usage policy business analyst and technical writer

 Home  Who We Help  Services  Approach  Case Studies  Resources  Contacts  About Us


Computers and the Internet are powerful tools. They allow us to perform activities that were unimaginable a decade ago. Who would have thought you could make an airline reservation, issue a press release or be in instant communication with anyone in the world right from your desktop?

Alas, like any technological innovation, there is a dark side. It is equally easy for people to view pornography, communicate with friends and conduct personal activities from those desktops.

Suppose an employee installs personal software on a company computer and attaches an MP3 player, camera, or flash drive to the computer. Now what if the software interferes with the normal operation of the computer or the device damages the PC? What would you do? Who is responsible?

There is no way to completely eliminate unwanted activities. However, having a clearly written computer usage policy makes it much easier to deal with abusive behavior. Don't wait for trouble to occur. Follow the guidelines outlined below before you find yourself dealing with employee misconduct.

In establishing most corporate policies, it is best to provide clear guidelines but not be overly restrictive. (The exceptions relate to policies regarding discrimination, sexual harassment and any area governed by law or regulation.) You might start by speaking with colleagues at firms similar to your own to determine what policies they have. Why? Because if employees conclude that your policies are outside the norm, they will seek ways to bend the rules resulting in an uncontrollable situation.

It is best to trust and monitor with the focus being the employee's job productivity not their possible misconduct. Don't go overboard.

Here are seven guidelines to consider.
  1. Limit computer access to those employees who have a legitimate business need. Provide shared computers for those employees who have only occasional needs such as updating documentation or retrieving files. Similarly, for employees with computers, consider limiting Internet and e-mail access to those with a demonstrable need.

  2. Educate employees about software piracy. Specify that only software properly licensed by the company may be installed on computers. Consider granting some leeway with regard to freeware or open-source software such as the Firebird web browser as long as the software serves a legitimate business purpose. Let everyone know that any software installed without proper authorization is subject to removal at any time and without prior notice.

  3. Stipulate that the company's e-mail and other networked systems are to be used strictly as business tools. But that's not enough. Provide guidance as to what is, and what is not, considered appropriate business use. Remember, some personal use of your company's e-mail and Internet systems will be warranted. Most people work hard. They occasionally need to contact family members or make online purchases. For the sake of morale and retention, demonstrate a willingness to accommodate employees' needs and let them know how much personal use is acceptable and when, such as at break.

  4. Make reference to your anti-discrimination and sexual harassment policies. E-mail tends to be relaxed and informal which may lead to inappropriate comments. Make it clear that any such comments are subject to disciplinary action including termination. Desktop wallpaper is also prone to such abuse.

  5. Address the issues of ownership and privacy. Let employees know that computers, software and information stored on them belong to the company. As such, e-mail, documents and web browser activities are not private and may be monitored.

  6. Insist that passwords be complex, changed periodically and not be written down near the computer. Passwords should contain a mixture of random characters, symbols, and numbers, not dictionary words. They should never be shared.

  7. Specify that external devices should not be attached to company computers without permission or at least provide guidelines as to what is acceptable and what is not.

Roll out the guidelines in a positive way. Explain why they are needed and that all employees will benefit from the protections provided. Periodically, update and re-distribute the guidelines both to stay current with changes in technology and to reinforce the message.

Every employee, contractor and freelancer who uses company systems should be given a paper copy of the usage policy to review and sign. They should have the opportunity to ask questions prior to confirming that they understand and accept the guidelines. Anytime the policy is updated, it should be re-distributed and signed again.

If you have an information technology (IT) group, have them perform some simple monitoring functions.

Consider creating a list of websites that will be blocked and thus inaccessible to anyone on the network. There are many such "content filtering" tools available. For example, Microsoft has a product called Internet Security and Acceleration (ISA) Server. Several third parties sell ISA add-on products that perform content filtering. There is no possible way to block all inappropriate websites but if you make a good faith effort to restrict such activity, you'll be in a better position to deal with problems.

Even if you don't have an IT group as such, identify an individual or group of individuals to keep your computer usage policy current and in force. Be sure that all your managers receive training, or at least instructions, in what to look for and how to deal with usage violations.

A computer is likely to be the most powerful business tool you can provide to an employee. Like any power tool, it can easily be misused. By establishing clear and reasonable guidelines, you'll get more value out of those computers while providing a safe and friendly work environment.

Vin D'Amico is Founder and President of DAMICON, your ADJUNCT CIO™. He is an expert in leveraging open software to drive growth. DAMICON provides Freelance Technical Writing, IT Disaster Response Planning, and Network Security Management services to firms throughout New England.

This article appeared in Vin's monthly Virtual Business column for the IndUS Business Journal in July 2005.

To learn more about how DAMICON can help your business, please take a look at our service programs.

Virtual Business

Virtual Business

This column appears monthly in the IndUS Business Journal.