Suggested Technology Policies
All pages and content copyright 1999-2004 Stephen Malm Consulting & Services
A large percentage of my billable time with clients is correcting avoidable problems associated with open IT policies. Additionally, I see many clients loosing money due to technology abuse by employees.
Please consult legal representation prior to implementing any IT Policies.
The following are suggested guidelines specifically for my clients:
Ensure your employees know that it is your right to monitor computer activities in your workplace on your equipment. This includes but is not limited to email use, Internet use, and use of general applications for personal reasons and monitoring may be done through history file review, deleted file recovery, duplicated email delivery or direct surveillance. Monitoring may also include installation of network and/or individual PC software which transparently track Internet and email usage as well as keystrokes.
Set firm policies regarding personal Internet use if you allow it. It is suggested that personal Internet surfing be kept to a minimum and that all 3rd party email sites such as Hotmail and Yahoo mail be forbidden.
Do not allow chat and instant messaging programs to be activated and used unless specifically required by the employees job position and will be used for business use.
If you want to block access for all users to specific sites, this can be done for most of my clients at the router level.
If you want to block specific users from accessing the Internet completely, this can be done for most of my clients at the router level
Set approved Internet Start Pages. Suggestions are Google or Yahoo. Of course, if you have an Intranet, require that all users open to that page first to get current company information.
Forbid users from subscribing to any mail lists or message boards without approval.
Forbid users from using their company email addresses to sign up for ANYTHING on the Internet unless approved. The most harmless appearing websites can be used for gathering email address for spam solicitations or the sites may not implement security policies which prevent email addresses from being farmed from their website.
If you have users that are receiving excessive spam, change their email address. This can be done with temporary parallel email addresses which will almost completely prevent any loss of legitimate business emails.
Do not permit users to install any unauthorized / unapproved programs both web based and application based. Keep your systems simple and they will be much more cost effective for you to maintain and they will operate more efficiently. Web based programs are a MAJOR source of worms and Spybots. Do not allow any additional search bars, backgrounds, smilies, screensavers, or similar programs to be installed without authorization. Below, please find a table of suggested forbidden and approved programs:
Suggested Forbidden Programs
Basic List of Approved Programs
(may vary by client)
If you ever have any question as to what should or should not be installed, ask first, and install only after approval!