Companies may want to implement an internet use policy for a variety of reasons; they may be concerned about employee access to social media at work or want to ensure the firm’s reputation can’t be affected by employees accessing questionable sites. Naturally the issue can be a sensitive one as employees may feel ‘censored’ and untrustworthy; businesses should take sufficient steps to ensure employees understand why an internet use policy has been implemented.

Step 1: Understand your company’s online needs

 Businesses need the internet for different reasons. A web design company will need broader access to the internet than a florist that takes online orders. Before you can create a web use policy, you must analyse and understand exactly why your employees use the internet, and what areas they need access to. During this stage you should consider:
  • What tools they require (email, web sites, FTP, social media)
  • To what extent they require them (constant monitoring, twice a day, once a week)
  • How the tools could be misused (e.g. social media used to post inappropriate messages).
Bear in mind that there are a host of legal implications if you decide to monitor employees’ internet traffic, so it is not advisable to gather your data using this method. If you do choose to monitor communications data, you should look to gather anonymous usage data rather than a breakdown of what sites are being visited by who and when.

Step 2: Draft an internet usage policy

With the insights gained, you can then draft an internet use policy for your business.

Generally, you should:
  • Keep it straightforward and simple to understand to avoid misunderstandings
  • You may wish to focus on what employees can do rather than what they can’t do
  • Avoid using blanket phrases such as ‘social media’ because they mean different things to different people. Mention specific sites so that employees are not confused
  • Make provisions for all internet activities employees may engage in so the policy is all-encompassing
  • Ensure you have a regular review date built into the policy itself
  • Avoid using negative phrases like ‘banned’.
It is possible to break the internet use policy down to the employee level, but it is not advisable as staff may feel victimised if you create individual internet use policies, especially those who regard their own as particularly harsh.

However, breaking it down by department may be necessary if, for example, you need to give the marketing department full access to social media sites but want to discourage other employees from logging on at work.

Step 3: Announce the internet use policy

This is the most important step because all employees must be aware of exactly what is expected of them. You should also bear in mind that some employees will consider an internet use policy to be rigid and inflexible, while others will consider it to be more like ‘guidelines.’

Here are some tips to help your announcement go smoothly:
  • If the policy is different per department or section, ensure the announcement is tailored to the audience
  • Allow questions to be asked both publically and privately/anonymously – this will go a long way to ensuring the policy is implemented successfully in the long-term
  • Ensure there is an adjustment period where questions are still welcome, although you should stress that you are always open to feedback
  • Make sure you address the topic of communications monitoring – employees will naturally be concerned about ‘spying’.

Step 4: Enforce the policy with internet filters

This is an optional step depending on how you would like to see your internet use policy enforced. Some companies are happy to leave it up to the discretion of employees, but others would like more tangible enforcement.

Filters can enforce your policy in a number of ways:
  • Time-based filters: allows you to enforce rules differently based on the time of day access is requested
  • Site blocking: prevents employees from accessing sites prohibited in your policy
  • Bandwidth control: stops employees from using up more than their fair share of the company’s internet connection, for example by streaming music
  • Anti-virus and anti-malware: helps stop employees from picking up rogue software
  • Administrator rights: by giving employees non-administrator accounts to their PCs you can ensure they won’t be able to install harmful software.

Remote connectivity

Employees are increasingly acting on company business remotely, for example, by connecting to the internet via a mobile device. You may need to extend your policy to include the use of mobile devices, and also to cover internet access on company property. This will ensure that even if a company-issued tablet is not being used for business purposes, you can help ensure that the employee can’t bring the company into disrepute by using it for personal use.


Also bear in mind that policies will need to change as your business changes. Ensure there is a way for staff to offer feedback; it’s possible that you made a mistake and have accidentally restricted legitimate usage. If there’s no way for staff to redress this, not only will you be reducing their productivity but potentially alienating them.