Purpose of an Internet usage policy is to define what is allowed or not when using network and establish Internet connections, so that company workers and collaborators can carry out their activities in an environment safe and quality.
When making a policy for use of Internet, we must consider their objective, which is none other than to establish guidelines and norms to establish security in all forms of use, taking into account culture of company, without lose sight of business strategy, always considering needs of interested parties and thus offering all customers a safe and quality service.
Previous definition of points to consider when making the policy, it should be noted that policy will impact the entire company, so it cannot be treated randomly and apply only to one area of company. The idea is to promote awareness throughout company structure and facilitate the correct development of work with all interested parties.
Therefore, here are 10 tips to keep in mind when making a policy for Internet use:
1. The document with description of permitted and non-permitted uses must be available at all times to any interested party of company. It should be published on intranet or available in a shared folder in a readable and non-editable format.
2. It will be necessary to assign responsibility for document management to a person from company with sufficient knowledge to establish this policy. It will also be convenient for you to know security requirements of organization to validate that all established guidelines can be put into operation and adjust to existing operational network.
3. 3. It is important to meet with departments heads of company to reflect on needs of each one and to align policy with all of them, thus allowing adaptation of guidelines that allow for smooth and effective development of all activities and services offered by company.
4. 4. Specifying, based on classification of predefined information in your company, how e-mail, printers and photocopiers should be used, that it is allowed to send/print and/or copy and under which security conditions it is necessary to do so, specifying which contents cannot be treated through Internet network. Considering possible vulnerabilities of your company’s network by investigating different data and advice provided by competent authorities, thus making a policy that meets both needs of company and latest updates and trends.
5.Considering possible vulnerabilities that your company’s network has by investigating different data and advice provided by competent authorities, thus making a policy that is tailored both to needs of the company and to the latest updates and trends.
6.In case of making changes in Internet use policy, it will always be necessary to evaluate impact that any change will have on the company and guaranteeing that all modifications made will come to the knowledge of all interested parties.
7. Make clear which will be measures to adopt in case of non-compliance or violation of any aspect indicated in the policy.
8. Try to protect all networks and Internet connections, both for internal and external devices, prohibiting access to those unauthorized websites, installing an antivirus on all devices in addition to one or more firewalls in the company’s network structure.
9.Inform users that company’s internal network can only be used for professional purposes, specifying which websites are allowed to access through the network.
10.Finally, formalize an Internet use policy signed and validated by the Directorate-General that ensures endorsement of established measures and interested parties understand the importance of it.
Following these points, you can establish a suitable Internet use policy for your organization, taking into account its needs and ensuring provision of a safe and quality service.
In our company GlobalSuite Solutions we have an expert team inthe implementation of Information SecurityManagement Systems,who can help you improve the security management in your company. The GlobalSuite® software,entirely developed by our team, allows us to maintain any management system by centralizing all regulatory requirements and managing it efficiently and with full traceability.