Developing a computer misuse policy11 March 2005
One of the biggest security threats to a business is the misuse of company computers. Employees could be viewing or downloading pornography or open email attachments that are infected with viruses. They may also be using their computers for purposes that are not business-related and installing software that could make you vulnerable.
A computer misuse policy is particularly useful if your company uses computers to create, share and store business information. The three main laws that will pertain to your computer misuse policy are - The Computer Misuse Act, The Copyright, Design and Patents Act, The Data Protection Act.
When drafting and distributing your policy some of the things you will need to consider are:
- The size and nature of your business, and the extent to which you depend on computers.
- The different laws and how your business could be open to violation in relation to these.
- The security threats a company faces. For example - the threat of obtaining and misusing usernames and passwords.
- The use of business information.
- The clarity of the policy so that it is easily understood by all.
Once you have drafted your policy distribution, awareness becomes key to how successful it is in protecting you against security threats and violation.
Make sure you publish your policy on your intranet where it is easily accessible. If your business is small, you can send the policy to every employee by email. The best form of assurance that everyone has read and understood the policy is to have a confirmation form sent back by staff that states that they have read and understood the policy. Invite your staff to ask questions where needs be - so it becomes more than just a document and something that is put in to practice.
