Nearly one-third of UK companies do not have acceptable use policies in place to guard against inappropriate staff use of the internet, research has found.
A survey of 250 IT professionals conducted by network content technology firm Chronicle Solutions found that for those who do have an acceptable use policy, 94% said they had not read it recently. Blogging, meanwhile, is not covered at all.
An acceptable use policy describes what is, and what isn’t, acceptable when it comes to IT and e-mail in the workplace. The survey also found that only one-third of employers ask new starters to read, agree and then sign off on the company acceptable use policy when they join.
Moreover, up to eight in 10 respondents ‘aren’t certain’ if there are penalties for breaching their company’s acceptable use policy.
David Lacey, internet security consultant and founder of IT security group the Jericho Forum, said: “Corporate reputations can be damaged by errant bloggers, fraud can be perpetrated via e-mail, proprietary information can be leaked or sold for profit, private employee data can be shared, sexual harassment can be perpetrated, all on workplace PCs. Instant messaging and web mail in particular are two of the most persistent vectors of information leakage, yet even those look to be absent from most acceptable use policies.”
Alan Watkins, executive chairman of Chronicle Solutions, added: “British companies must take steps to implement, regularly update and then police a comprehensive acceptable use policy and ensure that all employees understand their responsibilities.”