Most organisations have measures in place to protect their systems from spyware and viruses. They use spam filters to cut down on unsolicited emails and have a firewall in place to minimise exposure to hacking.

Even if more recent developments such as blogs and instant messaging have yet to be addressed by many, existing efforts indicate a broad awareness of the risks of internet use and the need to put measures in place. But many small organisations have yet to develop formal written policies.

This is a dangerous oversight because workplace use and misuse of internet-based systems can create many areas of risk that cannot be addressed by software tools and systems alone. Employees with workplace internet access can create potential risks relating to productivity, responsibility, privacy, security and legal liability. Let this go unchecked and you could expose your business to an assortment of problems.

While you may know not to email a client database to a friend who sells double glazing, download hundreds of MP3 files, open a message promising naked shots of Anna Kournikova or discuss the MD’s plans for expansion in a blog exchange, not everyone is blessed with your smarts.

Loud and clear

A written policy should clarify any uncertainty regarding these areas. Once people understand the implications of their behaviour, most will think twice before doing something that might harm their career. It pays to ensure that employees are clear about what is, and what is not, considered acceptable use of the internet.

The potential problem areas include accidental or deliberate release of confidential or sensitive business information, time wasting or cyberslacking, pirating copyrighted materials, installing unlicensed software, creating a hostile workplace by downloading and distributing offensive material, system performance problems caused by huge audio or video downloads, and the increased risk of virus and hacker attacks.

Because the list is evolving along with our use of the internet, even those with a policy in place need to ensure it remains current, while those without a policy should introduce one. And both need to make all employees aware of its contents, keep them up-to-date on changes and make clear any action that could be taken against those who break the policy guidelines.

Email has the same legal status as the printed word: a seemingly casual email discussion between two companies could be used to prove contractual agreement, and it is possible for any employer to be held liable for email abuse carried out by their employees. Both internal and external communications are potentially actionable for breaches of legislation ranging from the Data Protection Act through copyright, defamation and libel, to sexual harassment.

Where email use is concerned, ignorance is no defence and inaction can lead to a fine or a jail sentence. Because of this, it is not a good idea to leave decisions about the retention and storage of electronic documents or correspondence to the individuals who create or receive them, no matter how convenient it might seem.

There are lots of specialist computer-based tools available to help with this, but they don’t come cheap. However, a visit to the Business Archives Council of Scotland at www.archives.gla.ac.uk/bacs/electronic-records.html can help to clarify the issues – and it’s free. So, although our growing dependence on email can create increased business costs, it doesn’t have to.

Have you got the message?

Millions of instant messaging (IM) messages are sent each day from unauthorised and uncontrolled corporate networks ­ and they are a nightmare to manage.

Free public IM systems such as AOL AIM, ICQ and MSN Messenger can be downloaded and installed on workplace systems easily. And many companies haven’t a clue how many ‘unofficial’ applications are in use by staff. IM can expose a business to a wealth of privacy and security risks ­ ranging from IM worms and viruses to data protection and privacy.

Dealing with IM isn’t easy. Some organisations have banned it while others have adopted ‘private’ IM networks such as Lotus Sametime. Some use control products such as Intergate Intercept or IM Auditor (from FaceTime) to monitor its use.
Many more have simply chosen to ignore IM. If you are one of those companies, beware ­ you have a ticking time bomb in your midst.

Lesley Meall is a freelance journalist

For more you can visit:
www.out-law.com
www.ico.gov.uk
www.cipd.co.uk
www.businesslink.gov.uk