There are around 350,000 Micro, Small and Medium Enterprises in New Zealand, companies with less than 5, 49 and 100 staff respectively.
These small and often nimble organisations shape the local economy and reflect a nation keen to tackle any challenge and invent products and services that will do well in the global market. But many SMEs struggle with the ever changing pace of technology, the impact it can have on employee behaviour and the need to set ground rules to ensure a safe and secure workplace.
Employers may struggle to set a clear policy around internet use – both the content being viewed and the time spent online; the management of BYOD and the security and privacy of business data being accessed from a range of locations in the age of a mobile workforce.
A good way to address internet safety and security concerns at work is to put in place an ICT policy and use agreement for all staff.
This kind of policy can spell out in plain English what staff can and cannot do in the workplace when it comes to technology. Setting clear guidelines and standards for the use of the internet and educating staff on the policy can help minimise the costs and risks incurred by the business.
What should I include in an acceptable use policy?
NetSafe have provided a basic document template that can be downloaded and adapted to suit your business.
Larger companies may wish to consult a lawyer or HR expert for further guidance on common staffing issues when it comes to using technology in the workplace. Use this sample agreement to start thinking about how your company approaches staff use of technology.
Your policy may include:
- The rules around who can access the internet through work devices;
- How staff are provided with internet access;
- The need for staff to use their own unique login to allow auditing;
- Prohibited activities on work devices and relevant New Zealand laws;
- The types of files staff can and cannot access or download;
- Email use and responsibilities when communicating outside the company;
- The impact on privacy through the monitoring of staff activities and recording of internet use;
- Rules around ‘acceptable’ personal use;
- The ownership of fixed and mobile devices or business assets;
- Audit policies and disciplinary procedures relating to misuse.
Many employers may also wish to create specific policies or include guidance on IT security, mobile security and the use of business Wi-Fi networks when staff use personal devices (BYOD).
Employers should also address the handling of sensitive data and put procedures in place so staff know where to report security incidents that may threaten business continuity.
More advice and information
- Download the example acceptable use policy (.rtf file)
- The Digital Journey website offers more advice on BYOD and security policies.
- The Privacy Commissioner has more advice for employers on monitoring staff internet use.