April 14, 2020
Internet and email communications are essential for performing modern business tasks, but companies must put rules in place to reduce the risks that come along with those technologies. This policy offers guidelines to help ensure that both IT and users follow safe practices when using electronic communications such as messaging services, social media, and email tools.
From the policy:
Internet use in the course of conducting business is a foregone conclusion. For most industries, lacking access is an encumbrance, at best, to getting things done. However, significant risk accompanies internet access—viruses, ransomware, and data theft can result from unsafe practices, though infection can occur just from connecting an unsecured system to the network. Likewise, insider threats—such as the improper access or transfer of data—are important considerations when analyzing your security strategy.
This policy sets forth guidelines for the use of the internet, as well as internet-powered communication services, including email, proprietary group messaging services (e.g., Slack), and social networking services (e.g., Facebook, Twitter) in business contexts. It also covers Internet of Things (IoT) use, and bring-your-own-device (BYOD) practices.
You can customize this policy as needed to fit the requirements of your organization.
Generally, this policy assumes that:
- Your organization permits personal internet use by employees, within reason.
- Your organization uses internet content/security filtering software.
- Backups, including compliance-related data retention, is automated by software.