Collaboration

Craft your own Internet usage policy with this sample

Mike Mullins provides a general guideline for Internet and intranet usage in your organization and encourages you to educate users by distributing a formal Internet usage policy.

Editor's Note: This article was originally published on TechRepublic January 3, 2007.

The Internet is an important resource for your customers and employees. It is imperative that you inform your users about the purpose and use of the company Intranet and Internet. By educating your users and setting out a clear policy, you'll gain a valuable ally in protecting company assets when users are on the network. The guidelines I present here are generic and should be modified to fit your business model.

Standard Internet guideline

These guidelines will help you find appropriate uses of the Internet for YOURCOMPANY business purposes.

Overview

This guideline does not contain all of the do's and don'ts of Internet usage. While this guideline will list examples of improper usage, your good judgment and common sense are essential to guiding you on the appropriate uses of the Internet and will help protect YOURCOMPANY resources.

Contractors can use the Internet for YOURCOMPANY business purposes in order to fulfill their contracted assignment. Their usage must adhere to the guidelines within this policy.

General principles

Your first obligation as a user is to protect YOURCOMPANY information assets. The assets that comprise the YOURCOMPANY network are business assets and should not be considered personal assets. Here are the general principles for Internet use for YOURCOMPANY business purposes:

  • Material that would be considered inappropriate, offensive or disrespectful to others will not be accessed or stored
  • Any software downloaded or installed on YOURCOMPANY assets must comply with applicable licensing agreements and copyrights
  • Use only network services you have authorization to access
  • Do not send material classified for internal use only via the Internet

Specifically, the Internet should not be used:

  • For personal gain or profit
  • To represent yourself as someone else
  • To provide information about employees to persons or businesses not authorized to possess that information
  • When it interferes with your job or the jobs of other employees
  • When it interferes with the operation of the Internet for other users

Consult with your manager if in doubt about any use of the Internet.

Data classification

Personnel records and financial information that is stored on the network is considered information for internal use only. This information, along with other proprietary information will not be sent via the Internet. Managers can make exceptions for sending YOURCOMPANY internal-use-only material when appropriate encryption is used.

External communication

Electronic mail or e-mail is the most commonly used form of communication on the Internet. When communicating outside YOURCOMPANY, remember:

  • No form of chain letter will be sent using YOURCOMPANY assets
  • Do not send e-mail so that it appears to have come from someone else
  • Do not automatically forward your e-mail to a non-YOURCOMPANY e-mail address
  • Telnet: or trying to remotely access a system you are not authorized to use is not permitted. Unless you have prior authorization, do not run port or vulnerability discovery programs or try to get into open ports.
  • When downloading software, you must comply with YOURCOMPANY procedures for the importation of software, even if it's "public domain." As a courtesy to others, try to do large file transfers during off hours.

If you have any questions regarding Internet usage, contact your manager.

Final thoughts

The guideline I've given you may not cover all the aspects of your network, yet it will give you a good starting point if you don't have a policy in place already. Enlist your user population in your security effort by putting out some simple do's and don'ts on Internet usage. Controlling Internet usage is not a difficult task. It involves putting together some guidelines and distributing those guidelines to the users, then educating your users. Once your users are informed on what they can and can't do on the network, enforce your guidelines. Don't forget to modify your guidelines as your business and network grow.

Do you have a guideline for Internet usage in place? How does your guideline differ from the one that is presented?

Editor's Picks