IT policies for your business

Does your company have an information technology (IT) policy? If so, when did you last update it and do your employees know it exists? This article looks at the pros and cons of your employees' internet access and what you can do to develop a policy around this.

Benefits and pitfalls

Do you provide your employees with portable devices such as iPhones, iPads, Blackberries or laptops? Do you allow your employees to access your business' network using their own portable devices? Does your IT policy adequately address the security risks arising from your employees using portable devices?

We have all heard or read of horror stories about emails written in anger and sent in haste (occasionally these end up plastered across the front page of the New Zealand Herald). Does your IT policy set out what is and what isn't acceptable when sending internal and external communications (including emails, texts and communications on letterhead)?

Social media sites such as Facebook, Twitter, YouTube, Pinterest and LinkedIn, amongst others, provide a myriad of marketing and networking opportunities for some businesses. Various issues can arise, however, from employees' misuse of company email, internet and social media; these could include:

  • Loss of productivity
  • Increased internet connection costs
  • Reduction of internet speed due to high use/downloading which can affect business efciency
  • Inadvertent or intentional disclosure of confidential and/or commercially sensitive information
  • Damage to your business' reputation as a result of negative comments made by employees in emails or on social media sites, and
  • Allegations of bullying or harassment as a result of derogatory comments posted on social media sites by one employee about another employee.

What does a good IT policy contain?

A good policy will:

  • State your business' position on your employees' personal use of work email, work devices such as computers and smart phones, internet and social media sites stipulating what level of personal use (if any) is acceptable
  • Set out the types of behaviour which are deemed unacceptable, for instance, making intimidating or derogatory comments about other employees or clients, or disclosing confidential information
  • Address security risks, for example, the use and disclosure of passwords, and protection of confidential information
  • Confirm that your business owns any equipment/portable devices provided to employees and all information contained on them
  • Advise whether your employees can access your business network via their own portable devices/home computers and, if so, the limitations you wish to place around that
  • Set out the steps you take to monitor your employees' business and personal use of work email, work devices such as computers and smart phones, and their internet use. If you allow employees to access your network via personal devices then you should stipulate the steps you can take to monitor their use of personal devices to do that
  • Specify the extent to which (if at all) it's acceptable for employees to refer to your business or other employees in blogs or on social media sites. Point out to employees that information posted on social media sites may not be private
  • If you require employees to maintain company blogs, or social media sites, set guidelines for the type of content that's appropriate, and
  • State what steps may be taken if an employee breaches your IT policy.

The key to any good policy is that it should reflect the culture of your business, should be easy to understand and accessible to all your employees.

The start of the year provides a good opportunity for all businesses to review, update or implement an enduring and robust IT policy. A good policy can be proactively used to manage risk while maximising the benefits that email, portable devices, the internet and social media can deliver to your business.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

James & Wells Intellectual Property, three time winner of the New Zealand Intellectual Property Laws Award and first IP firm in the world to achieve CEMARS® certification.