Confusion over Internet use in the workplace

Acceptable Use Policies poorly understood or non-existent at a majority of British firms

- 31% of British firms donít have an acceptable use policy (AUP)
- Blogging not covered at all by those companies who do
- Only a small percentage of AUPs cover IM and Web mail

A recent survey by network content technology firm Chronicle Solutions has shown that British companies have a long way to go in order to protect themselves and employees from abnormal Internet practices at the office.

More than 30% of respondents said they did not have an acceptable use policy (AUP) for the Internet at work, and of those who did, 94% said they had not read it recently. A full 42% said they had not read it in the last year, whilst 33% could not recall when they had seen it last.

Perhaps most interestingly, given the recent media attention paid to the petiteanglaise case, blogging appears to have slipped from anyoneís list of prescribed online activities in the workplace. Literally no one surveyed indicated blogging as an Internet activity banned or even covered by their employerís AUP.

David Lacey, Internet security consultant and founder of the Jericho Forum, commented: ìThese findings are a matter of serious concern. Corporate reputations can be damaged by errant bloggers, fraud can be perpetrated via email, proprietary information can be leaked or sold for profit, private employee data can be shared, sexual harassment can be perpetrated, all on workplace PCs. Instant messaging and Web mail in particular are two of the most persistent vectors of information leakage, yet even those look to be absent from most AUPs.î

The survey also found that less than 5% of AUPs cover P2P file sharing, and that only 33% of employers ask new hires to read, agree and then sign off on the company acceptable use policy when they join. Astoundingly, the survey also showed that a massive 80% of respondents arenít certain if there are penalties for breaching their companyís AUP.

Alan Watkins, executive chairman of Chronicle Solutions, commented: ìThe apparent reluctance of employers in the UK to develop and then enforce well-defined policies for the use of company computing assets, leaves them exposed to a universe of potential hazards. British companies must take steps to implement, regularly update and then police a comprehensive AUP and ensure that all employees understand their responsibilities.î