After Hours

Update your Internet use policy to stop download abuse

Establishing a media download policy could stop the proliferation of MP3 files that are clogging your network. This article looks at the problem and offers ideas for creating a download policy.

Users who download and store MP3 collections on company equipment and network not only hog bandwidth but also are exposing your network to security breaches and your company to copyright infringement liability.

IT managers are often charged with curbing or stopping this type of download abuse. One way to address the problem is to create a media use clause and add it to your company’s Internet usage policy. In this article, we’ll look at why such a clause is important and how to create one.

Why should you care?
IT managers should monitor how users use an organization’s Internet access because of concerns about:
  • Bandwidth and storage issues
  • Security threats
  • Copyright infringement

Bandwidth and storage issues
MP3s, video files, and other large downloads can hog bandwidth and storage space. These downloaded files, if left unchecked, can slow the online access speeds across an entire organization.

Two TechRepublic members offered their methods for dealing with MP3s. In both cases, these members hunt down and delete the MP3 files.

B. Waggoner said he takes action when “…users clog either network bandwidth or network drives with MP3s…they affect the efficiency of every other user on the network…enjoy your MP3 collection until I find time to delete (it), because I will.”

W. Sparling said a company policy prohibits the “…downloading or storing of MP3s on our network—anywhere including your ‘personal’ directories. If you don't follow the policies and download files, they are gone.”

Security threats
Online browsing and downloading can expose an organization to viruses. Even using file-swapping services (and there are many new services besides the popular Morpheus and Napster) can invite viruses into an organization.

Installing firewalls and other security applications is one way to address security. A second way is to educate users on the dangers inherent in e-mail attachments or other files.

Users, however, are not always easy to train. “The user community is notoriously difficult to educate,” said Tom Turner, director of marketing for Okena, a provider of intrusion prevention security products.

“We always say that if e-mail users receive an application [that] says, ‘Do not open. This is a virus,’ 90 percent of them are still going to open it,” he said.

Yet, according to a past TechRepublic survey, 59 percent of organizations allow all types of attachments. This survey demonstrates why it is important to train users how to protect systems from the viruses found in attachments or other online files.

Most respondents said their company policy allows all types of e-mail attachments.

Copyright infringement
Another consideration for IT managers is the possibility that downloaded files violate copyright laws. Many songs, photographs, videos, designs, and some text are protected.

If your users are downloading and storing copyright material on company equipment, they’re guilty of copyright infringement.

“If you are taking something that’s not been legally obtained, then the person who uses it, or the person who has it stored in their computer, is infringing the copyright,” said David Radack, an intellectual property attorney with Eckert Seamanns Cherin & Mellott in Pittsburgh.

Yet, often the organization, not the individual, will face charges for violating copyrights.

A manager should be armed with a policy that addresses MP3 and similar files. With an organization-backed policy, the manager is free to delete, block, or monitor whatever he or she needs to in order to keep systems functioning for their intended use.

A policy cannot protect an organization from litigation, but it can lessen the amount of damages awarded to a plaintiff in a case, Radack said. The amount of damages can be limited if you show that you were not a willful infringer.

Create a media usage clause
TechRepublic reviewed policies from over 50 organizations in North America. During the review, it became evident that many organizations address downloads and similar files in a larger policy about users’ e-mail and Internet use.

Below are samples of media provisions that you can modify and place in an Internet or e-mail policy.
  • “Staff must presuppose that all materials on the Internet are copyright and/or patented unless specific notices state otherwise. Downloading and storing copyright material on company equipment is prohibited.”
  • “Bandwidth both within the company and in connecting to the Internet is a shared, finite resource. Staff must make reasonable efforts to use this resource in ways that do not negatively affect other employees. Specific departments may set guidelines on bandwidth use and resource allocation.”
  • “Under no circumstance are staff allowed to overload networks with excessive data or waste computer time, connectivity access, disk space, or other company resources for personal use.”
  • “Electronic communication resources are limited. Employees should conserve these resources and must not deliberately perform actions that waste resources or monopolize them to the exclusion of other employees. This includes subscribing to list servers or Web sites not directly related to job responsibilities, spending extensive time on the Internet, and downloading nonwork files.”
  • “We have the right to monitor company computer systems, including Web sites, chat rooms, and news groups visited by users. We can review material uploaded or downloaded to or from the Internet, e-mails, and attachments sent and received by users.”

How do you keep users in check?
Tell us what strategy you use to keep users from building private music collections on company equipment. Drop us a line and tell us about it or start a discussion.


Editor's Picks

Free Newsletters, In your Inbox