Employee viewing of porn sites can be troubling for many reasons, not the least of which is that accessing such a site through an employer’s equipment or network can leave the entire system vulnerable to cyberattack. And if it isn’t porn, it’s probably Facebook (which might involve its own kind of porn).
Either way, activities that employees might view as harmless ways of taking a break from work while looking busy could be anything but harmless.
At the Nonprofit Risk Management Center 2016 Risk Summit, Jim Jackson, director of campus operations and IT at Momentous Institute, and Paul Henry, network administrator/engineer at Momentous Institute, encouraged the adoption of an Acceptable Use Policy to be given out to all employees by any organization using IT technology (in other words, any organization).
When formulating such a policy, they said, an organization should remember the following Do’s:
- Make the organization’s policy clear and implementable by users. Avoid terms like “reasonable” and “not appropriate;”
- Make the policy enforceable. Be sure IT and management have the tools they need to monitor as necessary;
- Be sure the organization’s policy is flexible so that it can keep in step with changes in technology and security threats; and,
- Have each and every user sign the policy, acknowledging their acceptance of and understanding of the policy.