Bug Watch: Each week vnunet.com asks a different expert from the IT security world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats.
This week, following the recent mass dismissals at Orange for inappropriate use of company emails, Matt Tomlinson, business development director at MIS Corporate Defence Solutions, highlights the legal implications and costs your business could suffer through a lack of correct email and internet policies.
Would you or your employer think it acceptable to photocopy and post your CVs, call a chatline, play cards with colleagues, read a top-shelf magazine or copy sensitive company literature to distribute to anyone you choose inside of work hours?
Of course not, yet this happens all the time through the internet during office hours. Each day at work thousands of people are surfing cyberspace, downloading inappropriate images, sending joke emails and checking the latest sporting results.
This leads to low productivity, expensive internet access bills, network degradation and in some cases legal liabilities, all of which costs your company money. The question is: can employees be dismissed for this? The answer is yes, if a correct e-policy has been enforced.
The latest case of workplace email and internet misuse hit the news when Orange dismissed nearly 40 staff last week for downloading pornographic material from the internet. Had Orange not had an e-policy in place the actions of its employees could have placed it in direct breach of the 1984 Telecommunications Act and the 1959 Obscene Publications Act. Under the conditions of its e-policy, Orange had every right to sack these employees.
As use of the internet and email increases in the workplace, companies need to protect against the possibility of breaking legislation and the ensuing legal costs that can follow. Many are unaware that the Data Protection Act and Computer Misuse Act are relevant to businesses.
Libel, sexual and racial harassment are as applicable to email as to any other means of communication or written document, and stand as admissible evidence in a court of law, meaning that appropriate care should be taken when sending any messages via the internet.
By creating, implementing and enforcing an e-policy, companies can place the responsibility of staying within the parameters of the legislation with the individual thereby reducing the threat of court action against themselves. Seen as an enabling business tool an e-policy can also help to reduce the amount of time employees waste sending joke emails and so-called leisure surfing.
As with any company policy, employees need to be educated about its content regularly. It's all very well adding a policy on to the terms and conditions of employment, but how often is this seen after the initial signing? Refreshers about the policy should take place frequently, perhaps once a quarter or through blanket emails.
Disciplinary procedures should also be made clear so that 'unfair dismissal' is not an option. A clear set of guidelines such as a verbal followed by written warning followed by dismissal leave employees in no doubt about where they stand. Policies also need to be updated regularly, for example, a policy from two years ago may not include a section on MP3.
In follow up to Orange, are there to be more dismissals on the horizon? There is no doubt that as more companies begin to enforce their correct usage policies, employees that fail to adhere to them will certainly be legally dismissed through gross misconduct of company rules.
Next edition: 15 September
See also:
The VBS.Funny.A virus that we saw this week was yet another variant using VBS.NewLove.A code, which caused several antivirus companies to hastily send out alerts. 22 Sep 2000
HSBC's UK internet site and three of its international sites have been hacked as part of an ongoing campaign in support of the fuel protest. 20 Sep 2000Antivirus vendors are sometimes very helpful in their regular warnings over new virus threats. However, some have been accused of issuing alerts over viruses which pose little or no threat at all. 15 Sep 2000This week saw the arrival of the Liberty program, highlighting again the threat of a virus attack on mobile devices. 01 Sep 2000When a destructive computer virus gets to work on your PC's hard drive, the effects are usually all too clear to see - visible signs of infection include on-screen messages, graphic effects or, worst of all, loss of data. 24 Aug 2000VBS.LoveLetter.BD, a distant variant of the original VBS.LoveLetter.A virus, was unleashed this week, probably making its first appearance from Switzerland. 18 Aug 2000The end of last week saw further exploitation of UK company websites by what is a recurring threat in the IT world - the hacker. Five companies were hacked last week, but not by bored 'script kiddies', or those who do it just for fun. Three of the hacks were executed by GForce, a group which aims to raise awareness of the Indian government's treatment of Kashmir nationals. 11 Aug 2000Sophos's 24-hour technical support team has seen a notable increase in virus hoaxes lately. Not only are more hoaxes being reported but the new ones also seem to be becoming increasingly far fetched. Yet, no matter how bizarre and improbable they sound, people still fall for them. 04 Aug 2000All Hacking
del.icio.us
Digg this
reddit!
