You have just been hired as the Security Manager of a medium-sized Financial Services company employing 250 people in New Hampshire, and have been asked to write two new security policies for this company. The first one is an e-mail policy for employees concentrating on the personal use of company resources. The second policy is that of WIFI and Internet use within the company.

Page Contents

QUESTION

Creating Company E-mail/WIFI/Internet Use Policies

There are many resources available on the web so researching these topics and policies should be easy. The most difficult part of this exercise will be determining how strict or how lenient you want to make these policies for this particular company.

Plan:

You are asked to create two separate policies on the use of EMAIL and a WIFI/INTERNET USE within the company.

Be specific in your terms and conditions of use. Consider these items to be included in your policies (as applicable).

1. Overview

2. Purpose

3. Scope

4. Policy

5. Policy Compliance

6. Related Standards, Policies and Processes

7. Definitions and Terms

ANSWER

Email Policy

1. Overview:
This policy outlines the guidelines and restrictions for the use of company-provided email services by employees of the financial services company. It aims to ensure the efficient and secure use of email resources while minimizing risks associated with personal use and inappropriate content.

2. Purpose:
The purpose of this policy is to establish clear expectations regarding the appropriate use of company email accounts, protect sensitive information, maintain productivity, and prevent the misuse of company resources.

3. Scope:
This policy applies to all employees, contractors, consultants, and any other personnel granted access to company email services.

4. Policy:
4.1. Authorized Use:
a. Company email accounts are provided solely for business purposes related to the financial services company. Personal use of email should be limited and should not interfere with work responsibilities.
b. Email should be used in a professional and respectful manner, adhering to the company’s code of conduct and ethical standards.

4.2. Prohibited Use:
a. Employees must not use company email accounts for any illegal activities, including but not limited to sending or receiving unauthorized, copyrighted, or confidential materials.
b. Employees must not use email for personal financial gain, solicitation, or promotion of personal business ventures, unless explicitly approved by management.
c. Sharing of account credentials, unauthorized access to others’ email accounts, or attempts to intercept or forge emails is strictly prohibited.
d. Employees must not send or forward chain letters, spam, or any form of unsolicited bulk email.
e. Transmission of offensive, harassing, defamatory, or discriminatory content via email is strictly prohibited.

4.3. Data Security:
a. Employees are responsible for ensuring the confidentiality and integrity of company data shared through email. Sensitive information should be encrypted or password-protected when necessary.
b. Attachments or downloads from unknown or suspicious sources should not be opened or accessed.
c. Employees should report any suspected security breaches or incidents involving email promptly to the IT department.

4.4. Monitoring:
a. The company reserves the right to monitor email usage to ensure compliance with this policy and applicable laws.
b. Monitoring activities may include the review of email content, attachments, and recipients.

5. Policy Compliance:
5.1. Violations of this policy may result in disciplinary action, including but not limited to verbal or written warnings, suspension, termination of employment, or legal consequences, depending on the severity of the violation.
5.2. Employees are required to review and acknowledge their understanding and compliance with this policy.

6. Related Standards, Policies, and Processes:
a. Acceptable Use Policy
b. Data Protection and Privacy Policy
c. Information Security Policy
d. Code of Conduct

7. Definitions and Terms:
a. Company email accounts: Email addresses and associated services provided by the company for business purposes.
b. Sensitive information: Any confidential, proprietary, or personal information protected by applicable laws or company policies.
c. Chain letters: Emails that request the recipient to forward the message to multiple individuals.

WIFI and Internet Use Policy

1. Overview:
This policy establishes guidelines and restrictions for the use of company-provided Wi-Fi and Internet resources by employees of the financial services company. It aims to ensure secure and productive use while minimizing risks associated with unauthorized access and inappropriate content.

2. Purpose:
The purpose of this policy is to define acceptable use of Wi-Fi and Internet services, protect company data and systems, maintain network performance, and prevent unauthorized activities.

3. Scope:
This policy applies to all employees, contractors, consultants, and any other personnel granted access to the company’s Wi-Fi and Internet services.

4. Policy:
4.1. Authorized Use:

a. Company Wi-Fi and Internet services are provided solely for business-related activities necessary for job functions.
b. Limited personal use of Wi-Fi and Internet during non-work hours is permitted as long as it does not interfere with work responsibilities.

4.2. Prohibited Use:
a. Employees must not use company Wi-Fi and Internet services for any illegal activities or access unauthorized websites, including those containing explicit, offensive, or discriminatory content.
b. Downloading, sharing, or distributing copyrighted materials without proper authorization is strictly prohibited.
c. Employees must not use the company’s Wi-Fi and Internet services to access personal email, social media, or other non-work-related websites excessively or during working hours.
d. Unauthorized modification, hacking, or attempting to gain unauthorized access to network resources or other users’ devices is strictly prohibited.

4.3. Security:
a. Employees must not disable or circumvent any security measures implemented by the company to protect the Wi-Fi and Internet services.
b. Employees should refrain from using public Wi-Fi networks without proper security measures when conducting work-related activities.

4.4. Bandwidth and Network Resources:
a. Employees should use Wi-Fi and Internet resources responsibly and avoid activities that consume excessive bandwidth or impact network performance.
b. Non-work-related activities, such as streaming video or audio content, should be limited to non-work hours.

5. Policy Compliance:
5.1. Non-compliance with this policy may result in disciplinary action, including but not limited to verbal or written warnings, suspension, termination of employment, or legal consequences, depending on the severity of the violation.
5.2. Employees are required to review and acknowledge their understanding and compliance with this policy.

6. Related Standards, Policies, and Processes:
a. Acceptable Use Policy
b. Information Security Policy
c. Data Protection and Privacy Policy
d. Network Access Control Policy

7. Definitions and Terms:
a. Wi-Fi and Internet services: Network connectivity and associated services provided by the company.
b. Unauthorized websites: Websites that are prohibited by the company due to their content or potential security risks.
c. Network resources: Devices, systems, and network infrastructure provided by the company for employees to access the network.

Frequently Asked Questions

Here are some frequently asked questions (FAQs) that may arise regarding the email and Wi-Fi/Internet use policies:

Email Policy FAQs:

Q1: Can employees use their company email accounts for personal use? A1: Personal use of company email accounts should be limited and should not interfere with work responsibilities. While some personal use may be allowed, it should be kept to a minimum.

Q2: What types of content should not be sent via company email? A2: Employees should not send or forward offensive, harassing, defamatory, discriminatory, or illegal content via company email. Additionally, unauthorized, copyrighted, or confidential materials should not be sent without proper authorization.

Q3: Is it permissible to share email account credentials with colleagues? A3: No, sharing email account credentials with others is strictly prohibited. Each employee should be responsible for their own email account and must not access or attempt to access others’ accounts without proper authorization.

Q4: How should employees handle suspected security breaches or incidents involving email? A4: Employees should promptly report any suspected security breaches or incidents involving email to the IT department or the designated contact for such incidents.

Wi-Fi and Internet Use Policy FAQs:

Q1: Can employees use the company’s Wi-Fi and Internet for personal purposes? A1: Limited personal use of Wi-Fi and Internet during non-work hours is generally permitted as long as it does not interfere with work responsibilities. However, excessive personal use or accessing unauthorized websites is prohibited.

Q2: Are there any restrictions on accessing non-work-related websites or social media during working hours? A2: Yes, accessing non-work-related websites or social media excessively during working hours is discouraged. It is important to prioritize work tasks and ensure that personal internet usage does not negatively impact productivity.

Q3: Can employees use public Wi-Fi networks for work-related activities? A3: Employees should avoid using public Wi-Fi networks without proper security measures when conducting work-related activities. It is recommended to use secure and trusted networks to protect sensitive company information.

Q4: What should employees do if they suspect a security breach or unauthorized access to the company’s Wi-Fi and Internet? A4: Employees should report any suspected security breaches, unauthorized access, or unusual network activity to the IT department or the designated contact for such incidents.

Complete Answer: