subject to common sense and or management oversite, lest you have someone complain because they notice a user accessing CNN when they are a USA Today supporter!

How it needs to be written

Use clear language. Make it easy to read and to understand without requiring that you have a technical background. You want every single user in your company who uses a computer with internet access to be able to understand what is and is not appropriate. Spell out what categories of content are not appropriate for work (adult content, violence, politics, religion, etc.) and make sure it’s clear that if internet access interferes with an employee’s job performance, or is causing an issue within the team or work area, the privilege can be revoked. Click here if you would like a sample of an internet usage policy.

When it needs to be reviewed

All new hires should review the IUP during their onboarding, and all employees should review it at least annually to ensure everyone knows what is expected of them. Use a short, simple quiz to test users’ comprehension and ensure that they either electronically acknowledge or wet-signature sign the IUP so that you can enforce it later should problems arise.

When it needs to be revised

The IUP should be reviewed for accuracy and applicability at least annually, and updated whenever new technologies become available. That could be when the company decides to issue tablets or cellular modems to users, changes their VPN so that split-tunneling is allowed, or when a new technology is adopted by the company for use online.

Having an Internet Usage Policy is one of the things every business with employees needs to have. It doesn’t have to be 100 pages long, and it doesn’t have to be written by a lawyer, but it does need to spell out what is and isn’t okay using language your employees can understand. It needs to be reviewed, and it needs to be enforced. Otherwise, Dan will continue to do whatever he wants, and you can deal with HR! And if you think enforcement of the IUP is going to be an issue, look into a Web Filtering Solution such as GFI WebMonitor, which can both block inappropriate content, and filter out malware since even the most important partners and vendors or the most trustworthy sites can be exploited and host malware.