Abstract:
Your fundamental inspiration driving any new policy profoundly affects how you make it. In the event that your inspiration is to tell representatives what they can’t do in light of the fact that you don’t confide in them, your policy will mirror that paying little heed to how hard you attempt to mask it. When the Company has the right to audit, intercept, retrieve, monitor, access, block, review, copy, delete, and/or disclose any communication and Internet usage, including social media, when Company systems or devices are used for any purpose, with or without prior notice.
This policy is essential so as to arrive at a quite certain objective: To enable and prepare representatives to play out their best at work. When you actualize a policy, a colleague comprehends what the executives expects of them. For this situation, you furnish an individual with the learning of how they should access and utilize organization property. By doing this, you are sparing them from being ruined later on.
Improper usage of Company systems and/or devices may result in revocation of use and/or disciplinary action up to and including termination of employment.
Overview:
Purpose:
Company-provided electronic systems and devices, any content stored on Company systems and devices, and business content stored on personally-owned devices are the sole property of the Company. Use of personally-owned electronic devices for business use must be pre-approved by your leader. Devices include all computers, laptops, smart phones, workbooks, tablets, and any similar equipment.
Policy:
Internet Usage Policy:
This Employee Internet Usage Policy is ready to be tailored for your companys needs and should be considered a starting point for setting up your policies regarding computer usage for employees. May also be called Employee Internet Policy, Company Internet Policy or Computer Usage Policy.
Acceptable Usage Policy for Emails:
1) Business Emails:
In spite of the fact that it might appear clearly evident, your policy ought to be certain that the utilization of a business email address is for business as it were. Having this type of implications will restrict the user to send bulk emails etc. You may draw an unmistakable line that any close to home utilization of business email is carefully precluded, or your policy could incorporate rules on the most proficient method to deal with individual email in light of the fact that there are times when an individual issue may be talked about on a business email account. These rules could incorporate stipulations, for example, restricting the measure of time your representatives can send individual messages and forbidding the utilization of business email to pursue accounts not identified with work. This means that personal conversations on a business managed emails are prohibited.
2) Emails Are Company Property
A policy has to be strictly implemented when there is Business transactions or conversation over email is done. All email that are sent to and received to the company has to be monitored, this mean all email conversations such as sent, draft, outbox, Trash etc. has to be monitored and should have a retention policy that keeps the email and the content of the email itself and will not delete after a certain period of time. At the time or if there is any case of legal issues or anything, As an employer you have the right to read the email alongside of monitoring them.
3) Email Security:
Providing security to the emails and content sent received over the emails is very challenging and cannot be achieved 100% without the support of the end user. What this means is that even if the emails are transferred over a secure channel and behind the firewalls and DMZs if the user is not aware of what the content or send information then they can be a victim of Phishing or Social Engineering based attacks. In the real time scenario, when an attackers picks a target enterprise or an individual the best way to infiltrate to the system is Phishing, Especially Spear Phishing where the recipients will mostly not be able to figure out the credibility of the email received.
Recent Case Study:
According to the study done by Symantec, an estimated 50% of cyber attacks on companies start with Phishing. Like mentioned above if an attackers has the target chosen then Phishing is considered the best way to infiltrate first then eventually leading to data exfiltration. There are many numbers of way to avoid this kind of situations some of them are listed below
Few steps to follow to avoid being phished:
Caution to be maintained when an email or text received from a unknown sender.
Never open attachments, Links, click on images etc that are received from unknown sources, even if the links looks legitimate.
Never open the URL or Click on them that are sent in the email or texts.
Without a proper validation of the email sender or text, sensitive information of any kind should not be given or sent across.
Always use encrypted email services when sending sensitive information. Never disclose personal information until then credibility of the requester is verified.
4) Restricted Content/Text/Emails:
Its always worthwhile to be explicit about the types of communications that are prohibited by company policy, primarily in the interest of heading off bad or illegal behavior and protecting the company from liability. For example, you may want to specify that emails sent through your companys system:
May not be used to harass or make threats, nor be offensive or disruptive in nature.
May not include language or images related to race, gender, age, sexual orientation, pornography, religious or political beliefs, national origin, or disability.
6) Retention Policy
Your email policy should explain what emails should be retained, where and for how long. Keep in mind that different industries and businesses may be subject to different regulatory standards.
6.1) Unknown Emails
Employees should report to the concerned superior or Manager or to the IT department if they receive any email that is suspicious or unknown. Escalating this kind of information to the team mates or to the member of the right departments will definitely help prevent many phishing based attacks or even help to block any further of similar content.
7) Preferences
Mostly Preferences or etiquette of email is left to the user choice, There are no specific guidelines or some kind of policy rules that needs to be followed when having some of these preferred settings.
For Example:
Email Forwarding: This option lets the user of the email recepeint or sender to have the content to be forwarded to another person. This option some time is strictly restricted when sensitive information is being shared over the email, such as Passwords or Access IDs etc. This has to be monitored and should have a policy when there are no alternatives present.
Response Time: This setting are something that are enforced when a specific emails are received from a alarming or cautious sender. In this case the recipient has a specific amount of time that the response or acknowledgement has to be sent across.
Email Signature: Some of the employee like to have their credentials in the signature in every email sent.
8) Penalties:
Even if there are number of policies strictly implemented it is in vain if it is not enforced. This means if an employee fails to comply or follow the guideless the individual must face the repercussions. Every single person in the company must and should be aware of consequences of not following the rules.
Wifi/Internet Usage Policy for Employee:
Our employee internet usage policy outlines our guidelines for using our companys internet connection, network and equipment. We want to avoid inappropriate or illegal internet use that creates risks for our companys legality and reputation.
1. Usage Flexibility:
You would prefer not to place employees in a crate. By executing an excessive number of superfluous limitations, you’re not representing numerous circumstances that may emerge essentially on the grounds that employees are genuine individuals with genuine lives. Expecting colleagues to utilize the internet ONLY for business related exercises is irrational nowadays. There are numerous circumstances when somebody may need to deal with private concern on the clock. We’ll get into those in the blink of an eye, yet for the time being, center around this: When you take into consideration adaptability in the policy you make, you wind up making a domain of trust.
2. Ease:
How does a lawful policy laying out denied practices make opportunity? All things considered, it’s sort of a two-advance procedure that requires participation from two gatherings. Stage one, as examined above, is to ensure your policy takes into account adaptability. This builds up a climate concentrated on trust. It ought to be clarified by a chief or director that a colleague’s emphasis ought to be on yield and worth include, not standards and confinements. Realizing that, an individual is allowed to explore a PC, internet, or different assets as they pick, as long as their emphasis is on their yield.
On the off chance that we make and keep up a certifiable culture of trust, genuine opportunity ought to flourish.
3. Company Culture:
Discussing society, what does yours resemble? On the off chance that it’s not exactly where you’d like it to be, you can find a way to improve it. I recently expounded on an essential instrument for making the perfect office culture. Likewise, you’ll have to build up your qualities before you can approach this quality. When you have a group of individuals who are cheerful, connected with and see how they fit into the organization’s main goal, you can make an IUP that is intelligent of those thoughts.
4. Should relate to employee:
This point is a side project of the past one, yet at the same time worth featuring. Here’s the association: Your IUP ought to be intelligent of your way of life, and your way of life ought to be intelligent of the individuals who work in your association. You wouldn’t build up all-encompassing organization esteems that don’t make a difference to the employees, and you shouldn’t make a policy that doesn’t consider the individuals it will relate.
Enforcing the Policies (Internet/Wifi Usage Policy):
When you’ve adjusted our example Internet Usage Policy and you’re prepared to execute it, or when new individuals join your group after its execution, the record ought to be unmistakably disclosed to everybody it applies to. It ought to be given specific consideration separated from other desk work. Try not to minimize its significance by tossing it in a pile of papers. A few organizations go hard and fast and have all out instructional meetings to clear up any perplexity or uncertainty.
Leave a lot of chances for inquiries or explanations and remind everybody this is made to engage them. Lastly, colleagues need to sign and date the policy, indicating they comprehend its substance.
Your Internet Usage Policy is an ideal open door for you to exhibit your promise to bettering the group and their presentation. It’s an opportunity to be proactive. You’re getting before struggle by giving each colleague the learning they should be effective in their utilization of the internet.
Keep in mind that employees need to recognize what’s anticipated from them in all parts of their activity. In any case, since internet usage is the essential strategy for completing work, that might be an amazing spot to coordinate your concentration before you investigate different territories of your way of life that need consideration.